When I log in, the desktop in black and all icons are gone, with the exception of the recycle bin and Firefox. A window called "File Recovery" pops up and automatically begins some sort of scan, but it is obviously fake. It wants me to purchase their service. In the task bar the "File Recovery" icon is there but also a "System Error" icon that constantly has a notification bubble pop-up with a variety of error messages. Also I am bombarded with twenty or so error pop-ups titled "System message- Write Fault Error".
It also starts Norton uninstall at start-up but stops at "select uninstall preference". The start menu is also empty.
I was unable to run task manager, however, I was able to run Malwarebytes. It did not solve the problem but it found a few things, so I have attach its log. I'm currently running Ad-Aware but I don't expect much.
So here I am.
I appreciate any of your help and look forward to working with you.
OTL log:
OTL logfile created on: 8/14/2012 12:56:52 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = E:\Virus Removal
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 58.43% Memory free
5.50 Gb Paging File | 4.19 Gb Available in Paging File | 76.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 352.29 Gb Free Space | 78.00% Space Free | Partition Type: NTFS
Drive D: | 645.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 7.51 Gb Total Space | 1.67 Gb Free Space | 22.17% Space Free | Partition Type: NTFS
Computer Name: KRISTY-PC | User Name: Kristy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/14 12:53:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- E:\Virus Removal\OTL.exe
PRC - [2012/08/13 06:20:07 | 000,254,976 | -H-- | M] (LSC) -- C:\ProgramData\jNNfHyTTSZbtu9.exe
PRC - [2012/08/13 06:08:05 | 000,336,896 | -H-- | M] (Club 3D) -- C:\Users\Kristy\AppData\Local\{2A61EAA4-46F3-113D-EB45-4F26CB00A9B4}\syshost.exe
PRC - [2012/08/13 06:08:02 | 000,348,160 | -H-- | M] (LSC) -- C:\ProgramData\NyUPXRcvIOUP.exe
PRC - [2012/08/02 04:34:40 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/20 15:38:33 | 000,932,528 | -H-- | M] () -- C:\Users\Kristy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2011/12/23 07:12:10 | 002,152,688 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/12/23 07:12:10 | 001,895,168 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
PRC - [2011/12/23 07:12:10 | 001,191,728 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/12/23 07:12:10 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/10/10 17:38:58 | 000,987,040 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.8.3.6\InstStub.exe
PRC - [2011/09/21 17:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/01/14 19:27:46 | 130,359,064 | ---- | M] (Lavasoft ) -- E:\Virus Removal\Ad-Aware90Install.exe
PRC - [2010/12/03 02:06:07 | 002,985,360 | -H-- | M] (Lavasoft ) -- C:\Users\Kristy\AppData\Local\Temp\mia2220.tmp\Ad-Aware90Install.exe
PRC - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | -H-- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | -H-- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
========== Modules (No Company Name) ==========
MOD - [2012/08/02 04:34:40 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/20 15:38:33 | 000,932,528 | -H-- | M] () -- C:\Users\Kristy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/12/23 07:12:10 | 000,794,640 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\PrivacyClean.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/03 02:06:04 | 000,578,315 | -H-- | M] () -- C:\Users\Kristy\AppData\Local\Temp\mia2220.tmp\mia.lib
MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009/07/03 18:47:12 | 000,240,160 | ---- | M] (Acer) [Disabled | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/08/02 19:27:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 04:34:40 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/23 07:12:10 | 002,152,688 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/21 17:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Disabled | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 10:38:06 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/23 07:12:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/10/10 17:38:52 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 17:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/09 16:14:04 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/20 14:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/10/29 05:47:47 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/10/29 05:47:47 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/10/29 05:47:47 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/10/29 05:47:47 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/07/07 12:23:56 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2008/06/02 16:28:52 | 000,247,808 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2008/05/09 11:08:40 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2008/05/09 11:08:40 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2008/05/09 11:08:40 | 000,213,120 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2010/07/09 02:21:54 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/07/09 02:21:54 | 000,132,656 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...55v1k5r44k1s462
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...55v1k5r44k1s462
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...55v1k5r44k1s462
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{51976c6e-f6a9-48b4-a1e9-b675e0996a80}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.youcansea...utputEncoding?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2795637
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0004487fc4b7741
IE - HKCU\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.startnow....ion=6.1-x64-SP1
IE - HKCU\..\SearchScopes\{51976c6e-f6a9-48b4-a1e9-b675e0996a80}: "URL" = http://www.google.co...EW_enUS387US388
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...EW_enUS387US388
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9AFF64E2-5324-4AE6-92F8-59131DA50A39}: "URL" = http://search.yahoo....0836,6900,0,6,0
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2795637
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.babylo...487fc4b7741&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/13 03:28:41 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/02 04:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/02 04:34:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/12/07 17:23:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kristy\AppData\Roaming\Mozilla\Extensions
[2011/12/07 17:23:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kristy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/08/07 04:45:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kristy\AppData\Roaming\Mozilla\Firefox\Profiles\c82ojet0.default\extensions
[2012/05/17 05:50:52 | 000,000,000 | -H-D | M] (WOT) -- C:\Users\Kristy\AppData\Roaming\Mozilla\Firefox\Profiles\c82ojet0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/04/27 14:20:23 | 000,000,000 | -H-D | M] (Bcool) -- C:\Users\Kristy\AppData\Roaming\Mozilla\Firefox\Profiles\c82ojet0.default\extensions\[email protected]
[2012/02/21 17:06:35 | 000,000,000 | -H-D | M] (TheBflix) -- C:\Users\Kristy\AppData\Roaming\Mozilla\Firefox\Profiles\c82ojet0.default\extensions\[email protected]
[2012/05/02 14:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[1832/11/28 21:37:17 | 000,004,819 | -H-- | M] () (No name found) -- C:\USERS\KRISTY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C82OJET0.DEFAULT\EXTENSIONS\[email protected]
[2012/08/02 04:34:40 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/27 14:20:15 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/02 04:34:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/02 04:34:38 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3fdba1ba-ae28-4045-9048-4ed2f3865629} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6D8D66F3-14FC-4736-A096-FAC0EA66289C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [Broderbund Software] C:\Users\Kristy\AppData\Local\Electronic Arts\Broderbund Software\mibhoh.dll (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: moove.com ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B8EBF97-3EA8-4CE7-B1C8-3679511DBC4C}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/06/19 08:22:14 | 000,000,031 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001/06/19 08:04:38 | 000,040,960 | R--- | M] () - D:\Autodisable.exe -- [ CDFS ]
O33 - MountPoints2\{71f0bfab-8b94-11df-8e24-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{71f0bfab-8b94-11df-8e24-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autodisable.exe -- [2001/06/19 08:04:38 | 000,040,960 | R--- | M] ()
O33 - MountPoints2\{e409ec69-8bb1-11df-858c-4487fc4b7741}\Shell - "" = AutoRun
O33 - MountPoints2\{e409ec69-8bb1-11df-858c-4487fc4b7741}\Shell\AutoRun\command - "" = J:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{e409ec7b-8bb1-11df-858c-4487fc4b7741}\Shell - "" = AutoRun
O33 - MountPoints2\{e409ec7b-8bb1-11df-858c-4487fc4b7741}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/14 12:36:05 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/08/14 12:35:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Lavasoft
[2012/08/14 12:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/08/14 12:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/08/13 18:03:56 | 000,000,000 | -H-D | C] -- C:\Users\Kristy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2012/08/13 18:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanUp!
[2012/08/13 06:20:16 | 000,000,000 | -H-D | C] -- C:\Users\Kristy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012/08/13 06:20:07 | 000,254,976 | -H-- | C] (LSC) -- C:\ProgramData\jNNfHyTTSZbtu9.exe
[2012/08/13 06:10:21 | 000,348,160 | -H-- | C] (LSC) -- C:\ProgramData\NyUPXRcvIOUP.exe
[2012/08/13 06:08:46 | 000,000,000 | -H-D | C] -- C:\Users\Kristy\AppData\Local\{2A61EAA4-46F3-113D-EB45-4F26CB00A9B4}
[2012/07/30 16:03:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\7812875602D2DA56DA73D4E6F875F002
[2012/07/30 15:03:42 | 000,000,000 | -H-D | C] -- C:\Users\Kristy\AppData\Local\Grubby Games
[2012/07/30 15:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Tribe
[2012/07/27 09:48:37 | 000,000,000 | -H-D | C] -- C:\Users\Kristy\AppData\Roaming\Jigsaws Galore
[2012/07/27 08:59:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/07/27 08:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Puzzler World
[2012/07/27 08:47:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Playrix Entertainment
[2012/07/27 08:26:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Big Fish Games
[2012/07/27 08:25:12 | 000,000,000 | -H-D | C] -- C:\BigFishGamesCache
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/14 13:04:49 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 12:38:47 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 12:38:47 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 12:36:15 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/08/14 12:35:06 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/14 12:35:06 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/14 12:35:06 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/14 12:30:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 12:30:07 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/08/14 12:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 12:29:51 | 2213,990,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 18:27:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/13 06:20:16 | 000,000,688 | -H-- | M] () -- C:\Users\Kristy\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/13 06:20:16 | 000,000,664 | -H-- | M] () -- C:\Users\Kristy\Desktop\File_Recovery.lnk
[2012/08/13 06:20:16 | 000,000,368 | -H-- | M] () -- C:\ProgramData\jNNfHyTTSZbtu9
[2012/08/13 06:20:07 | 000,254,976 | -H-- | M] (LSC) -- C:\ProgramData\jNNfHyTTSZbtu9.exe
[2012/08/13 06:08:02 | 000,348,160 | -H-- | M] (LSC) -- C:\ProgramData\NyUPXRcvIOUP.exe
[2012/07/27 08:43:42 | 000,000,016 | -H-- | M] () -- C:\Windows\popcinfo.dat
[2012/07/16 11:53:17 | 000,000,109 | -H-- | M] () -- C:\Users\Kristy\webct_upload_applet.properties
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/14 12:36:14 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/08/14 12:31:56 | 012,410,880 | -H-- | C] () -- C:\Users\Kristy\Desktop\Ad-Aware96Install.msi
[2012/08/13 06:20:16 | 000,000,688 | -H-- | C] () -- C:\Users\Kristy\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/08/13 06:20:16 | 000,000,664 | -H-- | C] () -- C:\Users\Kristy\Desktop\File_Recovery.lnk
[2012/08/13 06:20:09 | 000,000,368 | -H-- | C] () -- C:\ProgramData\jNNfHyTTSZbtu9
[2012/07/27 08:43:42 | 000,000,016 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2012/07/16 11:53:17 | 000,000,109 | -H-- | C] () -- C:\Users\Kristy\webct_upload_applet.properties
[2012/01/31 07:48:53 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/01/10 11:47:49 | 000,010,142 | -HS- | C] () -- C:\Users\Kristy\AppData\Local\07fjx75nug2887dklni10vgsdm7qc05kav2k31v5d20eqw
[2012/01/10 11:47:49 | 000,010,142 | -HS- | C] () -- C:\ProgramData\07fjx75nug2887dklni10vgsdm7qc05kav2k31v5d20eqw
[2011/01/18 19:47:21 | 000,000,193 | -H-- | C] () -- C:\Windows\WORDPAD.INI
[2011/01/09 10:19:31 | 000,016,896 | -H-- | C] () -- C:\Users\Kristy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/01 13:48:41 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/04 21:35:28 | 000,091,072 | ---- | C] () -- C:\Windows\SysWow64\RoseCo2.dll
========== LOP Check ==========
[2011/12/21 18:05:19 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\Atari
[2012/01/07 17:03:15 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\Babylon
[2010/11/21 07:10:55 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\CoreInternetUtility
[2011/12/21 17:59:56 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\DAEMON Tools Pro
[2011/10/06 09:04:31 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\Elluminate
[2012/02/28 16:59:01 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\GameCards
[2011/10/11 18:39:15 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\GOL_byHasbro
[2011/08/30 14:05:33 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\InfraRecorder
[2012/07/30 16:19:43 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\Jigsaws Galore
[2011/10/11 18:39:04 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\Oberon Media
[2011/01/02 09:53:07 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\OpenOffice.org
[2011/10/03 15:56:03 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\PhotoScape
[2012/02/28 17:23:48 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\SecondLife
[2011/03/22 13:53:28 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\SoftGrid Client
[2012/05/20 15:38:41 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\Spotify
[2011/12/07 17:22:59 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\TomTom
[2011/03/22 14:15:18 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\TP
[2012/06/27 00:58:26 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\uTorrent
[2012/06/11 16:11:38 | 000,000,000 | -H-D | M] -- C:\Users\Kristy\AppData\Roaming\WinZip
[2012/08/14 12:30:07 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/01/11 04:03:20 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
========== Alternate Data Streams ==========
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:D987CB43
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6B709AD7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2C6A77F3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F72306CC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5DABFF83
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A
< End of report >
-------------------------------------------------------------------------------------------------------------------------------
Malwarebytes log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 912011101
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
8/13/2012 6:40:16 PM
mbam-log-2012-08-13 (18-40-16).txt
Scan type: Quick scan
Objects scanned: 186100
Time elapsed: 11 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.