Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need to get rid of trojan trojan.win32.generic!BT [Closed]


  • This topic is locked This topic is locked

#1
electronixplus

electronixplus

    Member

  • Member
  • PipPip
  • 73 posts
Need help getting rid of this trojan

here is the OTL log

OTL logfile created on: 7/16/2012 8:02:26 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Nancy\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 50.73% Memory free
7.75 Gb Paging File | 5.96 Gb Available in Paging File | 76.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 393.96 Gb Free Space | 84.60% Space Free | Partition Type: NTFS

Computer Name: NANCY-PC | User Name: Nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nancy\Downloads\OTL (2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SBAMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe (GFI Software)
SRV - (SBPIMSvc) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe (GFI Software)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sbwtis) -- C:\Windows\SysNative\drivers\sbwtis.sys (GFI Software)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 32 4E 7D 3E 60 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0F98E9A1-C3BE-4556-A0E6-777EE93EBC3C}: "URL" = http://websearch.ask...10-4CA50F81389E
IE - HKCU\..\SearchScopes\{C4F1EF44-9ADF-447A-8E4A-2E8F17908BAC}: "URL" = http://websearch.ask...10-4CA50F81389E
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....&fr=chr-offrhap
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Nancy\AppData\Local\Roblox\Versions\version-6ca07d14e2274822\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nancy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: convergysworkathome.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Diner%20Dash%20-%20Flo%20on%20the%20Go/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Diner%20Dash%20-%20Flo%20on%20the%20Go/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFBB7700-F4FB-4A5A-B50E-155A07A7966A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{460db757-848d-11e1-8b85-00e04dbeebed}\Shell - "" = AutoRun
O33 - MountPoints2\{460db757-848d-11e1-8b85-00e04dbeebed}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\Sunbelt Software\VIPRE\Definitions)
O34 - HKLM BootExecute: (SBBD.exe /d \Device\HarddiskVolume2\Program Files (x86)\GFI Software\VIPRE\Definitions)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/16 07:18:20 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{174A09F2-102C-4EB5-8EA4-3505302E0C2B}
[2012/07/16 07:17:56 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{4FC8E505-D732-4BB5-9050-BE0B989DD5AC}
[2012/07/16 06:57:08 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{CB512588-215F-4196-8425-7422BA98B18D}
[2012/07/15 12:47:47 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{10335BEE-B01E-4E4C-BA2E-F8C931BA1979}
[2012/07/15 12:47:24 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{77786231-2E2B-4DD0-9C00-2441150F32BE}
[2012/07/15 07:12:21 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{9421A07E-205B-43D0-AF34-69649F18DA24}
[2012/07/15 06:58:22 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{1DC5B3D2-E24A-4944-BD4A-A12CC782A1D5}
[2012/07/14 13:07:08 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{77A28689-77FA-4AA0-A0AA-7E352821F869}
[2012/07/14 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{D4150728-3A39-4096-A0B5-A55F001606BD}
[2012/07/13 16:36:01 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{309D43EF-3B70-46DE-9475-C4AAC98A41B4}
[2012/07/13 16:35:37 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{AFC100E0-6429-4E20-8621-60499FDAB2B0}
[2012/07/12 20:24:30 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{006206F2-EDCF-4C28-AF4E-26F2C046806D}
[2012/07/12 20:24:17 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{59835761-9A23-4ADE-8322-113E1AE474D6}
[2012/07/12 09:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GFI Software
[2012/07/12 08:59:43 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Roaming\GFI Software
[2012/07/12 08:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/07/12 08:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012/07/11 20:24:31 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{43BFFFED-F120-426F-B060-C16D74F43D03}
[2012/07/11 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{83C4F96D-E91D-4022-A22C-866DEEF85E35}
[2012/07/11 00:57:56 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{60C69DBD-EC8A-424F-9665-B961EE02489A}
[2012/07/11 00:57:33 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{FC19B759-22A3-49F7-BC22-935B66626248}
[2012/07/10 11:15:58 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{18AC735A-BE21-4904-81DE-E12B00464DAE}
[2012/07/10 11:15:35 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{DEBEA680-26ED-493B-97E3-245CD3C85334}
[2012/07/09 21:44:09 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/09 18:28:38 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{185A65C4-5CC1-4F25-911A-D15D6D9A1C84}
[2012/07/09 18:28:27 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{A173C570-EB09-4523-8450-2E02C0E912D7}
[2012/07/09 00:13:37 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{DB44A759-122C-4298-8198-3E18EEC96629}
[2012/07/09 00:13:14 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{45AFA0E4-1E8E-4F68-B10D-9D6018D5D603}
[2012/07/08 22:25:13 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{E9C84A1F-2D41-45B4-9372-DAB1F31BFEEE}
[2012/07/08 09:27:58 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{5CE9C9A9-294B-4C54-A74D-8F30B2F5B165}
[2012/07/08 09:27:35 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{FBB7DB7A-8A56-4373-92E0-38A7BB8D46AA}
[2012/07/07 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{38AECD2D-3D66-4E3F-BA20-8828A9CBBE37}
[2012/07/07 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{6C8548DA-BD6C-427C-A4F1-960990FC3017}
[2012/07/06 23:17:25 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{22D740A2-14B4-4AD9-9C7B-CEC785BC02A9}
[2012/07/06 23:17:02 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{1EA0DA8D-C3EA-448A-B853-439D0FBA68D2}
[2012/07/06 00:56:37 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{90B8B3FA-C052-47EC-80C6-E45022F827BD}
[2012/07/06 00:56:14 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{3C6D99C6-9C7E-456B-BD84-0E61F71483A0}
[2012/07/05 12:15:25 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{5742C86A-3091-4FBB-96D8-CF0D9E789664}
[2012/07/05 12:15:02 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{CD8A341F-B49A-4206-8E38-2C6E9BFF9DCF}
[2012/07/04 22:16:43 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{8212D8E2-B854-40E5-A240-569DF24A59CD}
[2012/07/04 10:59:25 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{83C50F99-06B4-4EB5-BF1B-14055492A408}
[2012/07/03 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{1CCC4901-A644-4300-BC85-DD1E3649C530}
[2012/07/03 22:10:19 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{04BA290B-FE69-43A8-BA00-F4BDAAC799DE}
[2012/07/03 08:53:00 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{D5ABCE35-68B1-418B-BDAB-6520AD28E7FF}
[2012/07/03 01:23:45 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{E6DD163A-2477-4B20-AEFB-0BF90083D91C}
[2012/07/03 01:23:22 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{A0972E60-F265-4200-9F14-451807D9AED7}
[2012/07/02 11:45:49 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{235C3BD1-959F-4437-ADC2-E60D20E9442F}
[2012/07/02 11:45:26 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{5DAA2251-DE52-4904-A77C-FDFF917F69C7}
[2012/07/01 20:56:42 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{3800DF64-1B7B-41A9-A528-6E3EE33666C3}
[2012/07/01 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{2DEF3A5E-9BB9-4083-88EF-4E92E3A77888}
[2012/07/01 11:13:54 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{AD397F57-CAEE-4256-942A-F9BC3C88AC03}
[2012/06/30 23:38:12 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{A14CC7CC-33D0-413A-90E4-6047DC3B7F13}
[2012/06/30 10:34:14 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{E4A21C2A-6DC3-4625-BBB5-7B0AC06C2651}
[2012/06/30 10:33:52 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{61993E57-C73D-4FF0-A75F-82C166DCE9FA}
[2012/06/30 09:05:46 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{1C4D2D1C-791D-43B3-B709-3E42A0D47938}
[2012/06/29 18:11:51 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{17D440C7-D381-469A-8D09-7FF3EE2DB67A}
[2012/06/29 18:11:39 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{963C031E-0287-4EFF-8387-53559330817B}
[2012/06/28 23:16:16 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{9A6B48EF-5BF0-44D1-A9EB-BD0FB9467BC6}
[2012/06/28 23:15:54 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{7D12F3D9-D15D-4342-82BD-82522B36B4BD}
[2012/06/27 23:23:27 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{BC42FC06-DFC5-4768-B864-CD9E625FCB01}
[2012/06/27 23:23:15 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{38A571F5-EAC0-423C-97D7-296336927FDB}
[2012/06/27 15:14:20 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{126214B1-901C-4365-A810-519822672479}
[2012/06/27 15:14:06 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{EC77CB07-CF22-42A9-9D1E-D0E164243527}
[2012/06/26 17:16:16 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{0FE75409-A335-4AF9-AEAA-7C06117E4AA7}
[2012/06/26 17:15:53 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{BC6372ED-AC67-4B3C-B9EF-A1A49DF4DD9D}
[2012/06/26 01:17:31 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{52A83AEA-8435-438F-B08F-12ABF3DF8014}
[2012/06/26 01:17:08 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{26668CEC-49A7-4EC2-BE9C-985EA6A657DD}
[2012/06/25 19:00:35 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Roaming\Google
[2012/06/25 19:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2012/06/25 10:25:43 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{0CF745CB-98C5-4D8F-9F66-FB8D316F8E37}
[2012/06/25 10:25:20 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{48682B2B-1634-4980-8760-FBE0A2AC6568}
[2012/06/24 21:32:03 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{23A869EE-ED4D-45A9-89E7-776CF8F29840}
[2012/06/24 21:31:40 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{1CA1A5C0-5C40-4A43-9748-FC0812D0E0D9}
[2012/06/24 10:26:24 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{7AD40F45-6837-4CAF-8729-F89EAC6400A5}
[2012/06/24 02:05:40 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{F4A7F684-7FBF-4A27-8D8C-3460B5879960}
[2012/06/23 10:44:58 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{3BFDF473-7F14-4ED0-806D-239264948E28}
[2012/06/22 22:02:21 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{01A93C8C-1500-4F2E-B95F-0E71F3959FCE}
[2012/06/22 22:02:07 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{6F0BF5AB-4539-4A94-B6CF-6A0290328D8F}
[2012/06/22 09:41:01 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{3BEB100D-75B1-4FEC-978E-23B917F5C41B}
[2012/06/22 09:40:38 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{E6F67ACE-B527-412F-8702-CE9040A129F2}
[2012/06/21 21:31:40 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{61043A28-56DA-4053-B79C-6843C1D3EB3A}
[2012/06/21 21:31:17 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{EDCCA1A2-58AB-45DA-9CDC-537B6C2A192F}
[2012/06/21 18:17:40 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{25BA0585-369E-4C61-BAF1-7D53ED16BE47}
[2012/06/21 00:40:52 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{9992504D-0FF2-46C0-946C-28000BE30AFF}
[2012/06/21 00:40:40 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{27E2A900-40BB-47F2-870B-954A56FAA812}
[2012/06/20 12:39:48 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{F1B17FD2-02CF-482D-8A67-A6AEFAB6F902}
[2012/06/20 12:39:36 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{68FB8588-53BE-4C54-9DE5-7F467DCD1F60}
[2012/06/19 22:00:35 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{6492FECE-FA9F-4F3B-BFE7-E5FA54063FA4}
[2012/06/19 22:00:13 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{FB44CB26-CA8A-471E-9A71-FDE1C40F3D53}
[2012/06/19 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/19 20:20:45 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{F0B9F7C7-412A-4DC9-B3C8-63E5D4BF4EDC}
[2012/06/19 20:20:13 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{33830003-3E21-46DD-B9C3-688A8E2F8120}
[2012/06/19 20:19:50 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{90774469-8D95-4CFE-9C7C-F09889A8AFE6}
[2012/06/19 17:41:02 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{6A72E053-8EB6-4D89-AE3E-084984374D3C}
[2012/06/19 17:40:51 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{2347B3ED-7D68-426D-B19D-3320F9810329}
[2012/06/19 17:31:23 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{904718AB-FADA-4FCC-BF0D-76202FC798CF}
[2012/06/19 17:31:00 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{A43AB614-7BFE-46D5-A950-853BF33E6132}
[2012/06/18 00:01:06 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{A304E5BC-6155-41C2-BC7C-5CDB3AF090DA}
[2012/06/17 10:35:20 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{C9A10538-5A90-4FF9-BFB2-1BA7161EE002}
[2012/06/16 23:25:44 | 000,000,000 | ---D | C] -- C:\Users\Nancy\AppData\Local\{27BCC7BD-E603-4E1D-BE6A-1E5FBDCE20D5}

========== Files - Modified Within 30 Days ==========

[2012/07/16 07:20:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/16 06:38:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/16 02:38:34 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/15 23:26:09 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 23:26:09 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/15 23:22:59 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/15 23:22:59 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/15 23:22:59 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/15 23:18:48 | 3119,423,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 22:49:59 | 000,000,334 | ---- | M] () -- C:\Windows\SysWow64\CountScans.XML
[2012/07/14 13:26:52 | 000,000,191 | ---- | M] () -- C:\Users\Nancy\Desktop\addicting games.url
[2012/07/12 09:00:10 | 000,002,015 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2012/07/11 04:51:33 | 000,282,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 11:52:45 | 000,001,823 | ---- | M] () -- C:\Users\Nancy\Documents\mid.rtf
[2012/07/10 00:55:20 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/09 21:24:19 | 000,000,208 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat
[2012/07/04 16:45:42 | 000,000,261 | ---- | M] () -- C:\Users\Nancy\Desktop\YouTube - Syntek XFT Extreme Fuel Treatment Product Intro.url
[2012/06/28 16:44:06 | 000,870,128 | ---- | M] () -- C:\Users\Nancy\AppData\Roaming\mcs.rma
[2012/06/28 16:44:06 | 000,000,004 | ---- | M] () -- C:\Users\Nancy\AppData\Roaming\2A3685
[2012/06/27 20:41:52 | 000,000,965 | ---- | M] () -- C:\Users\Nancy\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2012/06/27 20:41:52 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Rhapsody.lnk
[2012/06/26 22:32:41 | 000,017,912 | ---- | M] () -- C:\Users\Nancy\Documents\menu ideas.rtf
[2012/06/25 19:00:16 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk

========== Files Created - No Company Name ==========

[2012/07/15 05:33:19 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{3e4b0e3e-8174-2764-d62c-790fc7137601}\U\00000008.@
[2012/07/14 22:49:59 | 000,000,334 | ---- | C] () -- C:\Windows\SysWow64\CountScans.XML
[2012/07/12 09:00:10 | 000,002,015 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2012/07/10 11:52:45 | 000,001,823 | ---- | C] () -- C:\Users\Nancy\Documents\mid.rtf
[2012/07/10 00:55:20 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/09 21:24:26 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{3e4b0e3e-8174-2764-d62c-790fc7137601}\U\80000064.@
[2012/07/09 21:24:26 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{3e4b0e3e-8174-2764-d62c-790fc7137601}\L\00000004.@
[2012/07/09 21:24:25 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{3e4b0e3e-8174-2764-d62c-790fc7137601}\U\80000032.@
[2012/07/09 21:24:24 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{3e4b0e3e-8174-2764-d62c-790fc7137601}\U\80000000.@
[2012/07/09 21:24:24 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{3e4b0e3e-8174-2764-d62c-790fc7137601}\U\00000004.@
[2012/07/09 21:24:24 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{3e4b0e3e-8174-2764-d62c-790fc7137601}\U\000000cb.@
[2012/06/25 19:00:16 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2012/01/11 10:25:10 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3e4b0e3e-8174-2764-d62c-790fc7137601}\@
[2012/01/11 10:25:10 | 000,002,048 | -HS- | C] () -- C:\Users\Nancy\AppData\Local\{3e4b0e3e-8174-2764-d62c-790fc7137601}\@
[2011/01/15 10:29:51 | 000,870,128 | ---- | C] () -- C:\Users\Nancy\AppData\Roaming\mcs.rma
[2011/01/15 10:29:51 | 000,000,004 | ---- | C] () -- C:\Users\Nancy\AppData\Roaming\2A3685
[2009/11/14 16:19:12 | 000,000,036 | ---- | C] () -- C:\Users\Nancy\AppData\Local\housecall.guid.cache
[2009/11/08 21:59:10 | 000,007,602 | ---- | C] () -- C:\Users\Nancy\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2012/05/03 12:57:38 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\.minecraft
[2010/04/05 09:11:38 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Aladdin Systems
[2011/08/26 00:28:28 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Alawar
[2010/12/26 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Amazon
[2009/12/28 00:10:46 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Boomzap
[2012/01/03 22:50:36 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Downloaded Installations
[2011/05/09 12:31:29 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\DVDVideoSoft
[2011/02/13 08:47:15 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Gamelab
[2012/07/12 08:59:43 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\GFI Software
[2011/08/26 01:12:58 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Meridian93
[2010/03/28 21:41:12 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\PlayFirst
[2009/11/22 01:46:53 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\SpinTop
[2011/04/12 19:41:41 | 000,000,000 | ---D | M] -- C:\Users\Nancy\AppData\Roaming\Windows Live Writer
[2012/02/11 01:25:31 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 989 bytes -> C:\Users\Nancy\Documents\dessert.eml:OECustomProperty
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:AF2F4B57
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:0AFF594D
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:B0FAC520
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:3D0C4F47
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:49E51749
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E81E58FA
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:79EB58D0
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7169BE62
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A2A20EF9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:60F6915A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:50E7393E
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:91486201
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1D657D4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:9BF08751
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E7B2BEDB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7D371AB2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:E4712EE9

< End of report >

Thank you
  • 0

Advertisements


#2
electronixplus

electronixplus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Someone please help!! Still waiting for a reply.
Thank you.
  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, electronixplus! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.



Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes\{0F98E9A1-C3BE-4556-A0E6-777EE93EBC3C}: "URL" = http://websearch.ask...10-4CA50F81389E
    IE - HKCU\..\SearchScopes\{C4F1EF44-9ADF-447A-8E4A-2E8F17908BAC}: "URL" = http://websearch.ask...10-4CA50F81389E
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
    [2012/06/28 16:44:06 | 000,000,004 | ---- | M] () -- C:\Users\Nancy\AppData\Roaming\2A3685
    @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:AF2F4B57
    @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:0AFF594D
    @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:B0FAC520
    @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:3D0C4F47
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:49E51749
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E81E58FA
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:79EB58D0
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7169BE62
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A2A20EF9
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:60F6915A
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:50E7393E
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:91486201
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1D657D4
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:9BF08751
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E7B2BEDB
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:7D371AB2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CF5C4195
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:E4712EE9
    
    
    :files
    ipconfig /flushdns /c
    C:\Windows\Installer\{3e4b0e3e-8174-2764-d62c-790fc7137601}
    C:\Users\Nancy\AppData\Local\{3e4b0e3e-8174-2764-d62c-790fc7137601}
    
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to something problems. Simply reboot the computer.


Step 3.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 4.

Please post:

OTL fix log
ComboFix.txt
TDSSKiller log


Give me an update on your computer.
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP