Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Applications won't start [Solved]

Started by memmons9 , May 02 2012 05:19 AM

This topic is locked

#31
memmons9

Posted 10 May 2012 - 04:23 PM

Member

Topic Starter
Member
94 posts

Here are some of the reports you requested. The virscan results could not be obtained because there is no file named KmxAgent.asc in C:\Windows\Syswow64\drivers (nor anywhere else).

I deleted the aswBMR application I already had on the desktop because I knew it would automatically download the latest AVAST! virus definitions because it has done so the last several times I have run it. So, I downloaded aswBMR fresh. I ran it and it did not ask if I wanted to download the latest AVAST! virus definitions. It just did it by itself and the scan stopped at the same point as the previous two times.

The other report/logs are below:

All processes killed
========== OTL ==========
No active process named roiebe.exe was found!
Registry value HKEY_USERS\S-1-5-21-2928314340-2203961652-2503396949-1000\Software\Microsoft\Windows\CurrentVersion\Run\\roiebe deleted successfully.
C:\Users\User\roiebe.exe moved successfully.
C:\Users\User\toopul.com moved successfully.
File C:\Users\User\roiebe.exe not found.
C:\Users\User\zwvh.exe moved successfully.
C:\Users\User\1wvh.exe moved successfully.
C:\Users\User\nqu.com moved successfully.
File C:\Users\User\toopul.com not found.
File C:\Users\User\roiebe.exe not found.
File C:\Users\User\zwvh.exe not found.
File C:\Users\User\1wvh.exe not found.
File C:\Users\User\nqu.com not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4026541 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Vista_Laptop

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65536 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 27038328 bytes

Total Files Cleaned = 30.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.3 log created on 05102012_173939

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VH8OIH1A\page__pid__2155330__st__15[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VEL1E7ML\fastbutton[1].htm moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\hsperfdata_DESKTOP-PC$\1556 not found!

Registry entries deleted on Reboot...

OTL logfile created on: 5/10/2012 5:47:41 PM - Run 6
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\User\Desktop\Malware Fix 5-9-12
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 80.34% Memory free
15.98 Gb Paging File | 14.31 Gb Available in Paging File | 89.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.03 Gb Total Space | 818.93 Gb Free Space | 89.11% Space Free | Partition Type: NTFS
Drive D: | 12.39 Gb Total Space | 2.23 Gb Free Space | 18.03% Space Free | Partition Type: NTFS
Drive G: | 74.53 Gb Total Space | 43.50 Gb Free Space | 58.37% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/07 17:29:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\Malware Fix 5-9-12\OTL.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/03 15:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/03/16 03:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 03:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 03:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 03:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/09/30 21:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2008/08/20 11:54:08 | 000,150,016 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
PRC - [2006/12/20 01:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWOW64\SAgent4.exe
PRC - [2005/07/25 17:04:18 | 000,303,104 | ---- | M] (Digital Networks North America, Inc.) -- C:\Windows\SysWOW64\RioMSC.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/06/03 15:43:14 | 001,703,936 | ---- | M] () -- C:\Users\User\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2009/06/03 15:34:18 | 003,764,224 | ---- | M] () -- C:\Users\User\AppData\Roaming\PictureMover\Bin\Core.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/22 19:30:56 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/08 01:51:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/30 21:27:16 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/27 08:32:47 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/04 14:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/30 21:27:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/16 03:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2008/09/30 21:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/12/20 01:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\SysWOW64\SAgent4.exe -- (StatusAgent4)
SRV - [2005/07/25 17:04:18 | 000,303,104 | ---- | M] (Digital Networks North America, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\RioMSC.exe -- (RioMSC)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/08 02:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/09/08 02:26:04 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/08 01:15:06 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/21 00:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/09 07:54:42 | 000,337,744 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2010/03/22 14:58:42 | 000,108,024 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2010/01/28 10:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/31 07:10:58 | 000,237,936 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/14 12:46:46 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/07/14 12:46:06 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 20:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/13 10:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/07 15:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 15:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 19:12:38 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/05 06:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2012/03/05 13:11:56 | 000,035,363 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\windrvNT.sys -- (windrvNT)
DRV - [2009/10/20 14:50:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/27 09:45:15] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/05/13 18:48:54 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\User\Desktop\P2P\PeerGuardian2 x64\pgfilter.sys -- (pgfilter)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}
IE:64bit: - HKLM\..\SearchScopes\{D24BC710-27B9-46C9-A788-5DA92D416EC3}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}
IE - HKLM\..\SearchScopes\{D24BC710-27B9-46C9-A788-5DA92D416EC3}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\SearchScopes,DefaultScope = {DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\SearchScopes\{D24BC710-27B9-46C9-A788-5DA92D416EC3}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\SearchScopes\{DFDA4F3A-2BCB-4FC2-A670-34C4FF26F13D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.roadrunner.com/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.176.0
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\User\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009/12/30 08:51:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\ [2011/07/21 08:31:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/12 16:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/29 14:55:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/12 16:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/29 14:55:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\User\AppData\Roaming\Move Networks [2010/12/13 10:19:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1E76F08F-9884-11E1-826E-B8AC6F996F26}: C:\Users\User\AppData\Local\{1E76F08F-9884-11E1-826E-B8AC6F996F26}\ [2012/05/07 16:36:12 | 000,000,000 | ---D | M]

[2010/01/10 13:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012/05/03 07:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vzz9p6ea.default\extensions
[2010/04/04 12:46:02 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vzz9p6ea.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2010/03/27 09:59:15 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\vzz9p6ea.default\extensions\[email protected]
[2012/01/03 10:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/31 22:19:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 14:47:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 08:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/01/03 10:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2012/05/07 16:36:12 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\USER\APPDATA\LOCAL\{1E76F08F-9884-11E1-826E-B8AC6F996F26}
[2012/01/03 10:50:03 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/05/10 17:39:43 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120427023918.dll (McAfee, Inc.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120509180954.dll (McAfee, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files (x86)\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [cdloader] C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [EPSON Artisan 810 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_S795.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [EPSON Artisan 810 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SD20E.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000..\Run: [EPSON77F26B] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRA.EXE /FU "C:\Windows\TEMP\E_SDBFE.tmp" /EF "HKCU" File not found
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B282681D-70A6-4A1B-86F9-4EF9EBCE7673}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (UmxSbxExA64.dll) - C:\Windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\Windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{aaa668e5-3925-11e0-97e2-0026554841c7}\Shell - "" = AutoRun
O33 - MountPoints2\{aaa668e5-3925-11e0-97e2-0026554841c7}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\L\Shell\phone\command - "" = L:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2928314340-2203961652-2503396949-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/10 17:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/05/09 16:23:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/09 16:15:15 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Malware Fix 5-9-12
[2012/05/07 16:43:43 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Malware Apps
[2012/05/07 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1E76F08F-9884-11E1-826E-B8AC6F996F26}
[2012/05/07 16:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85B32000083BB005E29D8B4EB2331
[2012/05/07 16:28:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Groove
[2012/05/05 10:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/05 09:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/05 09:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/23 11:30:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{68D9077B-4DED-444D-A233-39D686427D49}
[2012/04/23 11:29:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{024CABDE-724E-446D-9C28-A437CF23C214}

========== Files - Modified Within 30 Days ==========

[2012/05/10 17:52:42 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/10 17:52:42 | 000,020,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/10 17:50:26 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2012/05/10 17:44:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/10 17:44:11 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/10 17:43:21 | 000,313,332 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2012/05/10 17:43:21 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2012/05/10 17:43:21 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2012/05/10 17:43:21 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2012/05/10 17:43:21 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2012/05/10 17:43:21 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2012/05/10 17:43:21 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2012/05/10 17:43:21 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2012/05/10 17:43:21 | 000,000,085 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2012/05/10 17:43:21 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2012/05/10 17:43:21 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2012/05/10 17:43:21 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2012/05/10 17:43:21 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2012/05/10 17:43:21 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2012/05/10 17:43:21 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2012/05/10 17:43:21 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2012/05/10 17:43:21 | 000,000,049 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2012/05/10 17:39:43 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/05/10 17:37:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/10 17:37:05 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/05/07 16:30:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2012/05/05 16:55:49 | 010,893,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/05 16:55:49 | 000,701,608 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/05/05 16:55:49 | 000,699,346 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/05/05 16:55:49 | 000,697,880 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2012/05/05 16:55:49 | 000,697,262 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/05/05 16:55:49 | 000,687,496 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2012/05/05 16:55:49 | 000,684,112 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012/05/05 16:55:49 | 000,671,958 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2012/05/05 16:55:49 | 000,640,334 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012/05/05 16:55:49 | 000,631,298 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012/05/05 16:55:49 | 000,625,722 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012/05/05 16:55:49 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/05 16:55:49 | 000,559,924 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2012/05/05 16:55:49 | 000,470,326 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012/05/05 16:55:49 | 000,456,740 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2012/05/05 16:55:49 | 000,407,890 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2012/05/05 16:55:49 | 000,148,460 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012/05/05 16:55:49 | 000,137,212 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/05/05 16:55:49 | 000,134,990 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2012/05/05 16:55:49 | 000,133,902 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2012/05/05 16:55:49 | 000,133,090 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/05/05 16:55:49 | 000,132,666 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012/05/05 16:55:49 | 000,128,244 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2012/05/05 16:55:49 | 000,127,294 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/05/05 16:55:49 | 000,123,890 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012/05/05 16:55:49 | 000,121,938 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012/05/05 16:55:49 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/05 16:55:49 | 000,104,826 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2012/05/05 16:55:49 | 000,089,586 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2012/05/05 16:55:49 | 000,079,954 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012/05/05 16:55:49 | 000,077,246 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2012/05/05 10:34:49 | 000,000,102 | ---- | M] () -- C:\Users\User\jobq.dat
[2012/05/05 10:24:59 | 000,000,994 | ---- | M] () -- C:\Users\User\Desktop\magicJack.lnk
[2012/05/05 10:00:06 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/30 16:03:12 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/04/27 08:33:47 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/23 11:44:07 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/04/17 13:20:26 | 000,009,648 | ---- | M] () -- C:\Users\User\t26489o4c9s.jpg

========== Files Created - No Company Name ==========

[2012/05/05 10:00:06 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/27 08:32:48 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 14:29:08 | 000,009,648 | ---- | C] () -- C:\Users\User\t26489o4c9s.jpg
[2012/01/07 21:37:27 | 000,001,854 | ---- | C] () -- C:\Users\User\AppData\Roaming\GhostObjGAFix.xml
[2011/07/21 12:50:14 | 002,347,760 | ---- | C] () -- C:\Windows\SysWow64\mdmcls32.exe
[2011/07/21 12:50:14 | 001,377,008 | ---- | C] () -- C:\Windows\SysWow64\svcprs32.exe
[2011/07/04 08:51:07 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2011/04/03 14:48:42 | 000,000,007 | ---- | C] () -- C:\Windows\SysWow64\mkghj.dll
[2011/03/25 19:19:39 | 000,000,082 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2010/10/24 10:47:40 | 002,318,416 | ---- | C] () -- C:\Users\User\AppData\Local\tmpDSCF1562.0
[2010/10/24 10:47:40 | 001,112,770 | ---- | C] () -- C:\Users\User\AppData\Local\tmpDSCF1562.JPG
[2010/09/16 10:09:52 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/04/02 19:36:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.oit
[2011/05/06 09:06:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2011/04/01 15:05:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Auslogics
[2011/11/23 15:21:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Awem
[2011/12/20 11:12:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent
[2011/01/12 04:19:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CallingID
[2009/12/30 21:47:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.ExMan
[2009/12/30 22:06:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/29 13:57:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Epson
[2012/01/03 14:38:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FixCleaner
[2010/01/09 14:46:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\jp.co.planex.NetworkManager.0B79F3AA8BA7B28571920BBC33ADF06D54740292.1
[2011/02/19 18:16:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\magicJackOutlookAddIn
[2012/05/05 10:25:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mjusbsp
[2010/10/10 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound
[2010/09/16 14:15:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2009/12/28 15:09:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PictureMover
[2010/04/04 12:53:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Recordpad
[2011/07/26 09:17:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SupportSoft
[2009/12/30 22:18:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WildTangent
[2010/01/08 15:53:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinBatch
[2012/05/10 17:37:05 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\FixCleaner Scan.job
[2012/04/30 16:03:12 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/07/05 12:31:08 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Scan -- Date: 05/10/2012 17:58:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2928314340-2203961652-2503396949-1000[...]\Run : cdloader ("C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] {153A4067-B050-4B39-889F-A4AF4F10A5B8}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> FOUND
[SUSP PATH] {9640AAD2-1B4C-4034-9D82-2B76E6A7EE29}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65L5B1 SCSI Disk Device +++++
--- User ---
[MBR] 303ed71eee0d7ae975f7e74e8e271a2e
[BSP] 7fb410dcbb6e17d018eb4184d34e3319 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941083 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1927544832 | Size: 12684 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Hitachi HTS541680J9SA00 USB Device +++++
--- User ---
[MBR] 34158c333ff781c6dc17b6ea0232ae1a
[BSP] 3ed1be630cf041f7a6313e401b9d17f2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Also, I am assuming you don't want me to delete the items found in RogueKiller. The application asks if I want to shut down without deleting anything. I answer yes.

Edited by memmons9, 10 May 2012 - 04:25 PM.

#32
Crag_Hack

Posted 11 May 2012 - 01:36 PM

Trusted Helper

Malware Removal
1,839 posts

Hello memmons9. I finished analyzing all your logs. Your OTL fix worked, your new OTL log is completely clean, we have a couple fixes to do with Roguekiller, and we will try running aswMBR with the scan disabled. Please do the following:

Step 1

Download RogueKiller to the desktop
Quit all programs
Start RogueKiller.exe
Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the contents of the notepad window into your next post
In the Registry tab, uncheck the following lines with the content:
[SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2928314340-2203961652-2503396949-1000[...]\Run : cdloader ("C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] {153A4067-B050-4B39-889F-A4AF4F10A5B8}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> FOUND
[SUSP PATH] {9640AAD2-1B4C-4034-9D82-2B76E6A7EE29}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> FOUND
Click on Delete. Click on Report and copy/paste the contents of the notepad window into your next post

Step 2

Download aswMBR.exe ( 1870KB ) to your desktop.
Double click the aswMBR.exe to run it
It will ask you if you want to download the latest Avast! virus definitions, answer no
Select the (none) option in the AV scan drop-down box
Click the Scan button to start scan
On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
Roguekiller logs (RKreport[#].txt)
aswMBR log

#33
memmons9

Posted 11 May 2012 - 02:39 PM

Member

Topic Starter
Member
94 posts

Here are the reports/logs you requested:
-------------------------------------------------------------------------------
RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Scan -- Date: 05/11/2012 16:21:06

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2928314340-2203961652-2503396949-1000[...]\Run : cdloader ("C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[SUSP PATH] {153A4067-B050-4B39-889F-A4AF4F10A5B8}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> FOUND
[SUSP PATH] {9640AAD2-1B4C-4034-9D82-2B76E6A7EE29}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65L5B1 SCSI Disk Device +++++
--- User ---
[MBR] 303ed71eee0d7ae975f7e74e8e271a2e
[BSP] 7fb410dcbb6e17d018eb4184d34e3319 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941083 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1927544832 | Size: 12684 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Hitachi HTS541680J9SA00 USB Device +++++
--- User ---
[MBR] 34158c333ff781c6dc17b6ea0232ae1a
[BSP] 3ed1be630cf041f7a6313e401b9d17f2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

-----------------------------------------------------------------------------------------

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Remove -- Date: 05/11/2012 16:31:42

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> NOT SELECTED
[SUSP PATH] HKUS\S-1-5-21-2928314340-2203961652-2503396949-1000[...]\Run : cdloader ("C:\Users\User\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> NOT SELECTED
[SUSP PATH] {153A4067-B050-4B39-889F-A4AF4F10A5B8}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> NOT SELECTED
[SUSP PATH] {9640AAD2-1B4C-4034-9D82-2B76E6A7EE29}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65L5B1 SCSI Disk Device +++++
--- User ---
[MBR] 303ed71eee0d7ae975f7e74e8e271a2e
[BSP] 7fb410dcbb6e17d018eb4184d34e3319 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941083 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1927544832 | Size: 12684 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: Hitachi HTS541680J9SA00 USB Device +++++
--- User ---
[MBR] 34158c333ff781c6dc17b6ea0232ae1a
[BSP] 3ed1be630cf041f7a6313e401b9d17f2 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

-------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 16:33:15
-----------------------------
16:33:15.806 OS Version: Windows x64 6.1.7601 Service Pack 1
16:33:15.806 Number of processors: 4 586 0x402
16:33:15.806 ComputerName: DESKTOP-PC UserName: User
16:33:17.740 Initialize success
16:33:33.679 AVAST engine defs: 12050901
16:34:19.746 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
16:34:19.746 Disk 0 Vendor: WDC_____ 01.0 Size: 953869MB BusType: 8
16:34:19.762 Disk 0 MBR read successfully
16:34:19.762 Disk 0 MBR scan
16:34:19.762 Disk 0 unknown MBR code
16:34:19.777 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:34:19.777 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941083 MB offset 206848
16:34:19.824 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12684 MB offset 1927544832
16:34:19.886 Disk 0 scanning C:\Windows\system32\drivers
16:34:45.283 Service scanning
16:35:07.201 Modules scanning
16:35:07.217 Disk 0 trace - called modules:
16:35:07.233 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
16:35:07.248 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dc6060]
16:35:07.264 3 CLASSPNP.SYS[fffff880019ab43f] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa800753d9c0]
16:35:07.264 Scan finished successfully
16:35:29.244 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
16:35:29.244 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR 05112012.txt"

I just noticed when I was cleaning up my desktop that I have a new Icon titled "MBR.dat". I see references to "MBR" in the RogueKiller logs (ERROR READING LL2: MBR!) and in aswMBR log (Disk 0 Unknown MBR code). Is this a problem? Can I delete the MBR.dat file?

Edited by memmons9, 11 May 2012 - 02:52 PM.

#34
Crag_Hack

Posted 12 May 2012 - 12:28 PM

Trusted Helper

Malware Removal
1,839 posts

Hi memmons9. Everything looks good now. You can delete MBR.dat if you wish. Time to run a final antivirus and antispyware scan to clean up any remainders of the infection. Please do the following:

Step 1

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

Posted Image

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
Scroll to the middle of the page where it says Java SE 7u4. Click the download button below where it says JRE
Click to accept the license agreement
Click the download link to the right of where it says Windows x86 Offline
Once downloaded install

Step 3

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the options Scan unwanted applications and Enable Anti-Stealth technology (both under Advanced settings) are checked
Click Start (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Things to see in your next post:
MBAM log
ESET log

#35
memmons9

Posted 12 May 2012 - 03:20 PM

Member

Topic Starter
Member
94 posts

I have attached the MBAM Log here. The eset scan ran ok but there was no log.txt file anywhere on the computer. There was no pathway C:\Program Files\EsetOnlineScanner. There was an Esetonlinescanner folder under Program Files x86 but the only file in it was eset uninstaller. I am running eSet again and will forward the log file if there is one. If there isn't one I will send a message indicating that.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: DESKTOP-PC [administrator]

5/12/2012 2:37:58 PM
mbam-log-2012-05-12 (14-37-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233237
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\User\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\~!#9B55.tmp (Trojan.Medfos) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\~!#9E62.tmp (Spyware.Zeus) -> Quarantined and deleted successfully.

(end)

#36
memmons9

Posted 12 May 2012 - 06:57 PM

Member

Topic Starter
Member
94 posts

Here is the eSet Log file. I had to view the details and click on save to .txt to get the log file.

C:\Users\User\AppData\Local\Temp\jar_cache3938186078740637055.tmp Java/Agent.EO trojan cleaned by deleting - quarantined
C:\Users\User\AppData\Local\Temp\Phx2898.exe a variant of Win32/Obfuscated.NEU trojan cleaned by deleting - quarantined
C:\Users\User\AppData\Local\Temp\~!#8D8C.tmp probably a variant of Win32/TrojanDownloader.VB.PTA trojan cleaned by deleting - quarantined
C:\Users\User\AppData\Local\Temp\~!#A3DF.tmp a variant of Win32/Injector.RBE trojan cleaned by deleting - quarantined
C:\Users\User\Desktop\Malware Fix 5-9-12\05092012_162338\C_Users\User\start1.exe Win32/Pronny.AP worm cleaned by deleting - quarantined
C:\Users\User\Desktop\Malware Fix 5-9-12\RK_Quarantine\roiebe.exe.vir Win32/Pronny.AP worm cleaned by deleting - quarantined

An odd thing though. The first time I ran eSet it discovered one file and quarantined it. This time it found six files.

#37
memmons9

Posted 13 May 2012 - 09:11 AM

Member

Topic Starter
Member
94 posts

I ran eSet again this morning and here is the log file:

C:\_OTL\MovedFiles\05092012_162338\C_Users\User\start1.exe Win32/Pronny.AP worm cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05102012_173939\C_Users\User\nqu.com probably a variant of Win32/TrojanDownloader.VB.PSE trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05102012_173939\C_Users\User\roiebe.exe Win32/Pronny.AP worm cleaned by deleting - quarantined
C:\_OTL\MovedFiles\05102012_173939\C_Users\User\toopul.com probably a variant of Win32/TrojanDownloader.VB.PSE trojan cleaned by deleting - quarantined

#38
Crag_Hack

Posted 13 May 2012 - 01:01 PM

Trusted Helper

Malware Removal
1,839 posts

Hi memmons9. Everything looks pretty good. Please use your computer for a couple hours at least and see if any symptoms remain then report back to me.

#39
memmons9

Posted 14 May 2012 - 06:02 AM

Member

Topic Starter
Member
94 posts

I have been using both the laptop and desktop computers without obvious problems. Thank you so much for your help. Do you have any recomendations for a software that will protect me from rogue software? McAfee obviously can't deal with it. I was thinking of buying Malwarebytes for constant protection along with McAfee.

#40
Crag_Hack

Posted 14 May 2012 - 01:03 PM

Trusted Helper

Malware Removal
1,839 posts

Now that we're done scanning for and disinfecting malware it's time to clean up. Please use your computer a couple hours at least and make sure there are no remaining symptoms. If there are no symptoms proceed with the following instructions. The paid version of Malwarebytes will definitely add protection for your computers. Let me know if you have any questions. One final step to take in disinfecting your computer is to purge all system restore points. This ensures that you will not get reinfected by files hiding in the system restore points. To do this follow these instructions:

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
```
:Commands
[ClearAllRestorePoints]
```
Then click the Run Fix button at the top
OTL may ask to reboot the machine. Please do so if asked.
Post the log it produces in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. Make sure to grab the contents of this file before following the cleanup procedure described next.

You can now remove all the tools that were used to disinfect your computer by running OTL and clicking the CleanUp button.

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus . Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):

Run SpywareBlaster
Click Updates on the left of the screen
Click the 'Check for Updates' button and let the program update
Click 'Protection Status' on the left of the screen
Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
Exit the program

Another program to add additional protection is Spybot Search and Destroy. It works similar to SpywareBlaster by providing passive protection. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):

Run Spybot S&D
Click "Search for Updates"
Click "Continue"
Click "Download" - ignore if it says "please select some update files from the list first"
Click "OK" in update window if it prompts you
Click "Exit" in update window when update finishes or if Spybot said "please select some update files from the list first"
Go back to Spybot main window
Close Internet Explorer/Firefox/Chrome if they are open
Click "Immunize"
Wait for the progress meter to complete
Click the "Immunize" button with the plus sign next to it towards the top of the window
Wait for the progress meter to complete
Close the program

And one last program to add additional protection is Panda USB vaccine. This program disables the autorun rile on removable devices. You can vaccinate both a computer and a removable device. To download and run refer to here.

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly including Windows Updates. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. Updates close these holes. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated.

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:

By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh

#41
memmons9

Posted 15 May 2012 - 05:26 AM

Member

Topic Starter
Member
94 posts

Thanks for the support and the advice. Here is the last OTL log for the laptop. I will do the desktop later today.

========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.2 log created on 05152012_071419

#42
memmons9

Posted 15 May 2012 - 05:43 AM

Member

Topic Starter
Member
94 posts

Here is the last OTL Run/Fix log for the desktop. Thanks again Josh.

========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.3 log created on 05152012_073658

#43
Crag_Hack

Posted 15 May 2012 - 12:44 PM

Trusted Helper

Malware Removal
1,839 posts

One thing that kinda slipped my watch was that Roguekiller showed a folder FTW with FTW.exe inside on your desktop computer's desktop:
[SUSP PATH] {153A4067-B050-4B39-889F-A4AF4F10A5B8}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> FOUND
[SUSP PATH] {9640AAD2-1B4C-4034-9D82-2B76E6A7EE29}.job @ : C:\Users\User\Desktop\FTW\FTW.EXE -> FOUND
I assumed it was Family Tree Maker. I just want to make sure before we wrap things up. Are you aware of this folder on your desktop? Is it something you put there?

#44
memmons9

Posted 15 May 2012 - 07:49 PM

Member

Topic Starter
Member
94 posts

I see them. I believe they are left over files/folders from an earlier version of Family Tree Maker. I deleted the folder with two files (FTWSYSUN and uninstal) and another file memmons1.FTW.