Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue Screen error STOP: 0x0000008E (0xc0000005, ..., ..., ...) [Closed

Started by raptorjesus , Jan 01 2012 06:40 AM

  • This topic is locked This topic is locked

#1
raptorjesus
Posted 01 January 2012 - 06:40 AM

raptorjesus

    New Member

  • Member
  • Pip
  • 9 posts
Greetings, recently i was infected by one of those annoying forms of malware that masquerades as an anti-virus and holds your PC hostage,OpenCloud Security, which i removed by booting up in safe mode and running malwarebytes, no problem, BUT, now every time i try to boot my computer normally, i'm met with the dreaded BSOD and the above message mentioned in the title. i can't even make it won't even make it to the desktop, as soon as it's done loading, instant blue screen! Runs in safe mode just fine, but i'm clueless as to what even the cause is, and every time i go to check the minidump folder, it's empty. i tried resetting CMOS as well, but that didn't seem to help either. It was recently suggested to me in another thread that i move my topic here and give a quick scan of my PC with OTL and copy and paste the log, seeing as how i recovered from a previous infection before the BSOD occurred. i've heard at least 100 different possible causes from rootkits to faulty RAM, but i'm not sure what is the primary cause. Any and all advice is welcome. If you would like any further details, i'll be more than happy to describe in detail. Thanks in advance!

OTL logfile created on: 1/1/2012 7:20:57 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\moparmikeyb\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 35.83% Memory free
3.18 Gb Paging File | 1.49 Gb Available in Paging File | 46.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.04 Gb Total Space | 169.88 Gb Free Space | 58.77% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.60 Gb Free Space | 6.82% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 257.63 Gb Free Space | 86.43% Space Free | Partition Type: NTFS
Drive G: | 272.00 Mb Total Space | 249.71 Mb Free Space | 91.81% Space Free | Partition Type: NTFS

Computer Name: MOPARMIKEYB-PC | User Name: moparmikeyb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\moparmikeyb\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll ()
MOD - C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll ()
MOD - C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll ()
MOD - C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll ()
MOD - C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.loc ()


========== Win32 Services (SafeList) ==========

SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe (SiSoftware)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()
SRV - (ISPwdSvc) -- c:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
SRV - (Remote UI Service) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation)
SRV - (MCLServiceATL) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation)
SRV - (ISSM) Intel® -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel® Corporation)
SRV - (AlertService) Intel® -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) Intel® Viiv™ -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20101013.001\IDSvix86.sys (Symantec Corporation)
DRV - (Sftvol) -- C:\WINDOWS\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\WINDOWS\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\WINDOWS\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\WINDOWS\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\sandra.sys (SiSoftware)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (hamachi) -- C:\WINDOWS\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (SRTSPL) -- C:\WINDOWS\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HCW85BDA) -- C:\WINDOWS\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV - (netr73) -- C:\WINDOWS\System32\drivers\netr73.sys (Ralink Technology Corp.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (e1express) Intel® -- C:\WINDOWS\System32\drivers\e1e6032.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111031
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.ask.com?o=15557&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53313

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=SUN3&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=17"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.4.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...TDF&PC=SUN3&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53313
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\moparmikeyb\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/28 02:01:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/08 19:46:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/21 03:28:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}: C:\Users\moparmikeyb\AppData\Local\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}\ [2011/06/21 08:26:00 | 000,000,000 | ---D | M]

[2010/10/22 11:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Extensions
[2011/12/30 07:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions
[2010/10/27 05:56:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/08 19:46:42 | 000,000,000 | ---D | M] (ShopToWin15) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}
[2011/10/30 23:20:47 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2012/01/01 07:18:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/01 07:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/10/29 15:32:26 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/01/01 07:18:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/30 07:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\staged
[2010/05/26 14:18:50 | 000,002,333 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\searchplugins\askcom.xml
[2011/10/30 23:20:39 | 000,001,945 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\searchplugins\bing-zugo.xml
[2010/10/22 16:55:22 | 000,001,832 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\searchplugins\bing.xml
[2011/11/08 19:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/08 19:46:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 20:19:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/08 19:46:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\moparmikeyb\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Shareaholic for Google Chrome\u2122 = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep\5.0.4_0\
CHR - Extension: StayFocusd = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.2.0.15_0\
CHR - Extension: IE Tab Classic = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi\0.9.8_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 12
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62CE607A-1353-4A2D-B5D5-4E4AE3B77005}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\TwoJackLake.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\TwoJackLake.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/23 05:01:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2957eb3a-f196-11df-80c1-001d6053aed0}\Shell - "" = AutoRun
O33 - MountPoints2\{2957eb3a-f196-11df-80c1-001d6053aed0}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/28 14:43:48 | 000,002,032 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\d3d9caps.dat
[2011/12/23 06:32:49 | 000,000,324 | -HS- | M] () -- C:\Windows\tasks\gwtvttyen.job
[2011/12/23 05:41:25 | 000,739,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/23 05:41:25 | 000,148,348 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/23 05:35:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 05:35:22 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/12/05 16:15:48 | 000,015,162 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Roaming\wklnhst.dat
[2011/12/05 16:15:48 | 000,005,632 | ---- | M] () -- C:\Users\moparmikeyb\Documents\Cloud Computing.wps
[2011/12/04 18:17:28 | 000,015,872 | ---- | M] () -- C:\Users\moparmikeyb\Desktop\Week 14 -Homework 4th AmendmentB.wps
[2011/12/02 20:13:22 | 000,002,305 | ---- | M] () -- C:\Users\moparmikeyb\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/02 15:15:47 | 000,000,272 | ---- | M] () -- C:\Windows\reimage.ini
[2011/12/02 15:14:24 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2011/12/02 12:16:16 | 000,039,998 | ---- | M] () -- C:\Users\moparmikeyb\Desktop\i-regret-nothing.jpg
[2011/12/02 12:11:40 | 000,849,740 | ---- | M] () -- C:\Users\moparmikeyb\Desktop\i regret nothing.psd
[2011/12/02 12:05:49 | 000,328,997 | ---- | M] () -- C:\Users\moparmikeyb\Desktop\i regret nothing.jpg
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/05 16:14:33 | 000,005,632 | ---- | C] () -- C:\Users\moparmikeyb\Documents\Cloud Computing.wps
[2011/12/03 22:40:35 | 000,015,872 | ---- | C] () -- C:\Users\moparmikeyb\Desktop\Week 14 -Homework 4th AmendmentB.wps
[2011/12/02 12:16:15 | 000,039,998 | ---- | C] () -- C:\Users\moparmikeyb\Desktop\i-regret-nothing.jpg
[2011/12/02 12:11:39 | 000,849,740 | ---- | C] () -- C:\Users\moparmikeyb\Desktop\i regret nothing.psd
[2011/12/02 12:05:58 | 000,328,997 | ---- | C] () -- C:\Users\moparmikeyb\Desktop\i regret nothing.jpg
[2011/11/04 20:46:02 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\cbubs.sys
[2011/10/21 02:37:38 | 000,337,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/20 23:15:02 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/10/16 08:23:25 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/08/12 10:20:38 | 000,030,104 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Roaming\457E.65B
[2011/06/21 08:26:02 | 000,000,120 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\Sjoheve.dat
[2011/06/21 08:26:02 | 000,000,000 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\Jnevolema.bin
[2011/06/20 01:03:49 | 000,106,496 | RHS- | C] () -- C:\Windows\System32\XAPOFX1_3V.dll
[2011/06/06 21:33:13 | 000,000,152 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Roaming\yq5ys18ww.bat
[2011/05/30 13:36:05 | 000,295,042 | ---- | C] () -- C:\Windows\System32\shimg.dll
[2010/12/22 12:04:36 | 000,002,032 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\d3d9caps.dat
[2010/12/20 07:27:18 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/12/20 03:20:02 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/11/17 01:55:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/17 01:55:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/16 07:22:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/06 18:03:54 | 014,835,712 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/11/02 17:33:56 | 000,109,056 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 09:14:55 | 000,015,162 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Roaming\wklnhst.dat
[2010/10/27 05:50:44 | 000,001,100 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\d3d8caps.dat
[2010/10/22 11:27:08 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2007/08/23 04:51:11 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/23 04:38:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/23 04:33:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/23 04:25:09 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/23 04:25:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 04:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,739,062 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,148,348 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2010/12/08 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\AnvSoft
[2011/08/08 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Avnex
[2011/10/12 18:32:43 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\BOXEE
[2011/10/16 08:03:22 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\DAA11uvvS2bF3mG
[2010/12/03 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft
[2011/10/21 00:25:22 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\FileZilla
[2011/10/21 03:09:18 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\foobar2000
[2011/10/21 03:26:00 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\kingsoft
[2011/10/16 08:03:22 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\kQQQJ66dWK8
[2011/10/21 03:23:02 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\KSafe
[2011/10/16 08:03:16 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\mZZ99hYYXwUVeIB
[2011/10/16 08:20:27 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\nUUVVellOBtP0cA
[2011/06/08 06:23:16 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\OpenArena
[2011/10/16 08:03:15 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\sD33oonF4amHsW
[2010/10/22 11:04:29 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Snapfish
[2010/10/27 09:14:56 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Template
[2011/09/16 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\TP
[2011/11/11 14:40:43 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\uTorrent
[2011/02/14 05:51:52 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\wb
[2010/11/13 15:37:51 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\WinBatch
[2011/06/06 21:32:58 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\287431e8.job
[2011/06/06 21:32:59 | 000,000,228 | ---- | M] () -- C:\Windows\Tasks\2d1618d4.job
[2011/06/29 12:37:14 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\3318dc80.job
[2011/10/16 08:03:20 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\3961375488.job
[2011/06/29 12:26:13 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\41dcda80.job
[2011/06/29 12:40:55 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\4bcda580.job
[2011/06/29 12:20:42 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\66b59380.job
[2011/06/29 12:48:15 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\6a6d3480.job
[2011/06/29 12:29:54 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\6c17b900.job
[2011/06/06 21:32:54 | 000,000,230 | ---- | M] () -- C:\Windows\Tasks\a1bcb954.job
[2011/06/29 12:42:45 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\a20ff080.job
[2011/06/06 21:32:59 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\a4ecd4a8.job
[2011/06/06 21:33:05 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\adade368.job
[2011/06/29 12:24:23 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\b130f280.job
[2011/06/29 12:39:04 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\b3429500.job
[2011/06/06 21:32:54 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\b595b068.job
[2011/06/29 12:44:35 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\b8114200.job
[2011/06/29 12:31:44 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\bc82a780.job
[2011/06/06 21:32:55 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\cae02da8.job
[2011/06/29 12:46:25 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\df98a900.job
[2011/05/29 13:27:12 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011/06/29 12:33:34 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\e40a0e80.job
[2011/06/29 12:22:33 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\e5178780.job
[2011/06/29 12:28:03 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\eaea1a80.job
[2011/10/17 02:01:14 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\ErrorEND.job
[2011/06/29 12:35:24 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\fa0b6000.job
[2011/12/23 06:32:49 | 000,000,324 | -HS- | M] () -- C:\Windows\Tasks\gwtvttyen.job
[2011/09/16 12:32:27 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\moparmikeyb\Desktop\um_1280400-519759-gow-1227576079.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\moparmikeyb\Desktop\I need scissors 61 colonel call [www.keepvid.com].mp4:TOC.WMV

< End of report >
  • 0

Advertisements

#2
Nedklaw
Posted 01 January 2012 - 07:37 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, raptorjesus! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for raptorjesus only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.
  • 0

#3
Nedklaw
Posted 02 January 2012 - 04:56 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 2

Please uninstall the following program via Control Panel > Add/Remove Programs (if present):

  • uTorrent

I recommend you remove your P2P program, uTorrent. They are bad because shared files can contain security risks such as viruses, spyware and other unwanted software. The files distributed on these sites are packed with malware and are distributed all over the internet. You don't know where they have been, someone could have infected the files with malware.


Step 3

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.ask.com?o=15557&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53313
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..network.proxy.http_port: 53313
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}: C:\Users\moparmikeyb\AppData\Local\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}\ [2011/06/21 08:26:00 | 000,000,000 | ---D | M]
[2011/11/08 19:46:42 | 000,000,000 | ---D | M] (ShopToWin15) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}
[2011/10/30 23:20:47 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2012/01/01 07:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/05/26 14:18:50 | 000,002,333 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\searchplugins\askcom.xml
[2011/10/30 23:20:39 | 000,001,945 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\searchplugins\bing-zugo.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
[2011/11/04 20:46:02 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\cbubs.sys
[2011/08/12 10:20:38 | 000,030,104 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Roaming\457E.65B
[2011/06/21 08:26:02 | 000,000,120 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\Sjoheve.dat
[2011/06/21 08:26:02 | 000,000,000 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\Jnevolema.bin
[2011/06/06 21:33:13 | 000,000,152 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Roaming\yq5ys18ww.bat
[2011/05/30 13:36:05 | 000,295,042 | ---- | C] () -- C:\Windows\System32\shimg.dll
[2011/10/16 08:03:22 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\DAA11uvvS2bF3mG
[2010/12/03 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft
[2011/10/16 08:03:22 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\kQQQJ66dWK8
[2011/10/16 08:03:16 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\mZZ99hYYXwUVeIB
[2011/10/16 08:20:27 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\nUUVVellOBtP0cA
[2011/10/16 08:03:15 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\sD33oonF4amHsW
[2011/06/06 21:32:58 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\287431e8.job
[2011/06/06 21:32:59 | 000,000,228 | ---- | M] () -- C:\Windows\Tasks\2d1618d4.job
[2011/06/29 12:37:14 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\3318dc80.job
[2011/10/16 08:03:20 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\3961375488.job
[2011/06/29 12:26:13 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\41dcda80.job
[2011/06/29 12:40:55 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\4bcda580.job
[2011/06/29 12:20:42 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\66b59380.job
[2011/06/29 12:48:15 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\6a6d3480.job
[2011/06/29 12:29:54 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\6c17b900.job
[2011/06/06 21:32:54 | 000,000,230 | ---- | M] () -- C:\Windows\Tasks\a1bcb954.job
[2011/06/29 12:42:45 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\a20ff080.job
[2011/06/06 21:32:59 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\a4ecd4a8.job
[2011/06/06 21:33:05 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\adade368.job
[2011/06/29 12:24:23 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\b130f280.job
[2011/06/29 12:39:04 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\b3429500.job
[2011/06/06 21:32:54 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\b595b068.job
[2011/06/29 12:44:35 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\b8114200.job
[2011/06/29 12:31:44 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\bc82a780.job
[2011/06/06 21:32:55 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\cae02da8.job
[2011/06/29 12:46:25 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\df98a900.job
[2011/06/29 12:33:34 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\e40a0e80.job
[2011/06/29 12:22:33 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\e5178780.job
[2011/06/29 12:28:03 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\eaea1a80.job
[2011/06/29 12:35:24 | 000,000,232 | ---- | M] () -- C:\Windows\Tasks\fa0b6000.job
[2011/12/23 06:32:49 | 000,000,324 | -HS- | M] () -- C:\Windows\Tasks\gwtvttyen.job
@Alternate Data Stream - 64 bytes -> C:\Users\moparmikeyb\Desktop\um_1280400-519759-gow-1227576079.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\moparmikeyb\Desktop\I need scissors 61 colonel call [www.keepvid.com].mp4:TOC.WMV
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] 

:Files
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 4

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image

Things I want to see in your next reply

  • GooredFix.txt
  • OTL Fix Log
  • OTL.txt
  • aswMBR.txt
  • 0

#4
Essexboy
Posted 07 January 2012 - 10:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#5
Nedklaw
Posted 18 January 2012 - 02:53 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

If you haven't already done so, could you follow the instructions in my previous post?
If you have followed the previous instructions, could you post the specified logs?
  • 0

#6
raptorjesus
Posted 20 January 2012 - 09:50 AM

raptorjesus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Firstly, thank you so much for your patience and help thus far. Sadly i've tried running OTL with the instructions pasted in the box twice, but upon reboot, no log appears, nor can i find it, i'm sorry, but i do however, have the GooredFix.txt as well as the aswMBR.txt. i dunno if it's where i can only restart my computer in safemmode or if i'm just not looking in the right place, but i just can't seem to find the OTL Fix Log nor the OTL.txt, but here are GooredFix.txt and the aswMBR.txt.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:01 on 17/01/2012 (moparmikeyb)
Firefox version 9.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:19 22/10/2010]

C:\Users\moparmikeyb\Application Data\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [13:56 27/10/2010]
{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928} [00:19 17/01/2012]
{5911488E-9D1E-40ec-8CBB-06B231CC153F} [07:20 31/10/2011]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [00:19 17/01/2012]
{ab91efd4-6975-4081-8552-1b3922ed79e2} [23:32 29/10/2010]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [00:19 17/01/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [10:26 25/10/2010]
"{27182e60-b5f3-411c-b545-b44205977502}"="C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\" [10:01 28/10/2010]

---------- Old Logs ----------
GooredFix[03.58.06_18-01-2012].txt
GooredFix[03.58.35_18-01-2012].txt

-=E.O.F=-

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-17 19:41:48
-----------------------------
19:41:48.367 OS Version: Windows 6.0.6002 Service Pack 2
19:41:48.367 Number of processors: 4 586 0xF0B
19:41:48.367 ComputerName: MOPARMIKEYB-PC UserName: moparmikeyb
19:41:49.303 Initialize success
19:43:02.609 AVAST engine defs: 12011701
19:43:10.790 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-1
19:43:10.792 Disk 0 Vendor: Hitachi_HDT725032VLA380 V54OA7BA Size: 305245MB BusType: 3
19:43:10.794 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
19:43:10.796 Disk 1 Vendor: Hitachi_HDT725032VLA380 V54OA7BA Size: 305245MB BusType: 3
19:43:10.806 Disk 1 MBR read successfully
19:43:10.811 Disk 1 MBR scan
19:43:10.815 Disk 1 unknown MBR code
19:43:10.818 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 295978 MB offset 63
19:43:10.852 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 8992 MB offset 606164580
19:43:10.867 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 272 MB offset 624580608
19:43:10.876 Disk 1 scanning sectors +625137664
19:43:10.940 Disk 1 scanning C:\Windows\system32\drivers
19:43:21.839 Service scanning
19:43:23.982 Modules scanning
19:43:29.350 Disk 1 trace - called modules:
19:43:29.360 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
19:43:29.365 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8563e030]
19:43:29.370 3 CLASSPNP.SYS[8a5a38b3] -> nt!IofCallDriver -> [0x853b6620]
19:43:29.375 5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x853a4128]
19:43:30.560 AVAST engine scan C:\Windows
19:43:35.593 AVAST engine scan C:\Windows\system32
19:44:16.906 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
19:45:41.007 File: C:\Windows\system32\XAPOFX1_3V.dll **INFECTED** Win32:MalOb-HH [Cryp]
19:45:43.254 AVAST engine scan C:\Windows\system32\drivers
19:45:54.019 AVAST engine scan C:\Users\moparmikeyb
19:51:50.985 AVAST engine scan C:\ProgramData
19:54:03.097 Scan finished successfully
06:50:30.992 Disk 1 MBR has been saved successfully to "C:\Users\moparmikeyb\Desktop\MBR.dat"
06:50:31.008 The log file has been saved successfully to "C:\Users\moparmikeyb\Desktop\aswMBR.txt"


Hope this helps some, contact me with any further instructions, i'll try and see if i can acquire the OTL log and .txt file.
Also i uninstalled and removed uTorrent as well. This is the OTL results after scanning all users.

OTL logfile created on: 1/20/2012 10:52:42 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\moparmikeyb\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.67% Memory free
3.13 Gb Paging File | 2.40 Gb Available in Paging File | 76.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.04 Gb Total Space | 195.70 Gb Free Space | 67.71% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.60 Gb Free Space | 6.82% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 257.63 Gb Free Space | 86.43% Space Free | Partition Type: NTFS
Drive G: | 272.00 Mb Total Space | 249.71 Mb Free Space | 91.81% Space Free | Partition Type: NTFS

Computer Name: MOPARMIKEYB-PC | User Name: moparmikeyb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/17 19:58:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/25 05:32:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\moparmikeyb\Downloads\OTL.exe
PRC - [2011/08/04 13:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/06/01 09:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/17 19:58:47 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/30 07:12:40 | 000,412,728 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 07:12:39 | 003,696,184 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 07:11:13 | 000,142,568 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 07:11:12 | 000,253,320 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 07:11:10 | 002,403,240 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/29 12:06:57 | 008,587,936 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
MOD - [2011/07/04 15:16:39 | 006,271,648 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/01/20 17:50:56 | 000,237,160 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/06/01 09:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/01/20 17:51:12 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/22 11:23:32 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/12/02 21:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 21:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/17 22:19:24 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/29 07:19:08 | 000,198,240 | ---- | M] () [Auto | Stopped] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007/01/13 16:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 12:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/04 17:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/09/11 15:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 15:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 14:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 14:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 09:32:28 | 000,208,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/31 22:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 08:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2011/01/28 13:37:12 | 010,483,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/12 04:10:52 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/10/22 11:24:27 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/18 07:14:26 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/18 07:14:26 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/15 10:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20101013.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/12/02 21:23:52 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2009/12/02 21:23:50 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/12/02 21:23:48 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2009/12/02 21:23:46 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/08/03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/11/30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/11 01:49:22 | 000,968,064 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007/04/20 09:21:18 | 000,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/04/14 01:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/13 05:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111031
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=SUN3&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=17"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\moparmikeyb\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/28 02:01:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/17 19:58:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/21 03:28:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}: C:\Users\moparmikeyb\AppData\Local\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}\ [2011/06/21 08:26:00 | 000,000,000 | ---D | M]

[2010/10/22 11:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Extensions
[2012/01/17 20:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions
[2010/10/27 05:56:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/16 16:19:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/29 15:32:26 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/01/16 16:19:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/22 16:55:22 | 000,001,832 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\searchplugins\bing.xml
[2011/11/08 19:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/17 19:58:47 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 20:19:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/08 19:46:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\moparmikeyb\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Shareaholic for Google Chrome\u2122 = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep\5.1.0_0\
CHR - Extension: StayFocusd = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.2.0.15_0\
CHR - Extension: IE Tab Classic = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi\0.9.8_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\

O1 HOSTS File: ([2012/01/20 10:40:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O7 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 12
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62CE607A-1353-4A2D-B5D5-4E4AE3B77005}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\TwoJackLake.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\TwoJackLake.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/23 05:01:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2957eb3a-f196-11df-80c1-001d6053aed0}\Shell - "" = AutoRun
O33 - MountPoints2\{2957eb3a-f196-11df-80c1-001d6053aed0}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 20:15:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/17 19:58:06 | 000,000,000 | ---D | C] -- C:\Users\moparmikeyb\Desktop\GooredFix Backups
[2012/01/17 19:57:14 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\moparmikeyb\Desktop\GooredFix.exe
[2012/01/01 08:05:12 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/01/01 08:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2012/01/01 08:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/20 10:40:07 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/20 09:47:52 | 000,775,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/20 09:47:52 | 000,160,402 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/20 09:45:24 | 000,002,032 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\d3d9caps.dat
[2012/01/20 09:43:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/20 09:43:05 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2012/01/18 06:50:30 | 000,000,512 | ---- | M] () -- C:\Users\moparmikeyb\Desktop\MBR.dat
[2012/01/17 19:57:20 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\moparmikeyb\Desktop\GooredFix.exe
[2012/01/12 10:20:24 | 000,120,832 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/01 07:28:44 | 000,002,305 | ---- | M] () -- C:\Users\moparmikeyb\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/18 06:50:30 | 000,000,512 | ---- | C] () -- C:\Users\moparmikeyb\Desktop\MBR.dat
[2011/10/21 02:37:38 | 000,337,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/20 23:15:02 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/10/16 08:23:25 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/06/20 01:03:49 | 000,106,496 | RHS- | C] () -- C:\Windows\System32\XAPOFX1_3V.dll
[2010/12/22 12:04:36 | 000,002,032 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\d3d9caps.dat
[2010/12/20 07:27:18 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/12/20 03:20:02 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/11/17 01:55:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/17 01:55:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/16 07:22:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/06 18:03:54 | 014,835,712 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/11/02 17:33:56 | 000,120,832 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 09:14:55 | 000,015,162 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Roaming\wklnhst.dat
[2010/10/27 05:50:44 | 000,001,100 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\d3d8caps.dat
[2010/10/22 11:27:08 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2007/08/23 04:51:11 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/23 04:38:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/23 04:33:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/23 04:25:09 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/23 04:25:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 04:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,775,704 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,160,402 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2010/12/08 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\AnvSoft
[2011/08/08 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Avnex
[2011/10/12 18:32:43 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\BOXEE
[2012/01/18 19:43:09 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\FileZilla
[2011/10/21 03:09:18 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\foobar2000
[2011/10/21 03:26:00 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\kingsoft
[2011/10/21 03:23:02 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\KSafe
[2011/06/08 06:23:16 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\OpenArena
[2010/10/22 11:04:29 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Snapfish
[2010/10/27 09:14:56 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Template
[2011/09/16 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\TP
[2011/02/14 05:51:52 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\wb
[2010/11/13 15:37:51 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\WinBatch
[2011/05/29 13:27:12 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011/10/17 02:01:14 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\ErrorEND.job
[2011/09/16 12:32:27 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by raptorjesus, 20 January 2012 - 10:57 AM.

  • 0

#7
Nedklaw
Posted 21 January 2012 - 11:26 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Your welcome!!!

Don't worry, you have posted OTL.txt.
The OTL fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • 0

#8
raptorjesus
Posted 21 January 2012 - 05:49 PM

raptorjesus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Okay, thanks! Here's the OTL fix log.

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: [email protected]:3.3.3.2 removed from extensions.enabledItems
Prefs.js: 53313 removed from network.proxy.http_port
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}: C:\Users\moparmikeyb\AppData\Local\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}\ not found.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}\META-INF folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}\chrome\skin folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}\chrome\content\locale folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}\chrome\content folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}\chrome folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928} folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\defaults\preferences folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\defaults folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} folder moved successfully.
Folder C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\searchplugins\askcom.xml moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\searchplugins\bing-zugo.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\System32\drivers\cbubs.sys moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\457E.65B moved successfully.
C:\Users\moparmikeyb\AppData\Local\Sjoheve.dat moved successfully.
C:\Users\moparmikeyb\AppData\Local\Jnevolema.bin moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\yq5ys18ww.bat moved successfully.
C:\WINDOWS\System32\shimg.dll moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DAA11uvvS2bF3mG folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\TwilightWorld folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\TropicalSeaShore folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\PrinceOfPersia folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\PrairieRoad folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\None folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\Mountains folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\MistyRoad folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\iPhoneDeepBlue folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\iPhoneBall folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\HarryPotter folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\GreenHills folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\Default folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\Concert folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\AzureLagoon folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\Avatar folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\AutumnRoad folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes\AboveTheClouds folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter\Themes folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft\FreeVideoToMP3Converter folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\DVDVideoSoft folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\kQQQJ66dWK8 folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\mZZ99hYYXwUVeIB folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\nUUVVellOBtP0cA folder moved successfully.
C:\Users\moparmikeyb\AppData\Roaming\sD33oonF4amHsW folder moved successfully.
C:\WINDOWS\Tasks\287431e8.job moved successfully.
C:\WINDOWS\Tasks\2d1618d4.job moved successfully.
C:\WINDOWS\Tasks\3318dc80.job moved successfully.
C:\WINDOWS\Tasks\3961375488.job moved successfully.
C:\WINDOWS\Tasks\41dcda80.job moved successfully.
C:\WINDOWS\Tasks\4bcda580.job moved successfully.
C:\WINDOWS\Tasks\66b59380.job moved successfully.
C:\WINDOWS\Tasks\6a6d3480.job moved successfully.
C:\WINDOWS\Tasks\6c17b900.job moved successfully.
C:\WINDOWS\Tasks\a1bcb954.job moved successfully.
C:\WINDOWS\Tasks\a20ff080.job moved successfully.
C:\WINDOWS\Tasks\a4ecd4a8.job moved successfully.
C:\WINDOWS\Tasks\adade368.job moved successfully.
C:\WINDOWS\Tasks\b130f280.job moved successfully.
C:\WINDOWS\Tasks\b3429500.job moved successfully.
C:\WINDOWS\Tasks\b595b068.job moved successfully.
C:\WINDOWS\Tasks\b8114200.job moved successfully.
C:\WINDOWS\Tasks\bc82a780.job moved successfully.
C:\WINDOWS\Tasks\cae02da8.job moved successfully.
C:\WINDOWS\Tasks\df98a900.job moved successfully.
C:\WINDOWS\Tasks\e40a0e80.job moved successfully.
C:\WINDOWS\Tasks\e5178780.job moved successfully.
C:\WINDOWS\Tasks\eaea1a80.job moved successfully.
C:\WINDOWS\Tasks\fa0b6000.job moved successfully.
C:\WINDOWS\Tasks\gwtvttyen.job moved successfully.
ADS C:\Users\moparmikeyb\Desktop\um_1280400-519759-gow-1227576079.mpg:TOC.WMV deleted successfully.
ADS C:\Users\moparmikeyb\Desktop\I need scissors 61 colonel call [www.keepvid.com].mp4:TOC.WMV deleted successfully.
C:\ProgramData\xmlCB4C.tmp deleted successfully.
C:\ProgramData\xmlCE3A.tmp deleted successfully.
C:\ProgramData\xmlD04E.tmp deleted successfully.
C:\Windows\System32\PerfStringBackup.TMP deleted successfully.
C:\Windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP\WiseCustomCalla21.exe deleted successfully.
C:\Windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\moparmikeyb\Downloads\cmd.bat deleted successfully.
C:\Users\moparmikeyb\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: moparmikeyb
->Temp folder emptied: 34728904 bytes
->Temporary Internet Files folder emptied: 46728899 bytes
->Java cache emptied: 2952021 bytes
->FireFox cache emptied: 60398263 bytes
->Google Chrome cache emptied: 680862036 bytes
->Apple Safari cache emptied: 2038784 bytes
->Flash cache emptied: 68079 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3953099 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 793.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01172012_201549
  • 0

#9
Nedklaw
Posted 22 January 2012 - 08:27 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}: C:\Users\moparmikeyb\AppData\Local\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}\ [2011/06/21 08:26:00 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
[2011/06/20 01:03:49 | 000,106,496 | RHS- | C] () -- C:\Windows\System32\XAPOFX1_3V.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
:Reg 
[HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions]
"{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}"=-
 
:Files
C:\Windows\system32\jureg.exe 
C:\Users\moparmikeyb\Application Data\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928}
C:\Users\moparmikeyb\Application Data\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
C:\Users\moparmikeyb\AppData\Local\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • The OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • 0

#10
raptorjesus
Posted 22 January 2012 - 04:26 PM

raptorjesus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks again!

All processes killed
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}: C:\Users\moparmikeyb\AppData\Local\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\System32\XAPOFX1_3V.dll moved successfully.
C:\Windows\System32\PerfStringBackup.TMP deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}\ not found.
========== FILES ==========
C:\Windows\system32\jureg.exe moved successfully.
File\Folder C:\Users\moparmikeyb\Application Data\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{4ac80c6c-0a1b-4b3a-ad7e-8a6d8f5e6928} not found.
File\Folder C:\Users\moparmikeyb\Application Data\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} not found.
C:\Users\moparmikeyb\AppData\Local\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}\chrome\content folder moved successfully.
C:\Users\moparmikeyb\AppData\Local\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF}\chrome folder moved successfully.
C:\Users\moparmikeyb\AppData\Local\{70BC2C21-E035-4E21-B4B4-E361AFBA23EF} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\moparmikeyb\Downloads\cmd.bat deleted successfully.
C:\Users\moparmikeyb\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: moparmikeyb
->Temp folder emptied: 132918 bytes
->Temporary Internet Files folder emptied: 1669394 bytes
->Java cache emptied: 1844792 bytes
->FireFox cache emptied: 290824516 bytes
->Google Chrome cache emptied: 20564039 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3677 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1997891 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 302.00 mb

And the .txt file

OTL by OldTimer - Version 3.2.31.0 log created on 01222012_161534

OTL logfile created on: 1/22/2012 3:22:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\moparmikeyb\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 81.17% Memory free
3.13 Gb Paging File | 2.78 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.04 Gb Total Space | 195.73 Gb Free Space | 67.72% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.60 Gb Free Space | 6.82% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 257.63 Gb Free Space | 86.43% Space Free | Partition Type: NTFS
Drive G: | 272.00 Mb Total Space | 249.71 Mb Free Space | 91.81% Space Free | Partition Type: NTFS

Computer Name: MOPARMIKEYB-PC | User Name: moparmikeyb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/17 19:58:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/25 05:32:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\moparmikeyb\Downloads\OTL.exe
PRC - [2011/08/04 13:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/18 23:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\HelpPane.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/17 19:58:47 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/01/20 17:50:56 | 000,237,160 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/01/20 17:51:12 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/22 11:23:32 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/12/02 21:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 21:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/17 22:19:24 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/29 07:19:08 | 000,198,240 | ---- | M] () [Auto | Stopped] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007/01/13 16:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 12:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/04 17:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/09/11 15:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 15:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 14:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 14:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 09:32:28 | 000,208,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/31 22:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 08:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2011/01/28 13:37:12 | 010,483,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/12 04:10:52 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/10/22 11:24:27 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/18 07:14:26 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/18 07:14:26 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/15 10:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20101013.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/12/02 21:23:52 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2009/12/02 21:23:50 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/12/02 21:23:48 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2009/12/02 21:23:46 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/08/03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/11/30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/11 01:49:22 | 000,968,064 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007/04/20 09:21:18 | 000,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/04/14 01:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/13 05:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111031
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=SUN3&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=17"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\moparmikeyb\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/28 02:01:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/17 19:58:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/21 03:28:05 | 000,000,000 | ---D | M]

[2010/10/22 11:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Extensions
[2012/01/17 20:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions
[2010/10/27 05:56:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/16 16:19:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/29 15:32:26 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/01/16 16:19:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/22 16:55:22 | 000,001,832 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\searchplugins\bing.xml
[2011/11/08 19:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/17 19:58:47 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 20:19:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/08 19:46:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\moparmikeyb\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Shareaholic for Google Chrome\u2122 = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep\5.1.0_0\
CHR - Extension: StayFocusd = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.2.0.15_0\
CHR - Extension: IE Tab Classic = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi\0.9.8_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\

O1 HOSTS File: ([2012/01/22 16:15:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O7 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 12
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62CE607A-1353-4A2D-B5D5-4E4AE3B77005}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\TwoJackLake.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\TwoJackLake.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/23 05:01:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2957eb3a-f196-11df-80c1-001d6053aed0}\Shell - "" = AutoRun
O33 - MountPoints2\{2957eb3a-f196-11df-80c1-001d6053aed0}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 20:15:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/17 19:58:06 | 000,000,000 | ---D | C] -- C:\Users\moparmikeyb\Desktop\GooredFix Backups
[2012/01/17 19:57:14 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\moparmikeyb\Desktop\GooredFix.exe
[2012/01/01 08:05:12 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/01/01 08:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2012/01/01 08:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/22 16:15:37 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/22 15:23:29 | 000,002,032 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\d3d9caps.dat
[2012/01/22 15:22:17 | 000,787,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/22 15:22:17 | 000,164,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/22 15:17:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/22 15:17:17 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2012/01/18 06:50:30 | 000,000,512 | ---- | M] () -- C:\Users\moparmikeyb\Desktop\MBR.dat
[2012/01/17 19:57:20 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\moparmikeyb\Desktop\GooredFix.exe
[2012/01/12 10:20:24 | 000,120,832 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/01 07:28:44 | 000,002,305 | ---- | M] () -- C:\Users\moparmikeyb\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/18 06:50:30 | 000,000,512 | ---- | C] () -- C:\Users\moparmikeyb\Desktop\MBR.dat
[2011/10/21 02:37:38 | 000,337,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/20 23:15:02 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/10/16 08:23:25 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2010/12/22 12:04:36 | 000,002,032 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\d3d9caps.dat
[2010/12/20 07:27:18 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/12/20 03:20:02 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/11/17 01:55:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/17 01:55:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/16 07:22:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/06 18:03:54 | 014,835,712 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/11/02 17:33:56 | 000,120,832 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 09:14:55 | 000,015,162 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Roaming\wklnhst.dat
[2010/10/27 05:50:44 | 000,001,100 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\d3d8caps.dat
[2010/10/22 11:27:08 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2007/08/23 04:51:11 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/23 04:38:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/23 04:33:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/23 04:25:09 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/23 04:25:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 04:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,787,918 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,164,420 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2010/12/08 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\AnvSoft
[2011/08/08 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Avnex
[2011/10/12 18:32:43 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\BOXEE
[2012/01/18 19:43:09 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\FileZilla
[2011/10/21 03:09:18 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\foobar2000
[2011/10/21 03:26:00 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\kingsoft
[2011/10/21 03:23:02 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\KSafe
[2011/06/08 06:23:16 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\OpenArena
[2010/10/22 11:04:29 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Snapfish
[2010/10/27 09:14:56 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Template
[2011/09/16 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\TP
[2011/02/14 05:51:52 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\wb
[2010/11/13 15:37:51 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\WinBatch
[2011/05/29 13:27:12 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011/10/17 02:01:14 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\ErrorEND.job
[2011/09/16 12:32:27 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#11
Nedklaw
Posted 23 January 2012 - 02:52 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Do you still get a blue screen when you boot into Normal Mode?
How is your system running? Are you experiencing any other problems?


Step 1

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL
O4 - HKLM..\Run: [] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] 
 
:Files
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • The OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • OTL Fix Log
  • OTL.txt
  • MBAM Log
  • log.txt
  • 0

#12
raptorjesus
Posted 24 January 2012 - 05:33 AM

raptorjesus

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Howdy! Unfortunately my computer still blue screens upon start up. Still running just fine in safe mode though, but other than that no other apparent problems.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
C:\Windows\System32\PerfStringBackup.TMP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\moparmikeyb\Downloads\cmd.bat deleted successfully.
C:\Users\moparmikeyb\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: moparmikeyb
->Temp folder emptied: 116534 bytes
->Temporary Internet Files folder emptied: 1525823 bytes
->Java cache emptied: 3217363 bytes
->FireFox cache emptied: 55683184 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 703 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5684 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3953099 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 62.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01232012_153616


OTL .txt

OTL logfile created on: 1/23/2012 2:41:17 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\moparmikeyb\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 79.94% Memory free
3.13 Gb Paging File | 2.72 Gb Available in Paging File | 87.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.04 Gb Total Space | 196.51 Gb Free Space | 67.99% Space Free | Partition Type: NTFS
Drive D: | 8.78 Gb Total Space | 0.60 Gb Free Space | 6.82% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 257.63 Gb Free Space | 86.43% Space Free | Partition Type: NTFS
Drive G: | 272.00 Mb Total Space | 249.71 Mb Free Space | 91.81% Space Free | Partition Type: NTFS

Computer Name: MOPARMIKEYB-PC | User Name: moparmikeyb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/17 19:58:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/25 05:32:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\moparmikeyb\Downloads\OTL.exe
PRC - [2011/08/04 13:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/06/01 09:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/17 19:58:47 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/01/20 17:50:56 | 000,237,160 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/06/01 09:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2006/09/11 15:10:52 | 000,040,960 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\umc_vob_source_filter.ax


========== Win32 Services (SafeList) ==========

SRV - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/01/20 17:51:12 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/22 11:23:32 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/12/02 21:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 21:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/17 22:19:24 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/05/29 07:19:08 | 000,198,240 | ---- | M] () [Auto | Stopped] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007/01/13 16:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 12:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 14:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/04 17:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/09/11 15:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 15:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 14:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 14:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 09:32:28 | 000,208,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/31 22:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 08:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2011/01/28 13:37:12 | 010,483,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/12 04:10:52 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/10/22 11:24:27 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/18 07:14:26 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/18 07:14:26 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/15 10:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20101013.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/12/02 21:23:52 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2009/12/02 21:23:50 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/12/02 21:23:48 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2009/12/02 21:23:46 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/08/03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/11/30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/11 01:49:22 | 000,968,064 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007/04/20 09:21:18 | 000,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/04/14 01:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/13 05:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111031
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=SUN3&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=17"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\moparmikeyb\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/28 02:01:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/17 19:58:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/21 03:28:05 | 000,000,000 | ---D | M]

[2010/10/22 11:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Extensions
[2012/01/17 20:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions
[2010/10/27 05:56:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/16 16:19:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/29 15:32:26 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/01/16 16:19:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/22 16:55:22 | 000,001,832 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Roaming\Mozilla\Firefox\Profiles\a2tlbstc.default\searchplugins\bing.xml
[2011/11/08 19:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/17 19:58:47 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 20:19:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/08 19:46:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\moparmikeyb\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\moparmikeyb\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Shareaholic for Google Chrome\u2122 = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep\5.1.0_0\
CHR - Extension: StayFocusd = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.2.0.15_0\
CHR - Extension: IE Tab Classic = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi\0.9.8_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\moparmikeyb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\

O1 HOSTS File: ([2012/01/23 15:36:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O7 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 12
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1507260761-2550785639-25408563-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62CE607A-1353-4A2D-B5D5-4E4AE3B77005}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\TwoJackLake.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\TwoJackLake.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/23 05:01:29 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2957eb3a-f196-11df-80c1-001d6053aed0}\Shell - "" = AutoRun
O33 - MountPoints2\{2957eb3a-f196-11df-80c1-001d6053aed0}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/17 20:15:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/17 19:58:06 | 000,000,000 | ---D | C] -- C:\Users\moparmikeyb\Desktop\GooredFix Backups
[2012/01/17 19:57:14 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\moparmikeyb\Desktop\GooredFix.exe
[2012/01/01 08:05:12 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/01/01 08:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
[2012/01/01 08:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/23 15:36:19 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/23 14:42:26 | 000,812,346 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/23 14:42:26 | 000,172,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/23 14:39:50 | 000,002,032 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\d3d9caps.dat
[2012/01/23 14:37:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/23 14:37:41 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2012/01/23 05:58:10 | 000,015,162 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Roaming\wklnhst.dat
[2012/01/18 06:50:30 | 000,000,512 | ---- | M] () -- C:\Users\moparmikeyb\Desktop\MBR.dat
[2012/01/17 19:57:20 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\moparmikeyb\Desktop\GooredFix.exe
[2012/01/12 10:20:24 | 000,120,832 | ---- | M] () -- C:\Users\moparmikeyb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/01 07:28:44 | 000,002,305 | ---- | M] () -- C:\Users\moparmikeyb\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/18 06:50:30 | 000,000,512 | ---- | C] () -- C:\Users\moparmikeyb\Desktop\MBR.dat
[2011/10/21 02:37:38 | 000,337,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/20 23:15:02 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/10/16 08:23:25 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2010/12/22 12:04:36 | 000,002,032 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\d3d9caps.dat
[2010/12/20 07:27:18 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/12/20 03:20:02 | 000,032,441 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/11/17 01:55:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/17 01:55:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/16 07:22:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/06 18:03:54 | 014,835,712 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010/11/02 17:33:56 | 000,120,832 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 09:14:55 | 000,015,162 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Roaming\wklnhst.dat
[2010/10/27 05:50:44 | 000,001,100 | ---- | C] () -- C:\Users\moparmikeyb\AppData\Local\d3d8caps.dat
[2010/10/22 11:27:08 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2007/08/23 04:51:11 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/23 04:38:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/08/23 04:33:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/23 04:25:09 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/23 04:25:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/05/14 04:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,812,346 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,172,456 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2010/12/08 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\AnvSoft
[2011/08/08 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Avnex
[2011/10/12 18:32:43 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\BOXEE
[2012/01/18 19:43:09 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\FileZilla
[2011/10/21 03:09:18 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\foobar2000
[2011/10/21 03:26:00 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\kingsoft
[2011/10/21 03:23:02 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\KSafe
[2011/06/08 06:23:16 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\OpenArena
[2010/10/22 11:04:29 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Snapfish
[2010/10/27 09:14:56 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\Template
[2011/09/16 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\TP
[2011/02/14 05:51:52 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\wb
[2010/11/13 15:37:51 | 000,000,000 | ---D | M] -- C:\Users\moparmikeyb\AppData\Roaming\WinBatch
[2011/05/29 13:27:12 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011/10/17 02:01:14 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\ErrorEND.job
[2011/09/16 12:32:27 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


MBAM Log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.01

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.6002.18005
moparmikeyb :: MOPARMIKEYB-PC [administrator]

1/23/2012 2:47:15 PM
mbam-log-2012-01-23 (14-47-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189553
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


And Eset log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ebba5dbec2bc934694ea037e18e1ed0a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-24 01:27:00
# local_time=2012-01-23 05:27:00 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 19954156 163970436 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=198599
# found=8
# cleaned=8
# scan_time=5512
C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\moparmikeyb\Downloads\cnet_RegpairSetup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\moparmikeyb\Downloads\cnet_setup_messenger_Decoder_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-5fee3595 Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\23db6535-197fe1be Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01222012_161534\C_WINDOWS\System32\XAPOFX1_3V.dll a variant of Win32/Kryptik.NPR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Thanks!
  • 0

#13
Nedklaw
Posted 26 January 2012 - 02:21 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Please uninstall the following programs via Control Panel > Add/Remove Programs (if present):
  • Java 6 Update 1


Step 2

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :OTL 
O4 - HKLM..\Run: [] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
:Files
C:\Program Files\StartNow Toolbar
ipconfig /flushdns /c

:Commands 
[purity] 
[resethosts] 
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 3

The blue screen error code you get in Normal Mode could be due to a faulty RAM module.
Take the first RAM module out of your computer and then boot up your computer. Can you boot into Normal Mode?
Put the RAM module back in and repeat the process until you can boot into Normal Mode or until you have taken out all of the RAM modules.


Step 4

Can you attach all of the minidump files which are located at C:\WINDOWS\Minidump.


Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • Answer to my question
  • The Minidump files
  • 0

#14
Essexboy
Posted 01 February 2012 - 02:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP