Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware and File opening (Win7 anti-virus) [Solved]

Started by JonK33 , Dec 13 2011 01:48 PM

  • This topic is locked This topic is locked

#1
JonK33
Posted 13 December 2011 - 01:48 PM

JonK33

    Member

  • Member
  • PipPip
  • 52 posts
Hello,

Yesterday I got a virus, which I recognized despite it being a false anti-malware program, I think called win7 antivirus. I thought I got rid of it as I had had it before and remembered it hides itself to I made all hidden files visable, found the exe and deleted it. It seemed to go away for a day but is back today stronger. It now has found a way to block me from opening any kind of file so I cant run my Ccleaner or CA anti-virus. In fact I only somehow managed to open the internet but I'm not sure how as it is blocking that as well, even in safe mode. Whenever I try to open a program it doesn't know what to run it with and wont let me.

OTL.txt:

OTL logfile created on: 12/13/2011 12:40:14 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.50 Gb Available Physical Memory | 81.39% Memory free
15.96 Gb Paging File | 14.43 Gb Available in Paging File | 90.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420.33 Gb Total Space | 352.25 Gb Free Space | 83.80% Space Free | Partition Type: NTFS
Drive D: | 30.48 Gb Total Space | 28.35 Gb Free Space | 93.01% Space Free | Partition Type: NTFS
Drive F: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BIGPAPAKOSAK | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/11/10 17:40:27 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/16 14:32:22 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
PRC - [2011/05/18 11:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/12/22 16:19:04 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2010/01/08 17:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/01/08 17:30:28 | 000,234,032 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/01/08 17:29:34 | 000,606,768 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe
PRC - [2010/01/08 16:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2008/05/05 09:05:55 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) -- C:\SIMULIA\Documentation\monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 17:40:27 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/06/01 00:56:58 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/01/08 17:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2010/01/08 17:30:56 | 000,006,192 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/12 16:34:21 | 000,291,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/09/13 13:13:35 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/09/13 13:13:35 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/09/13 13:13:35 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/04/04 11:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/27 18:53:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/13 14:48:52 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/29 23:27:00 | 000,069,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe -- (Slidebar Notifier Service)
SRV - [2011/09/16 14:32:22 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
SRV - [2011/05/18 11:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/12/22 16:19:04 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/12/20 22:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 17:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 17:30:28 | 000,234,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 16:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/05 09:05:55 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) [Auto | Running] -- C:\SIMULIA\Documentation\monitor.exe -- (Texis Monitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/29 09:40:08 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/07/29 09:40:08 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/07/29 09:40:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/05/18 11:12:07 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/22 03:40:58 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/12 03:07:00 | 001,396,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/08 12:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/11/05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/20 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/07/27 19:22:14 | 007,450,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/27 18:16:52 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/07 21:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/05/24 05:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/04/23 18:27:44 | 000,057,072 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam.sys -- (JmUsbVideo)
DRV:64bit: - [2010/04/23 18:27:32 | 000,031,344 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam_lo.sys -- (JmUsbVideo2)
DRV:64bit: - [2010/04/09 00:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/26 00:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/02/05 08:23:40 | 000,017,904 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmccgp.sys -- (JmUsbCcgp)
DRV:64bit: - [2010/01/15 14:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 14:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 14:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/15 11:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/08 16:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/10/18 17:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/08/06 05:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://watchgamefilm....aspx?team=2353
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/06 11:16:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 17:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:40:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/06 11:16:11 | 000,000,000 | ---D | M]

[2011/06/01 00:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Extensions
[2011/06/01 00:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\xliaedk5.default\extensions
[2011/08/01 00:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/01 00:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/06 11:16:11 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/08/01 00:39:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.56.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D31E2EB-7C50-4A37-BF31-E76917D169B7}: DhcpNameServer = 10.1.56.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DCA788-4022-4C62-BF8E-66F024ACAC3D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FAB196B-A295-4E95-BE93-B32EE545D2E3}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - UmxWnp.Dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/24 21:56:52 | 000,000,046 | -H-- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c400657f-0988-11e1-9da6-889ffae0b821}\Shell - "" = AutoRun
O33 - MountPoints2\{c400657f-0988-11e1-9da6-889ffae0b821}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d5e78c50-5430-11e0-841a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d5e78c50-5430-11e0-841a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe -- [2010/05/24 21:56:52 | 002,505,256 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = WJs] -- "C:\Users\Jon\AppData\Local\nhy.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 12:39:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.scr
[2011/12/12 15:50:47 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/11/19 11:30:54 | 000,000,000 | ---D | C] -- C:\Test material

========== Files - Modified Within 30 Days ==========

[2011/12/13 12:39:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.scr
[2011/12/13 12:39:31 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 12:39:31 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 12:35:17 | 000,007,605 | ---- | M] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
[2011/12/13 12:32:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/13 12:32:08 | 2132,209,663 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/13 12:25:35 | 000,062,284 | ---- | M] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2011/12/13 12:25:35 | 000,048,169 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2011/12/13 12:16:28 | 000,010,632 | -HS- | M] () -- C:\Users\Jon\AppData\Local\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/13 12:16:28 | 000,010,632 | -HS- | M] () -- C:\ProgramData\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/13 12:11:37 | 000,384,512 | ---- | M] () -- C:\Users\Jon\Documents\1SwtJH5.exe
[2011/12/12 14:59:23 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/12 14:14:26 | 000,011,654 | -HS- | M] () -- C:\Users\Jon\AppData\Local\466854s6s482j726v103v8aqt4l4
[2011/12/12 14:14:26 | 000,011,654 | -HS- | M] () -- C:\ProgramData\466854s6s482j726v103v8aqt4l4
[2011/12/08 11:32:43 | 000,000,973 | ---- | M] () -- C:\Users\Jon\Desktop\Dropbox.lnk
[2011/12/08 11:32:43 | 000,000,953 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/30 15:22:10 | 000,001,131 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/11/21 22:37:55 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/11/21 22:37:55 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/11/21 22:37:55 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/11/21 15:38:42 | 000,008,828 | ---- | M] () -- C:\Users\Jon\abaqus_v6.11.gpr

========== Files Created - No Company Name ==========

[2011/12/13 12:35:17 | 000,007,605 | ---- | C] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
[2011/12/13 12:11:37 | 000,384,512 | ---- | C] () -- C:\Users\Jon\Documents\1SwtJH5.exe
[2011/12/13 12:11:32 | 000,010,632 | -HS- | C] () -- C:\Users\Jon\AppData\Local\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/13 12:11:32 | 000,010,632 | -HS- | C] () -- C:\ProgramData\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/12 14:59:23 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/12 13:46:10 | 000,011,654 | -HS- | C] () -- C:\Users\Jon\AppData\Local\466854s6s482j726v103v8aqt4l4
[2011/12/12 13:46:10 | 000,011,654 | -HS- | C] () -- C:\ProgramData\466854s6s482j726v103v8aqt4l4
[2011/07/29 15:09:29 | 000,012,228 | -HS- | C] () -- C:\ProgramData\2o73m1e6208xfb04w11p2xoj4byi6846j
[2011/07/29 15:09:29 | 000,012,216 | -HS- | C] () -- C:\Users\Jon\AppData\Local\2o73m1e6208xfb04w11p2xoj4byi6846j
[2011/07/06 11:13:54 | 000,164,653 | ---- | C] () -- C:\windows\hpoins29.dat
[2011/07/06 11:13:54 | 000,000,457 | ---- | C] () -- C:\windows\hpomdl29.dat
[2011/03/21 20:28:53 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/21 20:19:39 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/21 20:19:39 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/21 20:19:23 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/21 20:07:59 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/03/21 20:02:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/12/01 22:52:05 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/01 00:58:34 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\acccore
[2011/12/13 11:46:20 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Dropbox
[2011/06/01 00:50:29 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Lenovo
[2011/07/29 20:47:40 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Utililab
[2011/06/01 01:52:52 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\WindSolutions
[2011/10/31 08:26:57 | 000,032,626 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >
  • 0

Advertisements

#2
JonK33
Posted 13 December 2011 - 02:24 PM

JonK33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Additional note: I managed to run my Ccleaner as administrator to let it run, now running my CA security center but Please reply because I was able to do this before but it didn't fully erase the virus. CA says it is XP Internet Security 2010 that it found. I will run the OTL after doing these 2 things and post it.


OTL.txt:

OTL logfile created on: 12/13/2011 1:22:36 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.18 Gb Available Physical Memory | 77.46% Memory free
15.96 Gb Paging File | 14.04 Gb Available in Paging File | 87.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420.33 Gb Total Space | 352.25 Gb Free Space | 83.80% Space Free | Partition Type: NTFS
Drive D: | 30.48 Gb Total Space | 28.35 Gb Free Space | 93.01% Space Free | Partition Type: NTFS
Drive F: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BIGPAPAKOSAK | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/13 12:46:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Downloads\OTL.exe
PRC - [2011/12/13 12:39:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.scr
PRC - [2011/11/10 17:40:27 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/16 14:32:22 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
PRC - [2011/05/18 11:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/05/03 08:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/12/22 16:19:04 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2010/01/08 17:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/01/08 17:30:28 | 000,234,032 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/01/08 17:29:34 | 000,606,768 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe
PRC - [2010/01/08 16:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2008/05/05 09:05:55 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) -- C:\SIMULIA\Documentation\monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 17:40:27 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/06/01 00:56:58 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/03 08:38:52 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/01/08 17:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2010/01/08 17:30:56 | 000,006,192 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/12 16:34:21 | 000,291,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/09/13 13:13:35 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/09/13 13:13:35 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/09/13 13:13:35 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/04/04 11:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/27 18:53:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/13 14:48:52 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/29 23:27:00 | 000,069,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe -- (Slidebar Notifier Service)
SRV - [2011/09/16 14:32:22 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
SRV - [2011/05/18 11:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/12/22 16:19:04 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 17:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 17:30:28 | 000,234,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 16:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/05 09:05:55 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) [Auto | Running] -- C:\SIMULIA\Documentation\monitor.exe -- (Texis Monitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/29 09:40:08 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/07/29 09:40:08 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/07/29 09:40:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/05/18 11:12:07 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/22 03:40:58 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/12 03:07:00 | 001,396,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/08 12:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/11/05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/20 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/07/27 19:22:14 | 007,450,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/27 18:16:52 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/07 21:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/05/24 05:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/04/23 18:27:44 | 000,057,072 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam.sys -- (JmUsbVideo)
DRV:64bit: - [2010/04/23 18:27:32 | 000,031,344 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam_lo.sys -- (JmUsbVideo2)
DRV:64bit: - [2010/04/09 00:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/26 00:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/02/05 08:23:40 | 000,017,904 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmccgp.sys -- (JmUsbCcgp)
DRV:64bit: - [2010/01/15 14:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 14:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 14:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/15 11:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/08 16:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/10/18 17:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/08/06 05:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://watchgamefilm....aspx?team=2353
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/06 11:16:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 17:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:40:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/06 11:16:11 | 000,000,000 | ---D | M]

[2011/06/01 00:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Extensions
[2011/06/01 00:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\xliaedk5.default\extensions
[2011/08/01 00:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/01 00:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/06 11:16:11 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/08/01 00:39:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.56.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D31E2EB-7C50-4A37-BF31-E76917D169B7}: DhcpNameServer = 10.1.56.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DCA788-4022-4C62-BF8E-66F024ACAC3D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FAB196B-A295-4E95-BE93-B32EE545D2E3}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/24 21:56:52 | 000,000,046 | -H-- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c400657f-0988-11e1-9da6-889ffae0b821}\Shell - "" = AutoRun
O33 - MountPoints2\{c400657f-0988-11e1-9da6-889ffae0b821}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d5e78c50-5430-11e0-841a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d5e78c50-5430-11e0-841a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe -- [2010/05/24 21:56:52 | 002,505,256 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 12:39:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.scr
[2011/12/12 15:50:47 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/11/19 11:30:54 | 000,000,000 | ---D | C] -- C:\Test material

========== Files - Modified Within 30 Days ==========

[2011/12/13 12:39:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.scr
[2011/12/13 12:39:31 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 12:39:31 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 12:35:17 | 000,007,605 | ---- | M] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
[2011/12/13 12:32:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/13 12:32:08 | 2132,209,663 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/13 12:25:35 | 000,062,284 | ---- | M] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2011/12/13 12:25:35 | 000,048,169 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2011/12/13 12:25:35 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2011/12/13 12:25:35 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2011/12/13 12:16:28 | 000,010,632 | -HS- | M] () -- C:\Users\Jon\AppData\Local\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/13 12:16:28 | 000,010,632 | -HS- | M] () -- C:\ProgramData\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/13 12:11:37 | 000,384,512 | ---- | M] () -- C:\Users\Jon\Documents\1SwtJH5.exe
[2011/12/12 14:59:23 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/12 14:14:26 | 000,011,654 | -HS- | M] () -- C:\Users\Jon\AppData\Local\466854s6s482j726v103v8aqt4l4
[2011/12/12 14:14:26 | 000,011,654 | -HS- | M] () -- C:\ProgramData\466854s6s482j726v103v8aqt4l4
[2011/12/08 11:32:43 | 000,000,973 | ---- | M] () -- C:\Users\Jon\Desktop\Dropbox.lnk
[2011/12/08 11:32:43 | 000,000,953 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/30 15:22:10 | 000,001,131 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/11/21 22:37:55 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/11/21 22:37:55 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/11/21 22:37:55 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/11/21 15:38:42 | 000,008,828 | ---- | M] () -- C:\Users\Jon\abaqus_v6.11.gpr

========== Files Created - No Company Name ==========

[2011/12/13 12:35:17 | 000,007,605 | ---- | C] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
[2011/12/13 12:11:37 | 000,384,512 | ---- | C] () -- C:\Users\Jon\Documents\1SwtJH5.exe
[2011/12/13 12:11:32 | 000,010,632 | -HS- | C] () -- C:\Users\Jon\AppData\Local\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/13 12:11:32 | 000,010,632 | -HS- | C] () -- C:\ProgramData\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/12 14:59:23 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/12 13:46:10 | 000,011,654 | -HS- | C] () -- C:\Users\Jon\AppData\Local\466854s6s482j726v103v8aqt4l4
[2011/12/12 13:46:10 | 000,011,654 | -HS- | C] () -- C:\ProgramData\466854s6s482j726v103v8aqt4l4
[2011/07/29 15:09:29 | 000,012,228 | -HS- | C] () -- C:\ProgramData\2o73m1e6208xfb04w11p2xoj4byi6846j
[2011/07/29 15:09:29 | 000,012,216 | -HS- | C] () -- C:\Users\Jon\AppData\Local\2o73m1e6208xfb04w11p2xoj4byi6846j
[2011/07/06 11:13:54 | 000,164,653 | ---- | C] () -- C:\windows\hpoins29.dat
[2011/07/06 11:13:54 | 000,000,457 | ---- | C] () -- C:\windows\hpomdl29.dat
[2011/03/21 20:28:53 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/21 20:19:39 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/21 20:19:39 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/21 20:19:23 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/21 20:07:59 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/03/21 20:02:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/12/01 22:52:05 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/01 00:58:34 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\acccore
[2011/12/13 11:46:20 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Dropbox
[2011/06/01 00:50:29 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Lenovo
[2011/07/29 20:47:40 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Utililab
[2011/06/01 01:52:52 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\WindSolutions
[2011/10/31 08:26:57 | 000,032,626 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >
  • 0

#3
Essexboy
Posted 17 December 2011 - 08:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay - could you run a fresh OTL scan for me


  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, there will be just one log.
  • Post this log

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#4
JonK33
Posted 17 December 2011 - 06:18 PM

JonK33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
OTL log:

OTL logfile created on: 12/17/2011 4:55:34 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 73.19% Memory free
15.96 Gb Paging File | 13.64 Gb Available in Paging File | 85.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420.33 Gb Total Space | 350.93 Gb Free Space | 83.49% Space Free | Partition Type: NTFS
Drive D: | 30.48 Gb Total Space | 28.35 Gb Free Space | 93.01% Space Free | Partition Type: NTFS
Drive F: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BIGPAPAKOSAK | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/13 12:39:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.scr
PRC - [2011/12/05 12:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/11/10 17:40:27 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/16 14:32:28 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe
PRC - [2011/09/16 14:32:22 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
PRC - [2011/05/18 11:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/05/03 08:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2011/03/21 20:19:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011/03/21 20:19:33 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/12/22 16:19:04 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2010/06/13 14:48:52 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/02/03 15:48:12 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2010/01/24 03:47:46 | 001,021,888 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
PRC - [2010/01/08 17:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/01/08 17:30:28 | 000,234,032 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/01/08 16:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2008/05/05 09:05:55 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) -- C:\SIMULIA\Documentation\monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 17:40:27 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/06/01 00:56:58 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/03 08:38:52 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2011/03/21 20:19:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011/03/21 20:19:33 | 000,492,896 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011/03/21 16:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/18 07:49:24 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2010/10/18 07:46:22 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010/01/08 17:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2010/01/08 17:30:56 | 000,006,192 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/12 16:34:21 | 000,291,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/09/13 13:13:35 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/09/13 13:13:35 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/09/13 13:13:35 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/04/04 11:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/27 18:53:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/13 14:48:52 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/29 23:27:00 | 000,069,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe -- (Slidebar Notifier Service)
SRV - [2011/09/16 14:32:22 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
SRV - [2011/05/18 11:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/12/22 16:19:04 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 17:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 17:30:28 | 000,234,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 16:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/05 09:05:55 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) [Auto | Running] -- C:\SIMULIA\Documentation\monitor.exe -- (Texis Monitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/29 09:40:08 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/07/29 09:40:08 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/07/29 09:40:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/05/18 11:12:07 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/22 03:40:58 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/12 03:07:00 | 001,396,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/08 12:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/11/05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/20 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/07/27 19:22:14 | 007,450,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/27 18:16:52 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/07 21:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/05/24 05:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/04/23 18:27:44 | 000,057,072 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam.sys -- (JmUsbVideo)
DRV:64bit: - [2010/04/23 18:27:32 | 000,031,344 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam_lo.sys -- (JmUsbVideo2)
DRV:64bit: - [2010/04/09 00:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/26 00:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/02/05 08:23:40 | 000,017,904 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmccgp.sys -- (JmUsbCcgp)
DRV:64bit: - [2010/01/15 14:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 14:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 14:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/15 11:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/08 16:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/10/18 17:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/08/06 05:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2848235134-1050904035-71881968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://watchgamefilm....aspx?team=2353
IE - HKU\S-1-5-21-2848235134-1050904035-71881968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2848235134-1050904035-71881968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/06 11:16:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 17:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:40:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/06 11:16:11 | 000,000,000 | ---D | M]

[2011/06/01 00:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Extensions
[2011/06/01 00:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\xliaedk5.default\extensions
[2011/12/13 20:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/01 00:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/06 11:16:11 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/08/01 00:39:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2848235134-1050904035-71881968-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D31E2EB-7C50-4A37-BF31-E76917D169B7}: DhcpNameServer = 10.1.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DCA788-4022-4C62-BF8E-66F024ACAC3D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FAB196B-A295-4E95-BE93-B32EE545D2E3}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/24 21:56:52 | 000,000,046 | -H-- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c400657f-0988-11e1-9da6-889ffae0b821}\Shell - "" = AutoRun
O33 - MountPoints2\{c400657f-0988-11e1-9da6-889ffae0b821}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d5e78c50-5430-11e0-841a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d5e78c50-5430-11e0-841a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe -- [2010/05/24 21:56:52 | 002,505,256 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 12:39:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.scr
[2011/12/12 15:50:47 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/11/19 11:30:54 | 000,000,000 | ---D | C] -- C:\Test material

========== Files - Modified Within 30 Days ==========

[2011/12/17 16:45:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/17 12:59:10 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 12:59:10 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 11:07:48 | 000,427,808 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/12/17 11:07:09 | 2132,209,663 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/17 11:06:06 | 000,062,564 | ---- | M] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2011/12/17 11:06:06 | 000,048,169 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2011/12/17 11:06:06 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2011/12/17 11:06:06 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2011/12/17 11:06:06 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2011/12/17 11:06:06 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2011/12/17 11:06:06 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2011/12/17 11:06:06 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2011/12/17 11:06:06 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2011/12/17 11:06:06 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2011/12/17 11:06:06 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2011/12/17 11:06:06 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2011/12/17 11:06:06 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2011/12/17 11:06:06 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2011/12/17 11:06:06 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2011/12/17 11:06:06 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2011/12/17 11:06:06 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2011/12/13 12:39:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTL.scr
[2011/12/13 12:35:17 | 000,007,605 | ---- | M] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
[2011/12/13 12:16:28 | 000,010,632 | -HS- | M] () -- C:\Users\Jon\AppData\Local\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/13 12:16:28 | 000,010,632 | -HS- | M] () -- C:\ProgramData\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/12 14:59:23 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/12 14:14:26 | 000,011,654 | -HS- | M] () -- C:\Users\Jon\AppData\Local\466854s6s482j726v103v8aqt4l4
[2011/12/12 14:14:26 | 000,011,654 | -HS- | M] () -- C:\ProgramData\466854s6s482j726v103v8aqt4l4
[2011/12/08 11:32:43 | 000,000,973 | ---- | M] () -- C:\Users\Jon\Desktop\Dropbox.lnk
[2011/12/08 11:32:43 | 000,000,953 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/30 15:22:10 | 000,001,131 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/11/21 22:37:55 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/11/21 22:37:55 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/11/21 22:37:55 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/11/21 15:38:42 | 000,008,828 | ---- | M] () -- C:\Users\Jon\abaqus_v6.11.gpr

========== Files Created - No Company Name ==========

[2011/12/13 12:35:17 | 000,007,605 | ---- | C] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
[2011/12/13 12:11:32 | 000,010,632 | -HS- | C] () -- C:\Users\Jon\AppData\Local\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/13 12:11:32 | 000,010,632 | -HS- | C] () -- C:\ProgramData\pltlgn5f0xfj6kyw5qlc5r666y6h
[2011/12/12 14:59:23 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/12 13:46:10 | 000,011,654 | -HS- | C] () -- C:\Users\Jon\AppData\Local\466854s6s482j726v103v8aqt4l4
[2011/12/12 13:46:10 | 000,011,654 | -HS- | C] () -- C:\ProgramData\466854s6s482j726v103v8aqt4l4
[2011/07/29 15:09:29 | 000,012,228 | -HS- | C] () -- C:\ProgramData\2o73m1e6208xfb04w11p2xoj4byi6846j
[2011/07/29 15:09:29 | 000,012,216 | -HS- | C] () -- C:\Users\Jon\AppData\Local\2o73m1e6208xfb04w11p2xoj4byi6846j
[2011/07/06 11:13:54 | 000,164,653 | ---- | C] () -- C:\windows\hpoins29.dat
[2011/07/06 11:13:54 | 000,000,457 | ---- | C] () -- C:\windows\hpomdl29.dat
[2011/03/21 20:28:53 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/21 20:19:39 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/21 20:19:39 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/21 20:19:23 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/21 20:07:59 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/03/21 20:02:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/12/01 22:52:05 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/01 00:58:34 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\acccore
[2011/12/17 11:25:00 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Dropbox
[2011/06/01 00:50:29 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Lenovo
[2011/07/29 20:47:40 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Utililab
[2011/06/01 01:52:52 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\WindSolutions
[2011/10/31 08:26:57 | 000,032,626 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/03/22 03:41:30 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/03/22 03:38:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/03/22 03:41:30 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/03/22 03:38:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/03/22 03:41:30 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/03/22 03:38:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/03/22 03:41:30 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/03/22 03:38:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/03/22 03:41:30 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/03/22 03:41:30 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2011/03/22 03:41:30 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{2D31E2EB-7C50-4A37-BF31-E76917D169B7}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
"DhcpNetbiosOptions" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{41DCA788-4022-4C62-BF8E-66F024ACAC3D}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4FAB196B-A295-4E95-BE93-B32EE545D2E3}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{65BC6D3E-549A-45CC-B819-E41FFA79536C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{ADA76C7C-5196-4779-A975-C6CA56275247}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0E 01 0A 01 07 01 01 01 02 01 09 01 00 01 0D 01 05 01 0F 01 0C 01 0B 01 08 01 06 01 04 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-17 17:05:47
-----------------------------
17:05:47.605 OS Version: Windows x64 6.1.7600
17:05:47.605 Number of processors: 8 586 0x2A07
17:05:47.605 ComputerName: BIGPAPAKOSAK UserName: Jon
17:05:49.327 Initialize success
17:06:34.983 AVAST engine defs: 11121702
17:06:43.707 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:06:43.712 Disk 0 Vendor: HITACHI_ PB4Z Size: 476940MB BusType: 3
17:06:43.721 Disk 0 MBR read successfully
17:06:43.726 Disk 0 MBR scan
17:06:43.746 Disk 0 Windows 7 default MBR code
17:06:43.752 Service scanning
17:06:45.209 Modules scanning
17:06:45.217 Disk 0 trace - called modules:
17:06:45.232 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:06:45.239 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009b04060]
17:06:45.246 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80076b4050]
17:06:49.582 AVAST engine scan C:\windows
17:06:51.984 AVAST engine scan C:\windows\system32
17:08:13.277 AVAST engine scan C:\windows\system32\drivers
17:08:23.951 AVAST engine scan C:\Users\Jon
17:08:54.755 File: C:\Users\Jon\AppData\Local\Temp\473.4972.exe **INFECTED** Win32:MalOb-HY [Cryp]
17:08:55.278 File: C:\Users\Jon\AppData\Local\Temp\msimg32.dll **INFECTED** Win32:Malware-gen
17:08:55.395 File: C:\Users\Jon\AppData\Local\Temp\nnnv0.8602718765229511.exe **INFECTED** Win32:FakeAlert-BRD [Trj]
17:08:59.587 File: C:\Users\Jon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\721eb7e4-63882f6f **INFECTED** Win32:MalOb-HY [Cryp]
17:13:05.176 AVAST engine scan C:\ProgramData
17:15:48.464 Scan finished successfully
17:18:27.338 Disk 0 MBR has been saved successfully to "C:\Users\Jon\Desktop\Virus stuff\MBR.dat"
17:18:27.342 The log file has been saved successfully to "C:\Users\Jon\Desktop\Virus stuff\aswMBR.txt"
  • 0

#5
Essexboy
Posted 18 December 2011 - 04:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of these runs could you let me know what problems you are having

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/13 12:16:28 | 000,010,632 | -HS- | M] () -- C:\Users\Jon\AppData\Local\pltlgn5f0xfj6kyw5qlc5r666y6h
    [2011/12/13 12:16:28 | 000,010,632 | -HS- | M] () -- C:\ProgramData\pltlgn5f0xfj6kyw5qlc5r666y6h
    [2011/12/12 14:14:26 | 000,011,654 | -HS- | M] () -- C:\Users\Jon\AppData\Local\466854s6s482j726v103v8aqt4l4
    [2011/12/12 14:14:26 | 000,011,654 | -HS- | M] () -- C:\ProgramData\466854s6s482j726v103v8aqt4l4
    [2011/12/13 12:11:32 | 000,010,632 | -HS- | C] () -- C:\Users\Jon\AppData\Local\pltlgn5f0xfj6kyw5qlc5r666y6h
    [2011/12/13 12:11:32 | 000,010,632 | -HS- | C] () -- C:\ProgramData\pltlgn5f0xfj6kyw5qlc5r666y6h
    [2011/12/12 13:46:10 | 000,011,654 | -HS- | C] () -- C:\Users\Jon\AppData\Local\466854s6s482j726v103v8aqt4l4
    [2011/12/12 13:46:10 | 000,011,654 | -HS- | C] () -- C:\ProgramData\466854s6s482j726v103v8aqt4l4
    [2011/07/29 15:09:29 | 000,012,228 | -HS- | C] () -- C:\ProgramData\2o73m1e6208xfb04w11p2xoj4byi6846j
    [2011/07/29 15:09:29 | 000,012,216 | -HS- | C] () -- C:\Users\Jon\AppData\Local\2o73m1e6208xfb04w11p2xoj4byi6846j

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#6
JonK33
Posted 19 December 2011 - 05:12 PM

JonK33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Note: The virus reappeared just before I could run the first fix so I had to run my CCleaner and delete the .exe files that were causing the virus temporarily.

OTL txt:

OTL logfile created on: 12/19/2011 4:00:26 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon\Desktop\Virus stuff
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.39 Gb Available Physical Memory | 80.08% Memory free
15.96 Gb Paging File | 14.38 Gb Available in Paging File | 90.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420.33 Gb Total Space | 351.42 Gb Free Space | 83.61% Space Free | Partition Type: NTFS
Drive D: | 30.48 Gb Total Space | 28.35 Gb Free Space | 93.01% Space Free | Partition Type: NTFS
Drive F: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BIGPAPAKOSAK | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/13 12:39:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\Virus stuff\OTL.scr
PRC - [2011/11/10 17:40:27 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/16 14:32:22 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
PRC - [2011/05/18 11:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/03/21 20:19:33 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/12/22 16:19:04 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2010/02/03 15:48:12 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2010/01/08 17:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/01/08 17:30:28 | 000,234,032 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/01/08 16:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2008/05/05 09:05:55 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) -- C:\SIMULIA\Documentation\monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 17:40:27 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/03/21 20:19:33 | 000,492,896 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010/01/08 17:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2010/01/08 17:30:56 | 000,006,192 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/12 16:34:21 | 000,291,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/09/13 13:13:35 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/09/13 13:13:35 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/09/13 13:13:35 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/04/04 11:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/27 18:53:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/13 14:48:52 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/29 23:27:00 | 000,069,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe -- (Slidebar Notifier Service)
SRV - [2011/09/16 14:32:22 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
SRV - [2011/05/18 11:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/12/22 16:19:04 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 17:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 17:30:28 | 000,234,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 16:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/05 09:05:55 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) [Auto | Running] -- C:\SIMULIA\Documentation\monitor.exe -- (Texis Monitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/29 09:40:08 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/07/29 09:40:08 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/07/29 09:40:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/05/18 11:12:07 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/22 03:40:58 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/12 03:07:00 | 001,396,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/08 12:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/11/05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/20 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/07/27 19:22:14 | 007,450,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/27 18:16:52 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/07 21:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/05/24 05:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/04/23 18:27:44 | 000,057,072 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam.sys -- (JmUsbVideo)
DRV:64bit: - [2010/04/23 18:27:32 | 000,031,344 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam_lo.sys -- (JmUsbVideo2)
DRV:64bit: - [2010/04/09 00:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/26 00:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/02/05 08:23:40 | 000,017,904 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmccgp.sys -- (JmUsbCcgp)
DRV:64bit: - [2010/01/15 14:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 14:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 14:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/15 11:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/08 16:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/10/18 17:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/08/06 05:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2848235134-1050904035-71881968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://watchgamefilm....aspx?team=2353
IE - HKU\S-1-5-21-2848235134-1050904035-71881968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2848235134-1050904035-71881968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/06 11:16:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 17:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:40:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/06 11:16:11 | 000,000,000 | ---D | M]

[2011/06/01 00:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Extensions
[2011/06/01 00:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\xliaedk5.default\extensions
[2011/12/13 20:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/01 00:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/06 11:16:11 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/08/01 00:39:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========


O1 HOSTS File: ([2011/12/19 15:53:24 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2848235134-1050904035-71881968-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D31E2EB-7C50-4A37-BF31-E76917D169B7}: DhcpNameServer = 10.1.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DCA788-4022-4C62-BF8E-66F024ACAC3D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FAB196B-A295-4E95-BE93-B32EE545D2E3}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/24 21:56:52 | 000,000,046 | -H-- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c400657f-0988-11e1-9da6-889ffae0b821}\Shell - "" = AutoRun
O33 - MountPoints2\{c400657f-0988-11e1-9da6-889ffae0b821}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d5e78c50-5430-11e0-841a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d5e78c50-5430-11e0-841a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe -- [2010/05/24 21:56:52 | 002,505,256 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2848235134-1050904035-71881968-1000\...exe [@ = 2xc] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 15:53:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/17 17:07:05 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\Virus stuff
[2011/12/12 15:50:47 | 000,000,000 | ---D | C] -- C:\windows\Sun

========== Files - Modified Within 30 Days ==========

[2011/12/19 16:03:53 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 16:03:53 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 15:56:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/19 15:56:29 | 2132,209,663 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 15:54:51 | 000,062,732 | ---- | M] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2011/12/19 15:54:51 | 000,048,169 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2011/12/19 15:54:51 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2011/12/19 15:54:51 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2011/12/19 15:54:51 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2011/12/19 15:54:51 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2011/12/19 15:54:51 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2011/12/19 15:54:51 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2011/12/19 15:54:51 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2011/12/19 15:54:51 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2011/12/19 15:54:51 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2011/12/19 15:54:51 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2011/12/19 15:54:51 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2011/12/19 15:54:51 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2011/12/19 15:54:51 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2011/12/19 15:54:51 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2011/12/19 15:54:51 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2011/12/19 15:53:24 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/12/19 15:48:30 | 000,011,486 | -HS- | M] () -- C:\Users\Jon\AppData\Local\583245u2n608s086t778j7xav0k2
[2011/12/19 15:48:30 | 000,011,486 | -HS- | M] () -- C:\ProgramData\583245u2n608s086t778j7xav0k2
[2011/12/17 11:07:48 | 000,427,808 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/12/13 12:35:17 | 000,007,605 | ---- | M] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
[2011/12/12 14:59:23 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/08 11:32:43 | 000,000,973 | ---- | M] () -- C:\Users\Jon\Desktop\Dropbox.lnk
[2011/12/08 11:32:43 | 000,000,953 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/30 15:22:10 | 000,001,131 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/11/21 22:37:55 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/11/21 22:37:55 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/11/21 22:37:55 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/11/21 15:38:42 | 000,008,828 | ---- | M] () -- C:\Users\Jon\abaqus_v6.11.gpr

========== Files Created - No Company Name ==========

[2011/12/19 15:43:51 | 000,011,486 | -HS- | C] () -- C:\Users\Jon\AppData\Local\583245u2n608s086t778j7xav0k2
[2011/12/19 15:43:51 | 000,011,486 | -HS- | C] () -- C:\ProgramData\583245u2n608s086t778j7xav0k2
[2011/12/13 12:35:17 | 000,007,605 | ---- | C] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
[2011/12/12 14:59:23 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/06 11:13:54 | 000,164,653 | ---- | C] () -- C:\windows\hpoins29.dat
[2011/07/06 11:13:54 | 000,000,457 | ---- | C] () -- C:\windows\hpomdl29.dat
[2011/03/21 20:28:53 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/21 20:19:39 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/21 20:19:39 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/21 20:19:23 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/21 20:07:59 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/03/21 20:02:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/12/01 22:52:05 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/01 00:58:34 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\acccore
[2011/12/19 11:45:46 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Dropbox
[2011/06/01 00:50:29 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Lenovo
[2011/07/29 20:47:40 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Utililab
[2011/06/01 01:52:52 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\WindSolutions
[2011/10/31 08:26:57 | 000,032,626 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

Malwarebytes report:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8399

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/19/2011 4:10:35 PM
mbam-log-2011-12-19 (16-10-35).txt

Scan type: Quick scan
Objects scanned: 172216
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (2xc) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


This virus is strange in the fact that when I delete the exe files it seems to go away for 2 days or so then it comes back full strength. It's like I'm not getting at whatever is creating the virus files so I delete the exe's but then the hidden whatever is replicating them.
  • 0

#7
Essexboy
Posted 20 December 2011 - 12:35 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That suggests to me a rootkit that is not apparent in my main scans, the temp files should have been killed by OTL - so lets go deeper

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O37 - HKU\S-1-5-21-2848235134-1050904035-71881968-1000\...exe [@ = 2xc] -- Reg Error: Key error. File not found
    [2011/12/19 15:48:30 | 000,011,486 | -HS- | M] () -- C:\Users\Jon\AppData\Local\583245u2n608s086t778j7xav0k2
    [2011/12/19 15:48:30 | 000,011,486 | -HS- | M] () -- C:\ProgramData\583245u2n608s086t778j7xav0k2

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
JonK33
Posted 22 December 2011 - 01:48 AM

JonK33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I will be out of town for 5 days but please do not close this thread. I will reply again on the 28th of Dec
  • 0

#9
Essexboy
Posted 22 December 2011 - 02:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem
  • 0

#10
JonK33
Posted 28 December 2011 - 01:51 PM

JonK33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
OTL log:

OTL logfile created on: 12/28/2011 12:35:04 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon\Desktop\Virus stuff
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.62% Memory free
15.96 Gb Paging File | 13.79 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420.33 Gb Total Space | 351.68 Gb Free Space | 83.67% Space Free | Partition Type: NTFS
Drive D: | 30.48 Gb Total Space | 28.35 Gb Free Space | 93.01% Space Free | Partition Type: NTFS
Drive F: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BIGPAPAKOSAK | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 14:15:53 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/13 12:39:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\Virus stuff\OTL.scr
PRC - [2011/12/05 12:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/09/16 14:32:28 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe
PRC - [2011/09/16 14:32:22 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
PRC - [2011/05/18 11:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/05/03 08:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2011/03/21 20:19:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011/03/21 20:19:33 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/12/22 16:19:04 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2010/06/13 14:48:52 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/02/03 15:48:12 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2010/01/24 03:47:46 | 001,021,888 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
PRC - [2010/01/08 17:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/01/08 17:30:28 | 000,234,032 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/01/08 16:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2008/05/05 09:05:55 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) -- C:\SIMULIA\Documentation\monitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 14:15:53 | 000,849,368 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/05/03 08:38:52 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2011/03/21 20:19:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011/03/21 20:19:33 | 000,492,896 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011/03/21 16:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/10/18 07:49:24 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2010/10/18 07:46:22 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010/01/08 17:31:00 | 000,107,056 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2010/01/08 17:30:56 | 000,006,192 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/12 16:34:21 | 000,291,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/09/13 13:13:35 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/09/13 13:13:35 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/09/13 13:13:35 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/04/04 11:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/27 18:53:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/13 14:48:52 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/29 23:27:00 | 000,069,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe -- (Slidebar Notifier Service)
SRV - [2011/09/16 14:32:22 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
SRV - [2011/05/18 11:24:30 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010/12/22 16:19:04 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 17:31:04 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/01/08 17:30:28 | 000,234,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/01/08 16:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/05 09:05:55 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) [Auto | Running] -- C:\SIMULIA\Documentation\monitor.exe -- (Texis Monitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/29 09:40:08 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/07/29 09:40:08 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/07/29 09:40:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/05/18 11:12:07 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/22 03:40:58 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/12 03:07:00 | 001,396,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/08 12:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/11/05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/20 18:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/07/27 19:22:14 | 007,450,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/27 18:16:52 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/07 21:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/05/24 05:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/04/23 18:27:44 | 000,057,072 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam.sys -- (JmUsbVideo)
DRV:64bit: - [2010/04/23 18:27:32 | 000,031,344 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcam_lo.sys -- (JmUsbVideo2)
DRV:64bit: - [2010/04/09 00:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/26 00:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/02/05 08:23:40 | 000,017,904 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmccgp.sys -- (JmUsbCcgp)
DRV:64bit: - [2010/01/15 14:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 14:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 14:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/15 11:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/08 16:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/10/18 17:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/08/06 05:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2848235134-1050904035-71881968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://watchgamefilm....aspx?team=2353
IE - HKU\S-1-5-21-2848235134-1050904035-71881968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2848235134-1050904035-71881968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/06 11:16:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/21 14:15:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/21 14:15:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/06 11:16:11 | 000,000,000 | ---D | M]

[2011/06/01 00:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Extensions
[2011/06/01 00:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\xliaedk5.default\extensions
[2011/12/19 16:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/01 00:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/06 11:16:11 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/08/01 00:39:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========


O1 HOSTS File: ([2011/12/28 12:26:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2848235134-1050904035-71881968-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D31E2EB-7C50-4A37-BF31-E76917D169B7}: DhcpNameServer = 10.1.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DCA788-4022-4C62-BF8E-66F024ACAC3D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FAB196B-A295-4E95-BE93-B32EE545D2E3}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/24 21:56:52 | 000,000,046 | -H-- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c400657f-0988-11e1-9da6-889ffae0b821}\Shell - "" = AutoRun
O33 - MountPoints2\{c400657f-0988-11e1-9da6-889ffae0b821}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d5e78c50-5430-11e0-841a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d5e78c50-5430-11e0-841a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Installer.exe -- [2010/05/24 21:56:52 | 002,505,256 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 16:07:59 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes
[2011/12/19 16:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/19 16:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/19 16:07:46 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/12/19 16:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/19 15:53:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/17 17:07:05 | 000,000,000 | ---D | C] -- C:\Users\Jon\Desktop\Virus stuff
[2011/12/12 15:50:47 | 000,000,000 | ---D | C] -- C:\windows\Sun

========== Files - Modified Within 30 Days ==========

[2011/12/28 12:38:30 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 12:38:30 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 12:30:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/28 12:30:09 | 2132,209,663 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 12:28:33 | 000,063,124 | ---- | M] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2011/12/28 12:28:33 | 000,048,169 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2011/12/28 12:28:33 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2011/12/28 12:28:33 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2011/12/28 12:28:33 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2011/12/28 12:28:33 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2011/12/28 12:28:33 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2011/12/28 12:28:33 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2011/12/28 12:28:33 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2011/12/28 12:28:33 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2011/12/28 12:28:33 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2011/12/28 12:28:33 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2011/12/28 12:28:33 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2011/12/28 12:28:33 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2011/12/28 12:28:33 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2011/12/28 12:28:33 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2011/12/28 12:28:33 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2011/12/28 12:26:58 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/12/17 11:07:48 | 000,427,808 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/12/13 12:35:17 | 000,007,605 | ---- | M] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
[2011/12/12 14:59:23 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/08 11:32:43 | 000,000,973 | ---- | M] () -- C:\Users\Jon\Desktop\Dropbox.lnk
[2011/12/08 11:32:43 | 000,000,953 | ---- | M] () -- C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011/11/30 15:22:10 | 000,001,131 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

========== Files Created - No Company Name ==========

[2011/12/13 12:35:17 | 000,007,605 | ---- | C] () -- C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
[2011/12/12 14:59:23 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/06 11:13:54 | 000,164,653 | ---- | C] () -- C:\windows\hpoins29.dat
[2011/07/06 11:13:54 | 000,000,457 | ---- | C] () -- C:\windows\hpomdl29.dat
[2011/03/21 20:28:53 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/21 20:19:39 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/21 20:19:39 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/21 20:19:23 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/21 20:07:59 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/03/21 20:02:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/12/01 22:52:05 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 14:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 14:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/01 00:58:34 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\acccore
[2011/12/28 12:33:09 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Dropbox
[2011/06/01 00:50:29 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Lenovo
[2011/07/29 20:47:40 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\Utililab
[2011/06/01 01:52:52 | 000,000,000 | ---D | M] -- C:\Users\Jon\AppData\Roaming\WindSolutions
[2011/10/31 08:26:57 | 000,032,626 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >


I downloaded Combofix but have not run it yet because I cannot figure out how to disable my anti Malware, CA Security Center. I looked on that page and it isn't on there, also there isn't any direct way to disable it in options.
  • 0

Advertisements

#11
Essexboy
Posted 28 December 2011 - 01:57 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does this help ?

CA Internet Security Suite 2010•To turn off the Firewall, right-click on the CA Shield icon in the system tray, click My Internet, then click Disable Firewall.

•To turn it back on, right click system tray icon, click My Internet, then click Enable Firewall.

•To temporarily disable the Antivirus, right-click the CA Shield icon in the system tray, click My Computer, then click Enable Snooze.

•Enter the snooze time in minutes (up to 999, approx 16 2/3 hours) in the box and click Snooze.

•To end snooze, follow the same procedure and click Wake Now on the page for entering snooze time.

•To disable Antivirus on a longer basis, double-click the CA Shield icon in the system tray.

•When Security Center comes up, click Update Settings in the My Computer tab.

•Then click the red X next to Auto Scan.

•To re-enable, follow the same procedure and click the green checkmark.
  • 0

#12
JonK33
Posted 30 December 2011 - 02:04 AM

JonK33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I've made it snooze, tried ending the process with task manager but the combo fix keeps saying its active and I dont want to run it if it thinks its still active.
  • 0

#13
Essexboy
Posted 30 December 2011 - 12:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets run Combofix in safe mode with networking, can you do that? It's not perfect but it will enable us to progress

If Combofix alerts you to CA running then continue with the scan
  • 0

#14
JonK33
Posted 31 December 2011 - 03:01 PM

JonK33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
ComboFix 11-12-28.03 - Jon 12/31/2011 13:52:48.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8173.7223 [GMT -7:00]
Running from: c:\users\Jon\Desktop\Virus stuff\ComboFix.exe
AV: CA Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: CA Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Hotspot Shield\hssie\HsSIe.dll
c:\programdata\myd45sg16ul3lwqaiegb878773e4wua674l51tunls2
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\PlatewithHoleElemNodes.txt.mat
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Templates\myd45sg16ul3lwqaiegb878773e4wua674l51tunls2
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))
.
.
2011-12-31 20:57 . 2011-12-31 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 23:07 . 2011-12-19 23:07 -------- d-----w- c:\users\Jon\AppData\Roaming\Malwarebytes
2011-12-19 23:07 . 2011-12-19 23:07 -------- d-----w- c:\programdata\Malwarebytes
2011-12-19 23:07 . 2011-12-19 23:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-19 23:07 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 22:53 . 2011-12-19 22:53 -------- d-----w- C:\_OTL
2011-12-12 23:23 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10AF80CA-ED61-4A9F-9FBD-8FCEF74D31C9}\mpengine.dll
2011-12-12 22:50 . 2011-12-12 22:50 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-27 98304]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"Lenovo SplitScreen"="c:\program files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe" [2010-06-23 778592]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2010-02-03 167008]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-03-22 3122528]
"Lenovo SlideNav2"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" [2009-12-30 318400]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-6-13 1085728]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2007-11-13 296088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 20:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [x]
R1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 CAAMSvc;CAAMSvc;c:\program files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe [2011-10-12 291656]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2011-09-13 286032]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]
R2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
R2 Slidebar Notifier Service;Slidebar Notifier Service;c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2009-12-30 69568]
R2 Texis Monitor;Texis Monitor;c:\simulia\Documentation\monitor.exe [2008-05-05 4493312]
R2 UmxEngine;TM Engine;c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-04-04 920656]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-05-18 641464]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys [x]
R3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-06-01 07:48 269872 ----a-w- c:\program files (x86)\Hotspot Shield\hssie\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-03-22 03:19 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-09 11663976]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-03-22 789920]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-23 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-09-15 7069088]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2011-09-13 2658128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://watchgamefilm.tv/video.aspx?team=2353
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\VetRedir.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\xliaedk5.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynBtnAsst - c:\program files (x86)\Synaptics\SynTP\SynBtnAsst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-31 13:59:33
ComboFix-quarantined-files.txt 2011-12-31 20:59
.
Pre-Run: 375,870,816,256 bytes free
Post-Run: 375,677,112,320 bytes free
.
- - End Of File - - 81A007813EAAAA94051F019935831DD4


Virus popped up again last night and I deleted the exe file again btw.
  • 0

#15
Essexboy
Posted 31 December 2011 - 04:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there is a respawner somewhere

I will remove one from the Java cache, when you re-run OTL coould you select all users please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\Users\Jon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\721eb7e4-63882f6f

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP