Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with Trojan.ZeroAccess!inf4 and Trojan.Gen2 [Solved]


  • This topic is locked This topic is locked

#1
T00MuchRazMataz

T00MuchRazMataz

    New Member

  • Member
  • Pip
  • 8 posts
Hello, I am looking for assistance in resolving an issue. I have Norton 360, and scans are telling me I need to manually remove Trojan.ZeroAccess!inf4. In the last few days, I've also seen messages talking about Trojan.ZeroAccess.A, Trojan.ZeroAccess.B, and Trojan.ZeroAccess.C. Along with those, Norton has warned me about Trojan.Gen, and Trojan.Gen2. Today, I think I remember seeing another error mentioning desktop.ini, but I'm not sure about that one.

I have attempted to use Norton's fixes: Trojan.ZeroAccess Removal Tool, and Norton Power Eraser. These did not solve the problem apparently.

Any help and assistance is greatly appreciated!

As of right now I have run OTL (The Malware and Spyware Cleaning Guide told me to do that before posting).

Here is the log:


OTL logfile created on: 8/26/2012 12:57:22 AM - Run 1
OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\David\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 28.72% Memory free
6.00 Gb Paging File | 4.03 Gb Available in Paging File | 67.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71.34 Gb Total Space | 16.32 Gb Free Space | 22.88% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 22.88 Gb Free Space | 4.91% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/26 00:56:42 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2012/08/25 11:23:57 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/08/18 23:22:15 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\David\AppData\Roaming\Spotify\spotify.exe
PRC - [2012/08/18 23:22:14 | 001,193,176 | ---- | M] () -- C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/27 15:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/21 11:25:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/03/30 09:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/25 11:23:57 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/08/18 23:22:14 | 020,219,096 | ---- | M] () -- C:\Users\David\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012/08/18 23:22:14 | 001,193,176 | ---- | M] () -- C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/07/21 11:25:53 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/25 11:23:57 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/21 11:25:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe -- (N360)
SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/18 23:16:28 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/17 21:13:32 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:13:22 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 02:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/08/25 19:01:29 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120825.007\ex64.sys -- (NAVEX15)
DRV - [2012/08/25 19:01:29 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120825.007\eng64.sys -- (NAVENG)
DRV - [2012/08/21 21:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120824.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/18 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/18 20:02:26 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120803.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 81 7B D4 A2 7C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/18 23:28:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\IPSFFPlgn\ [2012/08/18 23:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\coFFPlgn\ [2012/08/25 11:20:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 11:25:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 11:25:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/30 20:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2012/05/12 16:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yia56b7w.default\extensions
[2012/03/30 20:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/21 11:25:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/30 21:17:29 | 000,001,306 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns 3.adobe.com
O1 - Hosts: 127.0.0.1 3dns 2.adobe.com
O1 - Hosts: 127.0.0.1 adobe dns.adobe.com
O1 - Hosts: Dns 127.0.0.1 adobe 2.adobe.com
O1 - Hosts: Dns 127.0.0.1 adobe 3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis dubc1 vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis dubc1 vip60.adobe.com
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Spotify] C:\Users\David\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50B30D96-B3F3-436D-B7DE-F1D8470F1EE3}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dd670b99-bc12-11e1-9f8d-00044b0a5185}\Shell - "" = AutoRun
O33 - MountPoints2\{dd670b99-bc12-11e1-9f8d-00044b0a5185}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 00:56:34 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2012/08/19 10:06:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/08/19 10:05:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/08/19 10:05:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0500000.05A
[2012/08/19 10:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/08/19 10:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/08/19 09:10:51 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/08/18 23:26:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/18 23:19:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\NPE
[2012/08/18 23:17:39 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Symantec
[2012/08/18 23:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/18 23:16:28 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/18 23:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/08/18 23:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/18 23:16:14 | 001,129,120 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymEFA64.sys
[2012/08/18 23:16:14 | 000,737,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.sys
[2012/08/18 23:16:14 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymDS64.sys
[2012/08/18 23:16:14 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnets.sys
[2012/08/18 23:16:14 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Ironx64.sys
[2012/08/18 23:16:14 | 000,167,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccSetx64.sys
[2012/08/18 23:16:14 | 000,037,536 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.sys
[2012/08/18 23:16:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2012/08/18 23:16:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E
[2012/08/18 23:16:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/08/18 23:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2012/08/18 23:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/08/18 23:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/08/18 23:11:02 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/18 23:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/08/18 12:03:00 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Repair hotos
[2012/08/11 21:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/08/08 06:12:34 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/08/05 20:57:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun

========== Files - Modified Within 30 Days ==========

[2012/08/26 00:56:42 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2012/08/26 00:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/25 18:31:37 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 18:31:37 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 17:20:39 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/25 17:20:39 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/25 17:20:39 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/25 14:15:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/08/25 11:19:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/25 11:19:34 | 2414,768,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/25 11:16:56 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/08/19 10:09:29 | 602,800,128 | ---- | M] () -- C:\NBRT.iso
[2012/08/19 10:06:13 | 001,631,555 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB
[2012/08/19 10:02:35 | 000,001,374 | ---- | M] () -- C:\Users\David\Desktop\Norton Installation Files.lnk
[2012/08/19 00:05:07 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038
[2012/08/18 23:54:24 | 000,371,097 | ---- | M] () -- C:\Users\David\Desktop\BFE.reg
[2012/08/18 23:29:11 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/08/18 23:16:28 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/18 23:16:28 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/18 23:16:28 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/18 23:16:22 | 000,002,382 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/17 13:46:46 | 000,101,091 | ---- | M] () -- C:\Users\David\Desktop\angieslistreceipt.pdf
[2012/08/17 13:23:58 | 000,281,390 | ---- | M] () -- C:\Users\David\Desktop\DirectBuyNorth.pdf
[2012/08/17 13:21:21 | 000,281,859 | ---- | M] () -- C:\Users\David\Desktop\DirectBuyEastDallas.pdf
[2012/08/11 22:00:45 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/08/10 01:00:27 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\isolate.ini

========== Files Created - No Company Name ==========

[2012/08/25 14:15:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/08/19 10:09:11 | 602,800,128 | ---- | C] () -- C:\NBRT.iso
[2012/08/19 10:05:51 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0500000.05A\isolate.ini
[2012/08/19 00:05:23 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038
[2012/08/18 23:54:24 | 000,371,097 | ---- | C] () -- C:\Users\David\Desktop\BFE.reg
[2012/08/18 23:16:31 | 001,631,555 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB
[2012/08/18 23:16:28 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/18 23:16:28 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/18 23:16:22 | 000,002,382 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/18 23:16:08 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymVTcer.dat
[2012/08/18 23:16:08 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymDS64.cat
[2012/08/18 23:16:08 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnet64.cat
[2012/08/18 23:16:08 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\iron.cat
[2012/08/18 23:16:08 | 000,007,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.cat
[2012/08/18 23:16:08 | 000,007,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymEFA64.cat
[2012/08/18 23:16:08 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.cat
[2012/08/18 23:16:08 | 000,007,402 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.cat
[2012/08/18 23:16:08 | 000,003,435 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymEFA.inf
[2012/08/18 23:16:08 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymDS.inf
[2012/08/18 23:16:08 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymNet.inf
[2012/08/18 23:16:08 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.inf
[2012/08/18 23:16:08 | 000,001,419 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.inf
[2012/08/18 23:16:08 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccSetx64.inf
[2012/08/18 23:16:08 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Iron.inf
[2012/08/18 23:16:08 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\isolate.ini
[2012/08/18 23:11:02 | 000,001,374 | ---- | C] () -- C:\Users\David\Desktop\Norton Installation Files.lnk
[2012/08/17 13:46:46 | 000,101,091 | ---- | C] () -- C:\Users\David\Desktop\angieslistreceipt.pdf
[2012/08/17 13:23:58 | 000,281,390 | ---- | C] () -- C:\Users\David\Desktop\DirectBuyNorth.pdf
[2012/08/17 13:21:21 | 000,281,859 | ---- | C] () -- C:\Users\David\Desktop\DirectBuyEastDallas.pdf
[2012/06/21 21:30:34 | 000,000,353 | ---- | C] () -- C:\Users\David\AppData\Roaming\Network Meter_Settings.ini
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/12 16:29:00 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{cb0c411f-0cb5-1968-ba5e-e41c4dc4cd90}\@
[2012/05/12 16:29:00 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{cb0c411f-0cb5-1968-ba5e-e41c4dc4cd90}\@

========== LOP Check ==========

[2012/05/15 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\JAM Software
[2012/08/26 00:00:30 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Spotify
[2012/05/12 16:19:58 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
[2012/07/27 06:46:22 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,010,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets kill this nasty for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :Reg
    [HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] 
    ""="%systemroot%\system32\wbem\wbemess.dll" 
    [-HKCU\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] 
    
    :Files
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{cb0c411f-0cb5-1968-ba5e-e41c4dc4cd90}
    C:\Windows\System32\config\systemprofile\AppData\Local\{cb0c411f-0cb5-1968-ba5e-e41c4dc4cd90}
    ipconfig /flushdns /c
    netsh int ip reset c:\resetlog.txt  /c
    ipconfig /release /c
    ipconfig /renew /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#3
T00MuchRazMataz

T00MuchRazMataz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
So things didn't start out going too smoothly. When I tried to do the Custom Scans, I got an error saying "Can Not Create File C\Users\David\Desktop\cmd.bat". Then OTL seemed to not be working anymore... In the bottom message area it was stuck on Moving File c\windows\system32\config\systemsprofile\appdata\local\{cb0c411f-0cb5-1968-ba5e-e41c4dc4cd90}... for quite a while.

So I closed out of it and tried again. I hope this was okay... Everything went smoothly this time. Here is the log:

OTL logfile created on: 8/26/2012 9:30:14 AM - Run 2
OTL by OldTimer - Version 3.2.59.0 Folder = C:\Users\David\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.47% Memory free
6.00 Gb Paging File | 4.66 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 71.34 Gb Total Space | 18.53 Gb Free Space | 25.97% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 22.88 Gb Free Space | 4.91% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/26 00:56:42 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2012/08/18 23:22:15 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\David\AppData\Roaming\Spotify\spotify.exe
PRC - [2012/08/18 23:22:14 | 001,193,176 | ---- | M] () -- C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/27 15:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/21 11:25:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/18 23:22:14 | 020,219,096 | ---- | M] () -- C:\Users\David\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012/08/18 23:22:14 | 001,193,176 | ---- | M] () -- C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/07/21 11:25:53 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/25 11:23:57 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/21 11:25:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe -- (N360)
SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/18 23:16:28 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/17 21:13:32 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:13:22 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 02:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/08/25 19:01:29 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120825.007\ex64.sys -- (NAVEX15)
DRV - [2012/08/25 19:01:29 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20120825.007\eng64.sys -- (NAVENG)
DRV - [2012/08/21 21:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20120824.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/18 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/18 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/18 20:02:26 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20120803.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 81 7B D4 A2 7C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/18 23:28:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\IPSFFPlgn\ [2012/08/18 23:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\coFFPlgn\ [2012/08/26 09:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 11:25:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 11:25:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/30 20:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2012/05/12 16:19:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\yia56b7w.default\extensions
[2012/03/30 20:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/21 11:25:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/26 09:24:05 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Spotify] C:\Users\David\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50B30D96-B3F3-436D-B7DE-F1D8470F1EE3}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dd670b99-bc12-11e1-9f8d-00044b0a5185}\Shell - "" = AutoRun
O33 - MountPoints2\{dd670b99-bc12-11e1-9f8d-00044b0a5185}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/26 08:47:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/26 00:56:34 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2012/08/19 10:06:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/08/19 10:05:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64
[2012/08/19 10:05:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NBRTWizardx64\0500000.05A
[2012/08/19 10:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/08/19 10:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
[2012/08/19 09:10:51 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/08/18 23:26:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/18 23:19:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\NPE
[2012/08/18 23:17:39 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Symantec
[2012/08/18 23:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/18 23:16:28 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/18 23:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/08/18 23:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/08/18 23:16:14 | 001,129,120 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymEFA64.sys
[2012/08/18 23:16:14 | 000,737,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.sys
[2012/08/18 23:16:14 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymDS64.sys
[2012/08/18 23:16:14 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnets.sys
[2012/08/18 23:16:14 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Ironx64.sys
[2012/08/18 23:16:14 | 000,167,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccSetx64.sys
[2012/08/18 23:16:14 | 000,037,536 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.sys
[2012/08/18 23:16:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2012/08/18 23:16:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0603000.00E
[2012/08/18 23:16:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/08/18 23:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2012/08/18 23:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/08/18 23:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012/08/18 23:11:02 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/08/18 23:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/08/18 12:03:00 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Repair hotos
[2012/08/11 21:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/08/08 06:12:34 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/08/05 20:57:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun

========== Files - Modified Within 30 Days ==========

[2012/08/26 09:35:43 | 004,738,846 | ---- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2012/08/26 09:31:49 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 09:31:49 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/26 09:26:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/26 09:26:16 | 2414,768,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/26 09:24:05 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/26 08:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/26 00:56:42 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2012/08/25 17:20:39 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/25 17:20:39 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/25 17:20:39 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/25 14:15:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/08/25 11:16:56 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/08/19 10:09:29 | 602,800,128 | ---- | M] () -- C:\NBRT.iso
[2012/08/19 10:06:13 | 001,631,555 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB
[2012/08/19 10:02:35 | 000,001,374 | ---- | M] () -- C:\Users\David\Desktop\Norton Installation Files.lnk
[2012/08/19 00:05:07 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038
[2012/08/18 23:54:24 | 000,371,097 | ---- | M] () -- C:\Users\David\Desktop\BFE.reg
[2012/08/18 23:29:11 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/08/18 23:16:28 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/08/18 23:16:28 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/18 23:16:28 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/18 23:16:22 | 000,002,382 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/17 13:46:46 | 000,101,091 | ---- | M] () -- C:\Users\David\Desktop\angieslistreceipt.pdf
[2012/08/17 13:23:58 | 000,281,390 | ---- | M] () -- C:\Users\David\Desktop\DirectBuyNorth.pdf
[2012/08/17 13:21:21 | 000,281,859 | ---- | M] () -- C:\Users\David\Desktop\DirectBuyEastDallas.pdf
[2012/08/11 22:00:45 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/08/10 01:00:27 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\isolate.ini

========== Files Created - No Company Name ==========

[2012/08/25 14:15:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/08/19 10:09:11 | 602,800,128 | ---- | C] () -- C:\NBRT.iso
[2012/08/19 10:05:51 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NBRTWizardx64\0500000.05A\isolate.ini
[2012/08/19 00:05:23 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\VT20120731.038
[2012/08/18 23:54:24 | 000,371,097 | ---- | C] () -- C:\Users\David\Desktop\BFE.reg
[2012/08/18 23:16:31 | 001,631,555 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Cat.DB
[2012/08/18 23:16:28 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/08/18 23:16:28 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/08/18 23:16:22 | 000,002,382 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/08/18 23:16:08 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymVTcer.dat
[2012/08/18 23:16:08 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymDS64.cat
[2012/08/18 23:16:08 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\symnet64.cat
[2012/08/18 23:16:08 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\iron.cat
[2012/08/18 23:16:08 | 000,007,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccsetx64.cat
[2012/08/18 23:16:08 | 000,007,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymEFA64.cat
[2012/08/18 23:16:08 | 000,007,406 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.cat
[2012/08/18 23:16:08 | 000,007,402 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.cat
[2012/08/18 23:16:08 | 000,003,435 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymEFA.inf
[2012/08/18 23:16:08 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymDS.inf
[2012/08/18 23:16:08 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\SymNet.inf
[2012/08/18 23:16:08 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtsp64.inf
[2012/08/18 23:16:08 | 000,001,419 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\srtspx64.inf
[2012/08/18 23:16:08 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\ccSetx64.inf
[2012/08/18 23:16:08 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\Iron.inf
[2012/08/18 23:16:08 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0603000.00E\isolate.ini
[2012/08/18 23:11:02 | 000,001,374 | ---- | C] () -- C:\Users\David\Desktop\Norton Installation Files.lnk
[2012/08/17 13:46:46 | 000,101,091 | ---- | C] () -- C:\Users\David\Desktop\angieslistreceipt.pdf
[2012/08/17 13:23:58 | 000,281,390 | ---- | C] () -- C:\Users\David\Desktop\DirectBuyNorth.pdf
[2012/08/17 13:21:21 | 000,281,859 | ---- | C] () -- C:\Users\David\Desktop\DirectBuyEastDallas.pdf
[2012/06/21 21:30:34 | 000,000,353 | ---- | C] () -- C:\Users\David\AppData\Roaming\Network Meter_Settings.ini
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012/05/15 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\JAM Software
[2012/08/26 09:33:32 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Spotify
[2012/05/12 16:19:58 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
[2012/07/27 06:46:22 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,010,894 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


ComboFix Log is attached. I wasn't sure if you wanted the file or to copy/paste it. If I should copy/Paste please let me know.


Here is the FSS log

Farbar Service Scanner Version: 06-08-2012
Ran by David (administrator) on 26-08-2012 at 11:07:47
Running from "C:\Users\David\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



Well I hope that was it. I haven't run Norton or anything to see if it detects anything. I'll wait for the OK to do so.

Thank you so much fory our help and timely response!

What are my next steps? Should I do a Full System Scan and see if anything pops up?

Thank you again!

Attached Files


  • 0

#4
T00MuchRazMataz

T00MuchRazMataz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Also, should I be turning my Antivirus stuff back on?

Thanks!
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like we just have windows updates to repair now. Yep Norton can be turned back on.. It may find the files that we have quarantined

On completion of this can you let me know of any outstanding problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
    "DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000"
    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
      74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
      00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
      6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
    "Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001"
    "ObjectName"="LocalSystem"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000002
    "DelayedAutoStart"=dword:00000001
    "Type"=dword:00000020
    "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,45,00,76,00,65,00,\
      6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00
    "ServiceSidType"=dword:00000001
    "RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\
      00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
      67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
      00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
      00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
      00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\
      72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\
      00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\
      63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\
      00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
    "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
      00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
    "ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
      00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance]
    "Library"="bitsperf.dll"
    "Open"="PerfMon_Open"
    "Collect"="PerfMon_Collect"
    "Close"="PerfMon_Close"
    "InstallType"=dword:00000001
    "PerfIniFile"="bitsctrs.ini"
    "Last Counter"=dword:00000fc8
    "Last Help"=dword:00000fc9
    "First Counter"=dword:00000fb8
    "First Help"=dword:00000fb9
    "Object List"="4024"
    "1008"=hex(b):50,94,22,ad,0d,ad,cc,01
    "PerfMMFileName"="Global\\MMF_BITS_s"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
    "Security"=hex:01,00,14,80,94,00,00,00,a4,00,00,00,14,00,00,00,34,00,00,00,02,\
      00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
      00,00,20,02,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,\
      00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
      20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,\
      00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,\
      00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
      05,20,00,00,00,20,02,00,00
    
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
T00MuchRazMataz

T00MuchRazMataz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is the latest log:

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"DisplayName"|"@%SystemRoot%\\system32\\qmgr.dll,-1000" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"Description"|"@%SystemRoot%\\system32\\qmgr.dll,-1001" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"ObjectName"|"LocalSystem" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"DelayedAutoStart"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"DependOnService"|hex(7):52,00,70,00,63,00,53,00,73,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"ServiceSidType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"RequiredPrivileges"|hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters\\"ServiceDll"|hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"Library"|"bitsperf.dll" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"Open"|"PerfMon_Open" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"Collect"|"PerfMon_Collect" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"Close"|"PerfMon_Close" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"InstallType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"PerfIniFile"|"bitsctrs.ini" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"Last Counter"|dword:00000fc8 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"Last Help"|dword:00000fc9 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"First Counter"|dword:00000fb8 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"First Help"|dword:00000fb9 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"Object List"|"4024" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"1008"|hex(b):50,94,22,ad,0d,ad,cc,01 /E :invalid edit format. Invalid data type.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Performance\\"PerfMMFileName"|"Global\\MMF_BITS_s" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security\\"Security"|hex:01,00,14,80,94,00,00,00,a4,00,00,00,14,00,00,00,34,00,00,00,02,00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 1512 bytes
->Temporary Internet Files folder emptied: 41887 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36703813 bytes
->Flash cache emptied: 647 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 35.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.59.0 log created on 08262012_114956

Files\Folders moved on Reboot...
C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



THANK YOU AGAIN! Your help has been amazing.

Please let me know if there are any more steps to complete.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now, any more problems ?
  • 0

#8
T00MuchRazMataz

T00MuchRazMataz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I just ran another Full System Scan using Norton 360.

It gave me the same results. Most say it just requires a restart to fix, but they are still there/coming back.

After I restarted, I'm still getting the error for Trojan.ZeroAccess!inf4 "requires manual removal"


I'm sorry to keep bothering you. Should I retry everything in the same order? How should I proceed?

Thanks again for all of the help..
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What location is Norton reporting the zero access file ? Is it qoobox or OTL_Moved files ?

I would like you to re-run combofix please and post that log
  • 0

#10
T00MuchRazMataz

T00MuchRazMataz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is what Norton 360 says about the file:


Full Path: c:\qoobox\quarantine\c\windows\system32\services.exe.vir
Threat: Trojan.Zeroaccess!inf4
____________________________
____________________________
On computers as of 8/26/2012 at 1:21:31 PM
Last Used 8/26/2012 at 1:23:31 PM
Startup Item No
Launched No
____________________________
____________________________
Many Users
Tens of thousands of users in the Norton Community have used this file.
____________________________
Mature
This file was released 3 months ago.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Spyware. Programs that actively track and send personal or confidential information to third parties.
____________________________


Source File:
services.exe.vir
____________________________
File Actions
Infected file: c:\Qoobox\quarantine\C\Windows\System32\services.exe.vir
Manual removal required
____________________________
File Thumbprint - SHA:
e647717985bf0a1c6b3e2464d4f95d2efe3b77801c43246bde45eae908b940b8
____________________________
File Thumbprint - MD5:
014a9cb92514e27c0107614df764bc06
____________________________


I will post again in a minute with the re-run of ComboFix.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi if you have not allready started then don't bother as it is a file that we have allready quarantined

Full Path: c:\qoobox\quarantine\c\windows\system32\services.exe.vir

Apart from that any other problems
  • 0

#12
T00MuchRazMataz

T00MuchRazMataz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
No other problems. Norton just keeps picking up that one file. Will it be getting removed? or just going to stay in quarantine forever?

Just wondering.

What's next? :-D

Thank you again for all of your help! This is going greatly.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well if you are happy I will clear that now and remove all my bits and bobs

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#14
T00MuchRazMataz

T00MuchRazMataz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Wow this is awesome! Thank you SO much! Everything went extremely smoothly and I believe I am completely clean!

Thank you very much for all of your help!

Is there anything I can do for you? Is there like a rating system or something for the site?

Just want to let everyone know how helpful you have been!

Thanks again! You rule!
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Spreading the word is good :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP