Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Moneypak virus removal [Solved]


  • This topic is locked This topic is locked

#1
tstumo

tstumo

    Member

  • Member
  • PipPip
  • 23 posts
Hey everyone. My sister just recently got this computer. Everytime on startup the moneypak fbi page comes on the screen and prevents her from doing anything. I knew it was a scam/virus and i've tried removing it using malware bytes and have also tried restoring the system to an earlier date but to no avail the the problem still occurs. Any help regarding this issue would be massively appreciated. Thanks a lot
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

As a start, could you please tell me what Operating System is running on the infected computer, and if it is 32-bit or 64-bit?
  • 0

#3
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thank you very much for your assistance Buddierdl. The operating system is windows 7. And it's a 32 bit.
  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
One last question before we start. You said you tried to run Malwarebytes. Does this mean you are able to use Safe Mode?
  • 0

#5
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
yes. I am still able to use safe mode. and safe mode with networking. But when I try to go on normally the fbi virus pops up.
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Using "Safe Mode w/ Networking," could you please try to run the scan below:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#7
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OTL

OTL logfile created on: 12/4/2012 8:26:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 84.45% Memory free
5.87 Gb Paging File | 5.49 Gb Available in Paging File | 93.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.19 Gb Total Space | 172.64 Gb Free Space | 78.05% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.98 Gb Free Space | 16.98% Space Free | Partition Type: NTFS

Computer Name: WINDOWS-PC | User Name: Windows | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/04 20:25:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
PRC - [2011/10/30 18:23:34 | 001,667,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
PRC - [2011/10/30 18:23:32 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/08 00:30:32 | 000,568,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/10/29 17:54:39 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/10/29 17:54:23 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/27 19:18:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/20 18:49:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/10/30 18:23:34 | 001,667,328 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe -- (SmcService)
SRV - [2011/10/30 18:23:34 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe -- (SNAC)
SRV - [2011/10/30 18:23:32 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV - [2012/11/28 14:01:52 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20121204.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/11/28 14:01:52 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20121204.003\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/29 17:54:23 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/24 17:33:19 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121130.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/31 19:19:53 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20121202.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/30 17:18:29 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/30 17:18:29 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/20 20:16:59 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/06/08 11:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 11:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/10/30 18:23:36 | 000,758,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2011/10/30 18:23:36 | 000,522,872 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\srtsp.sys -- (SRTSP)
DRV - [2011/10/30 18:23:36 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys -- (SymDS)
DRV - [2011/10/30 18:23:36 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\symnets.sys -- (SYMNETS)
DRV - [2011/10/30 18:23:36 | 000,137,336 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2011/10/30 18:23:36 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/09 01:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/06 10:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/11 01:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-950042818-4151037037-2502909626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-950042818-4151037037-2502909626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-950042818-4151037037-2502909626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-950042818-4151037037-2502909626-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 10 D6 D8 F3 66 CD 01 [binary data]
IE - HKU\S-1-5-21-950042818-4151037037-2502909626-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-950042818-4151037037-2502909626-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-950042818-4151037037-2502909626-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-950042818-4151037037-2502909626-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: c:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\ [2012/12/04 13:20:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/07/20 20:33:24 | 000,000,000 | ---D | M]

[2012/10/28 23:08:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.yahoo.com/
CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....44,17094,0,11,0
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Windows\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Swiki = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikoeigmfnoggdlhnobkbbbkohiahbko\1.4_0\
CHR - Extension: Swiki = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikoeigmfnoggdlhnobkbbbkohiahbko\1.4_0\.svn\text-base\.svn-base
CHR - Extension: Shop to Win 37 = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeocblafbodojjojbdibnognkabkeaki\1.1.4_0\
CHR - Extension: DefaultTab = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.10_0\
CHR - Extension: Gmail = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swiki_IE) - {A2B6C1C5-ACDE-415E-A965-9FCB42E95952} - C:\Program Files\Swiki_IE\ScriptHost.dll (Swiki)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-950042818-4151037037-2502909626-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PC Optimizer Pro] C:\Program Files\PC Optimizer Pro\StartApps.exe (Tweaking Tools)
O4 - HKU\S-1-5-21-950042818-4151037037-2502909626-1000..\Run: [] C:\Users\Windows\vocluljrqqlijwblrm.exe ()
O4 - HKU\S-1-5-21-950042818-4151037037-2502909626-1000..\Run: [Creative Live! Cam Manager] C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-950042818-4151037037-2502909626-1000..\Run: [Shop To Win] C:\Program Files\Shop To Win\ShopToWin.exe (Jackpot Rewards)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-950042818-4151037037-2502909626-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36CF6CE5-FADE-4A07-96EC-C6C4A8AA625F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB36FA1-7F1C-45E7-980E-90A35C9D2500}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{d33ed4d7-dc1a-11e1-845c-001e686c5cfd}\Shell - "" = AutoRun
O33 - MountPoints2\{d33ed4d7-dc1a-11e1-845c-001e686c5cfd}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/04 20:25:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2012/11/28 17:42:26 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Malwarebytes
[2012/11/28 17:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/28 17:42:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/28 17:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/28 17:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/25 18:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/25 18:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/25 18:50:53 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/11/22 08:27:17 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/11/22 08:27:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/11/22 08:23:55 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/11/22 08:23:54 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/11/22 08:23:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/11/22 08:22:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/22 08:22:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/22 08:22:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/22 08:22:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/22 08:22:23 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/22 08:22:22 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/22 08:22:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/22 08:22:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/22 00:51:53 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012/11/22 00:51:53 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012/11/22 00:51:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/11/22 00:51:47 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/22 00:51:34 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/22 00:51:29 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012/11/22 00:51:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012/11/16 00:37:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/10 18:04:11 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Apple Computer
[2012/11/10 18:04:11 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Apple Computer
[2012/11/10 18:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/10 18:03:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/11/10 18:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/10 18:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/10 18:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/10 18:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/10 18:00:40 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Apple
[2012/11/10 18:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/11/10 18:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/11/10 17:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/11/10 17:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/11/09 22:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2012/11/09 22:51:43 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\PlayFirst
[2012/11/09 22:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayFirst
[2012/11/09 22:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\PlayFirst

========== Files - Modified Within 30 Days ==========

[2012/12/04 20:25:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2012/12/04 13:20:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/04 13:20:10 | 2364,739,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/03 15:04:32 | 000,019,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/03 15:04:32 | 000,019,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/02 21:21:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950042818-4151037037-2502909626-1000UA.job
[2012/12/02 21:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/02 10:21:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950042818-4151037037-2502909626-1000Core.job
[2012/11/30 14:02:29 | 000,100,352 | ---- | M] () -- C:\Users\Windows\mvvnsonztqrgmfjxaugr.exe
[2012/11/30 14:02:28 | 000,121,344 | ---- | M] () -- C:\Users\Windows\vocluljrqqlijwblrm.exe
[2012/11/28 18:25:11 | 468,769,572 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/28 17:42:17 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/25 18:50:54 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/23 09:12:57 | 000,412,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/22 08:37:41 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/22 08:37:41 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/10 21:40:10 | 006,227,178 | ---- | M] () -- C:\Users\Windows\Documents\13-chris_brown-dont_wake_me_up-whoa.mp3
[2012/11/10 21:40:09 | 009,740,194 | ---- | M] () -- C:\Users\Windows\Documents\12-chris_brown-party_hard_-_cadillac_(interlude)_(feat._sevyn)-whoa.mp3
[2012/11/10 21:40:07 | 007,380,632 | ---- | M] () -- C:\Users\Windows\Documents\11-chris_brown-4_years_old-whoa.mp3
[2012/11/10 21:40:05 | 007,510,128 | ---- | M] () -- C:\Users\Windows\Documents\10-chris_brown-stuck_on_stupid-whoa.mp3
[2012/11/10 21:40:04 | 005,382,927 | ---- | M] () -- C:\Users\Windows\Documents\09-chris_brown-strip_(feat._kevin_mccall)-whoa.mp3
[2012/11/10 21:40:03 | 006,097,979 | ---- | M] () -- C:\Users\Windows\Documents\08-chris_brown-sweet_love-whoa.mp3
[2012/11/10 21:40:02 | 007,240,817 | ---- | M] () -- C:\Users\Windows\Documents\07-chris_brown-biggest_fan-whoa.mp3
[2012/11/10 21:40:00 | 007,612,271 | ---- | M] () -- C:\Users\Windows\Documents\06-chris_brown-2012-whoa.mp3
[2012/11/10 21:39:59 | 007,062,413 | ---- | M] () -- C:\Users\Windows\Documents\05-chris_brown-dont_judge_me-whoa.mp3
[2012/11/10 21:39:58 | 008,024,368 | ---- | M] () -- C:\Users\Windows\Documents\04-chris_brown-mirage_(feat._nas)-whoa.mp3
[2012/11/10 21:39:57 | 007,834,525 | ---- | M] () -- C:\Users\Windows\Documents\03-chris_brown-till_i_die_(feat._big_sean_and_wiz_khalifa)-whoa.mp3
[2012/11/10 21:39:56 | 007,820,555 | ---- | M] () -- C:\Users\Windows\Documents\02-chris_brown-bassline-whoa.mp3
[2012/11/10 21:39:55 | 007,412,778 | ---- | M] () -- C:\Users\Windows\Documents\01-chris_brown-turn_up_the_music-whoa.mp3
[2012/11/10 21:39:54 | 007,094,904 | ---- | M] () -- C:\Users\Windows\Documents\19-chris_brown-touch_me_(feat._sevyn)-whoa.mp3
[2012/11/10 21:39:54 | 000,300,936 | ---- | M] () -- C:\Users\Windows\Documents\00-chris_brown-fortune_(deluxe_edition)-2012-whoa.jpg
[2012/11/10 21:39:53 | 007,508,914 | ---- | M] () -- C:\Users\Windows\Documents\18-chris_brown-wait_for_you-whoa.mp3
[2012/11/10 21:39:52 | 006,809,074 | ---- | M] () -- C:\Users\Windows\Documents\17-chris_brown-remember_my_name_(feat._sevyn)-whoa.mp3
[2012/11/10 21:39:51 | 007,866,479 | ---- | M] () -- C:\Users\Windows\Documents\16-chris_brown-free_run-whoa.mp3
[2012/11/10 21:39:49 | 007,839,051 | ---- | M] () -- C:\Users\Windows\Documents\15-chris_brown-tell_somebody-whoa.mp3
[2012/11/10 21:39:48 | 007,635,156 | ---- | M] () -- C:\Users\Windows\Documents\14-chris_brown-trumpet_lights_(feat._sabrina_antoinette)-whoa.mp3
[2012/11/10 18:04:04 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/09 22:51:42 | 000,001,102 | ---- | M] () -- C:\Users\Windows\Desktop\Get More Games at PlayFirst.com.lnk
[2012/11/09 22:51:42 | 000,001,061 | ---- | M] () -- C:\Users\Windows\Desktop\Diner Dash 2.lnk

========== Files Created - No Company Name ==========

[2012/11/30 14:02:29 | 000,100,352 | ---- | C] () -- C:\Users\Windows\mvvnsonztqrgmfjxaugr.exe
[2012/11/30 14:02:28 | 000,121,344 | ---- | C] () -- C:\Users\Windows\vocluljrqqlijwblrm.exe
[2012/11/28 17:42:17 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/22 08:27:21 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/22 08:23:53 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/10 18:04:04 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/10 18:00:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/11/09 22:51:42 | 000,001,102 | ---- | C] () -- C:\Users\Windows\Desktop\Get More Games at PlayFirst.com.lnk
[2012/11/09 22:51:42 | 000,001,061 | ---- | C] () -- C:\Users\Windows\Desktop\Diner Dash 2.lnk
[2012/09/16 16:04:25 | 000,000,081 | ---- | C] () -- C:\Windows\spwdrhsa.INI
[2012/07/20 23:41:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/09/15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#8
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Extras


OTL Extras logfile created on: 12/4/2012 8:26:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 84.45% Memory free
5.87 Gb Paging File | 5.49 Gb Available in Paging File | 93.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.19 Gb Total Space | 172.64 Gb Free Space | 78.05% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.98 Gb Free Space | 16.98% Space Free | Partition Type: NTFS

Computer Name: WINDOWS-PC | User Name: Windows | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010F4E13-4B84-49BA-B500-0C4D1B79AA03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18B2213F-74CA-48FE-B66D-6FF8E1279A01}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B8ACEDB-E3AE-4906-9B9D-BDB9F61131B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21AA2858-2494-4C46-BBCA-8B0325E68C12}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{29098259-093F-4CF7-8BA2-3EE39B351964}" = rport=139 | protocol=6 | dir=out | app=system |
"{2D43C01C-E30F-4EB5-8849-2A56F5A5877B}" = lport=139 | protocol=6 | dir=in | app=system |
"{397341D3-A3FF-45A4-A342-BBC29AEE53AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4016B9F5-BB58-448A-89AB-F4CF4CE590A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{4C9925C7-2FBB-4A93-93E8-96012F63127A}" = lport=138 | protocol=17 | dir=in | app=system |
"{60BD5105-C616-4D15-8B61-C048016F2660}" = lport=2869 | protocol=6 | dir=in | app=system |
"{67E5F007-D4EC-4DA2-A682-8C7D3E1632CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A849203-2352-44F6-BFA8-E616F86C11ED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7B080C1F-9D1B-4C38-A4EF-CBAD43B13C90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E338985-0591-4EC4-9E73-1517EEE2F859}" = rport=137 | protocol=17 | dir=out | app=system |
"{95F64C61-C70E-4967-B4B0-13098F661721}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9723DAF7-84B6-4887-8342-E0CBDD9D12E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFCCB5FA-5F02-42C7-91F4-8C6711599438}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D31C83E4-EF7D-41D9-AD15-1CC11ADBB8F4}" = lport=137 | protocol=17 | dir=in | app=system |
"{D80A3E62-9436-4DB6-A6AE-C2D99F890661}" = lport=445 | protocol=6 | dir=in | app=system |
"{EBC8789B-08E9-4B5C-85E9-5174ECF727EB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F3C75EFD-AA3C-439A-87E8-9B24F2197E54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FDE73DF5-1B5B-439A-95A6-9481734FFF2F}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0866A100-13EE-4926-A85D-9C69774D333A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1045917D-0A52-4B57-9238-93FD4574E51E}" = protocol=6 | dir=in | app=c:\program files\sightspeed\sightspeed.exe |
"{17186FCD-4E29-4CEA-83A7-B6572599545B}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\smc.exe |
"{1EED8B47-C352-408C-85B2-2A600F3A0910}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{36D2D69F-BFA7-4182-8C9F-476ABB6BF307}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3AB857AB-9A8E-4DE6-934E-38486E5E5336}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{53C62CD3-2CB5-4E37-8FFE-CECB32264DD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5803B63D-5C2B-451B-976A-6A7805E5D673}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{598B2AB7-586A-4E16-BBC2-A7CF3795111F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6184DF25-A28C-427F-BC5B-22B66CA86812}" = protocol=1 | dir=in | [email protected],-28543 |
"{8009C4FE-768D-4193-8CBA-9D3A121D0538}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CDA09BA-A843-4620-AB8A-FEEEC508BC58}" = protocol=1 | dir=out | [email protected],-28544 |
"{92C336BA-2384-462F-8EC5-E5B9EA2B301B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1EA435B-4BAF-44F9-A565-ECC37FDDFF92}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B4806F05-399A-42D1-81BC-EFABA2800B78}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BA84BBA5-33FE-4055-87E4-7C63A5ADC2D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C163E89D-4C6B-4136-8953-DD3A481CA979}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\snac.exe |
"{C3E12DBE-438A-4728-B29C-535C457E1A34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C6C3BBDA-FC9B-45C8-989B-6A020EF5D643}" = protocol=58 | dir=out | [email protected],-28546 |
"{CD5612DC-FC7D-4F8F-894A-E9A5626A99C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CDEBBF69-786C-43DC-82A2-5D0F1A52CF96}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF05A0A7-34FE-43C0-A0A6-71118AC0FA07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA1B44DA-F6E2-4DAB-BD7D-1A5A1CD86CFC}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\smc.exe |
"{DEA53230-5A80-4A2B-A52D-586ACBC7128F}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\snac.exe |
"{E2C30B46-4892-4E65-AC48-703CC378D8A6}" = protocol=17 | dir=in | app=c:\program files\sightspeed\sightspeed.exe |
"{F269893E-A9DF-4736-A972-AEAA819954EF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F646ED33-65FE-42E7-A926-4D55A666798B}" = protocol=6 | dir=out | app=system |
"{FAD1FA88-335E-44A2-AE47-C74D9AF87133}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FB36FD8D-A5B6-4EF7-85A4-F914470CE205}" = protocol=58 | dir=in | [email protected],-28545 |
"{FDAF7744-F28B-47C7-B341-0F1CF4C6A500}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FDEB6236-D4BB-4A7B-95D4-36D96CA81367}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1F66F847-5A55-417E-91AF-944F344E3FC1}C:\users\windows\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\windows\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{2EF32E3F-4CEB-4CA1-B46A-0C4DD44C1248}C:\program files\sightspeed\sightspeed.exe" = protocol=6 | dir=in | app=c:\program files\sightspeed\sightspeed.exe |
"UDP Query User{30958968-BE7F-426D-B3D2-5760DAEE58C5}C:\program files\sightspeed\sightspeed.exe" = protocol=17 | dir=in | app=c:\program files\sightspeed\sightspeed.exe |
"UDP Query User{E15CD42C-AECE-4BF4-AFF0-EAC6359B9A70}C:\users\windows\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\windows\appdata\roaming\mjusbsp\magicjack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E240ADB-6124-4AC9-B4B5-A8BBE6580D8E}_is1" = Shop To Win
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{FA689023-0B72-4771-98A6-A1C927E58207}" = Symantec Endpoint Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Video FX Engine" = Advanced Video FX Engine
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam Optia User's Guide English" = Creative Live! Cam Optia User's Guide (English)
"Creative Photo Calendar" = Creative Photo Calendar
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DefaultTab Chrome" = DefaultTab Chrome
"Diner Dash 2" = Diner Dash 2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PC Optimizer Pro" = PC Optimizer Pro
"SightSpeed" = SightSpeed (remove only)
"Stellar Phoenix Windows Data Recovery - Home_is1" = Stellar Phoenix Windows Data Recovery - Home
"Swiki_IE" = Swiki_IE
"Swiki_is1" = Swiki version 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-950042818-4151037037-2502909626-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/3/2012 4:04:31 PM | Computer Name = Windows-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Cookie:[email protected]/
by: Manual scan. Action: Delete was partially successful.. Action Description:
Delete was partially successful.

Error - 12/3/2012 4:11:14 PM | Computer Name = Windows-PC | Source = Symantec AntiVirus | ID = 16711753
Description = SONAR has generated an error: code 1: description: Heuristic Scan
or Load Failure

Error - 12/3/2012 6:50:10 PM | Computer Name = Windows-PC | Source = Symantec AntiVirus | ID = 16711754
Description = SONAR has generated an error: code 0: description: Definition Failure

Error - 12/3/2012 6:50:22 PM | Computer Name = Windows-PC | Source = Symantec AntiVirus | ID = 16711760
Description = Symantec Endpoint Protection has failed to load the latest virus definitions.

Error - 12/3/2012 10:51:07 PM | Computer Name = Windows-PC | Source = Symantec AntiVirus | ID = 16711754
Description = SONAR has generated an error: code 0: description: Definition Failure

Error - 12/3/2012 10:51:19 PM | Computer Name = Windows-PC | Source = Symantec AntiVirus | ID = 16711760
Description = Symantec Endpoint Protection has failed to load the latest virus definitions.

Error - 12/4/2012 1:56:13 AM | Computer Name = Windows-PC | Source = Symantec AntiVirus | ID = 16711753
Description = SONAR has generated an error: code 1: description: Heuristic Scan
or Load Failure

Error - 12/4/2012 2:25:58 PM | Computer Name = Windows-PC | Source = Symantec AntiVirus | ID = 16711753
Description = SONAR has generated an error: code 1: description: Heuristic Scan
or Load Failure

Error - 12/4/2012 2:32:33 PM | Computer Name = Windows-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Cookie:[email protected]/
by: Manual scan. Action: Delete succeeded. Action Description: The file was deleted
successfully.

Error - 12/4/2012 3:06:54 PM | Computer Name = Windows-PC | Source = Symantec AntiVirus | ID = 16711754
Description = SONAR has generated an error: code 0: description: Definition Failure

[ System Events ]
Error - 12/4/2012 9:20:38 PM | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/4/2012 9:20:38 PM | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/4/2012 9:22:46 PM | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/4/2012 9:22:46 PM | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/4/2012 9:22:46 PM | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/4/2012 9:27:46 PM | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/4/2012 9:27:46 PM | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/4/2012 9:27:46 PM | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/4/2012 9:29:52 PM | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/4/2012 9:29:52 PM | Computer Name = Windows-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >
  • 0

#9
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I am looking over your logs now and should have a fix for you in the morning.
  • 0

#10
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi tstumo,

Let's get started.

Step 1: Run OTL fix in Safe Mode.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :OTL
    SRV - [2012/11/08 00:30:32 | 000,568,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
    
    O2 - BHO: (Swiki_IE) - {A2B6C1C5-ACDE-415E-A965-9FCB42E95952} - C:\Program Files\Swiki_IE\ScriptHost.dll (Swiki)
    
    O4 - HKLM..\Run: [PC Optimizer Pro] C:\Program Files\PC Optimizer Pro\StartApps.exe (Tweaking Tools)
    O4 - HKU\S-1-5-21-950042818-4151037037-2502909626-1000..\Run: [] C:\Users\Windows\vocluljrqqlijwblrm.exe ()
    O4 - HKU\S-1-5-21-950042818-4151037037-2502909626-1000..\Run: [Shop To Win] C:\Program Files\Shop To Win\ShopToWin.exe (Jackpot Rewards)
    
    [2012/11/30 14:02:29 | 000,100,352 | ---- | M] () -- C:\Users\Windows\mvvnsonztqrgmfjxaugr.exe
    [2012/11/30 14:02:28 | 000,121,344 | ---- | M] () -- C:\Users\Windows\vocluljrqqlijwblrm.exe
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Please try to boot into Normal mode now. If you can, please do the following steps.

Step 1: Uninstall programs. Please uninstall the following programs using the "Programs and Features" menu in the Control Panel. If one does not show up, just skip it.
  • Shop To Win
  • DefaultTab Chrome
  • PC Optimizer Pro
  • Swiki_IE
  • Swiki version 1.0

Step 2: Remove bad Chrome extensions.

Please type chrome:extensions into the address bar of your Chrome browser. Locate each of the following extensions in the list and uninstall them.
  • Swiki -> There may be two extensions by this name. Remove them both.
  • Shop to Win 37
  • DefaultTab

Step 3: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Step 4: Get a fresh OTL log.

Please open OTL, click the "Quick Scan" button, and post the resulting log.

Things I need in your next reply:
  • OTL fix log
  • aswMBR log
  • fresh OTL log
  • Please describe any current symptoms on your computer.

  • 0

Advertisements


#11
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hey Buddierdl. Thanks again for your help.

OTL Fix

========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
Service DefaultTabSearch stopped successfully!
Service DefaultTabSearch deleted successfully!
C:\Program Files\DefaultTab\DefaultTabSearch.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2B6C1C5-ACDE-415E-A965-9FCB42E95952}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2B6C1C5-ACDE-415E-A965-9FCB42E95952}\ deleted successfully.
C:\Program Files\Swiki_IE\ScriptHost.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PC Optimizer Pro deleted successfully.
C:\Program Files\PC Optimizer Pro\StartApps.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-950042818-4151037037-2502909626-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Windows\vocluljrqqlijwblrm.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-950042818-4151037037-2502909626-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Shop To Win deleted successfully.
C:\Program Files\Shop To Win\ShopToWin.exe moved successfully.
C:\Users\Windows\mvvnsonztqrgmfjxaugr.exe moved successfully.
File C:\Users\Windows\vocluljrqqlijwblrm.exe not found.

OTL by OldTimer - Version 3.2.69.0 log created on 12072012_141117

aswMBR
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-07 14:29:51
-----------------------------
14:29:51.998 OS Version: Windows 6.1.7601 Service Pack 1
14:29:51.998 Number of processors: 2 586 0x6802
14:29:51.998 ComputerName: WINDOWS-PC UserName: Windows
14:29:52.669 Initialize success
14:30:42.980 AVAST engine defs: 12120700
14:30:54.181 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
14:30:54.196 Disk 0 Vendor: WDC_WD2500BEVS-60UST0 01.01A01 Size: 238475MB BusType: 3
14:30:54.212 Disk 0 MBR read successfully
14:30:54.227 Disk 0 MBR scan
14:30:54.227 Disk 0 Windows 7 default MBR code
14:30:54.243 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226502 MB offset 63
14:30:54.274 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11970 MB offset 463876875
14:30:54.290 Disk 0 scanning sectors +488392065
14:30:54.352 Disk 0 scanning C:\Windows\system32\drivers
14:31:06.473 Service scanning
14:31:33.884 Modules scanning
14:31:43.884 Disk 0 trace - called modules:
14:31:43.915 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
14:31:43.915 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ed97f0]
14:31:43.931 3 CLASSPNP.SYS[8b3ae59e] -> nt!IofCallDriver -> [0x85a51918]
14:31:43.947 5 ACPI.sys[8ac303d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85ab7030]
14:31:45.304 AVAST engine scan C:\Windows
14:31:47.815 AVAST engine scan C:\Windows\system32
14:35:47.973 AVAST engine scan C:\Windows\system32\drivers
14:36:05.571 AVAST engine scan C:\Users\Windows
14:53:19.934 AVAST engine scan C:\ProgramData
14:54:59.384 Scan finished successfully
15:11:30.860 Disk 0 MBR has been saved successfully to "C:\Users\Windows\Desktop\MBR.dat"
15:11:30.875 The log file has been saved successfully to "C:\Users\Windows\Desktop\aswMBR.txt"



Fresh OTL

OTL logfile created on: 12/7/2012 3:12:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Windows\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 64.37% Memory free
5.87 Gb Paging File | 4.73 Gb Available in Paging File | 80.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.19 Gb Total Space | 172.54 Gb Free Space | 78.01% Space Free | Partition Type: NTFS
Drive D: | 11.69 Gb Total Space | 1.98 Gb Free Space | 16.98% Space Free | Partition Type: NTFS

Computer Name: WINDOWS-PC | User Name: Windows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/04 20:25:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
PRC - [2012/10/29 17:54:39 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/10/29 17:54:23 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/10/27 19:18:18 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 11:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/10/30 18:23:34 | 001,667,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
PRC - [2011/10/30 18:23:32 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2006/09/06 08:42:00 | 000,143,360 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
PRC - [2006/08/16 00:12:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/07/05 13:37:00 | 000,253,952 | ---- | M] () -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll


========== Services (SafeList) ==========

SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/29 17:54:39 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/10/29 17:54:23 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/27 19:18:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/20 18:49:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/10/30 18:23:34 | 001,667,328 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe -- (SmcService)
SRV - [2011/10/30 18:23:34 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe -- (SNAC)
SRV - [2011/10/30 18:23:32 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Windows\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/11/28 14:01:52 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20121207.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/11/28 14:01:52 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20121207.003\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/29 17:54:23 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/24 17:33:19 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121130.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/31 19:19:53 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20121205.006\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/30 17:18:29 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/30 17:18:29 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/20 20:16:59 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/06/08 11:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 11:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/10/30 18:23:36 | 000,758,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2011/10/30 18:23:36 | 000,522,872 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\srtsp.sys -- (SRTSP)
DRV - [2011/10/30 18:23:36 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys -- (SymDS)
DRV - [2011/10/30 18:23:36 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\symnets.sys -- (SYMNETS)
DRV - [2011/10/30 18:23:36 | 000,137,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2011/10/30 18:23:36 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C0103E8\009D.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/09 01:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/03/06 10:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/11 01:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 10 D6 D8 F3 66 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: c:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Windows\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\ [2012/12/07 14:17:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/07/20 20:33:24 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.yahoo.com/
CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....44,17094,0,11,0
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Windows\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Windows\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Windows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36CF6CE5-FADE-4A07-96EC-C6C4A8AA625F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB36FA1-7F1C-45E7-980E-90A35C9D2500}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{d33ed4d7-dc1a-11e1-845c-001e686c5cfd}\Shell - "" = AutoRun
O33 - MountPoints2\{d33ed4d7-dc1a-11e1-845c-001e686c5cfd}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/07 14:25:09 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Windows\Desktop\aswMBR.exe
[2012/12/07 14:11:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/04 23:28:29 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\ElevatedDiagnostics
[2012/12/04 20:25:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2012/11/28 17:42:26 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Malwarebytes
[2012/11/28 17:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/28 17:42:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/28 17:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/28 17:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/25 18:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/25 18:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/25 18:50:53 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/11/16 00:37:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/10 18:04:11 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\Apple Computer
[2012/11/10 18:04:11 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Apple Computer
[2012/11/10 18:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/10 18:03:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/11/10 18:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/10 18:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/10 18:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/10 18:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/10 18:00:40 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Local\Apple
[2012/11/10 18:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/11/10 18:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/11/10 17:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/11/10 17:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/11/09 22:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2012/11/09 22:51:43 | 000,000,000 | ---D | C] -- C:\Users\Windows\AppData\Roaming\PlayFirst
[2012/11/09 22:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayFirst
[2012/11/09 22:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\PlayFirst

========== Files - Modified Within 30 Days ==========

[2012/12/07 15:11:30 | 000,000,512 | ---- | M] () -- C:\Users\Windows\Desktop\MBR.dat
[2012/12/07 14:25:36 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Windows\Desktop\aswMBR.exe
[2012/12/07 14:25:28 | 000,019,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/07 14:25:28 | 000,019,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/07 14:21:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950042818-4151037037-2502909626-1000UA.job
[2012/12/07 14:18:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/07 14:16:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/07 14:15:28 | 2364,739,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/04 20:25:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows\Desktop\OTL.exe
[2012/12/02 10:21:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-950042818-4151037037-2502909626-1000Core.job
[2012/11/28 18:25:11 | 468,769,572 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/28 17:42:17 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/25 18:50:54 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/23 09:12:57 | 000,412,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/22 08:37:41 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/22 08:37:41 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/10 21:40:10 | 006,227,178 | ---- | M] () -- C:\Users\Windows\Documents\13-chris_brown-dont_wake_me_up-whoa.mp3
[2012/11/10 21:40:09 | 009,740,194 | ---- | M] () -- C:\Users\Windows\Documents\12-chris_brown-party_hard_-_cadillac_(interlude)_(feat._sevyn)-whoa.mp3
[2012/11/10 21:40:07 | 007,380,632 | ---- | M] () -- C:\Users\Windows\Documents\11-chris_brown-4_years_old-whoa.mp3
[2012/11/10 21:40:05 | 007,510,128 | ---- | M] () -- C:\Users\Windows\Documents\10-chris_brown-stuck_on_stupid-whoa.mp3
[2012/11/10 21:40:04 | 005,382,927 | ---- | M] () -- C:\Users\Windows\Documents\09-chris_brown-strip_(feat._kevin_mccall)-whoa.mp3
[2012/11/10 21:40:03 | 006,097,979 | ---- | M] () -- C:\Users\Windows\Documents\08-chris_brown-sweet_love-whoa.mp3
[2012/11/10 21:40:02 | 007,240,817 | ---- | M] () -- C:\Users\Windows\Documents\07-chris_brown-biggest_fan-whoa.mp3
[2012/11/10 21:40:00 | 007,612,271 | ---- | M] () -- C:\Users\Windows\Documents\06-chris_brown-2012-whoa.mp3
[2012/11/10 21:39:59 | 007,062,413 | ---- | M] () -- C:\Users\Windows\Documents\05-chris_brown-dont_judge_me-whoa.mp3
[2012/11/10 21:39:58 | 008,024,368 | ---- | M] () -- C:\Users\Windows\Documents\04-chris_brown-mirage_(feat._nas)-whoa.mp3
[2012/11/10 21:39:57 | 007,834,525 | ---- | M] () -- C:\Users\Windows\Documents\03-chris_brown-till_i_die_(feat._big_sean_and_wiz_khalifa)-whoa.mp3
[2012/11/10 21:39:56 | 007,820,555 | ---- | M] () -- C:\Users\Windows\Documents\02-chris_brown-bassline-whoa.mp3
[2012/11/10 21:39:55 | 007,412,778 | ---- | M] () -- C:\Users\Windows\Documents\01-chris_brown-turn_up_the_music-whoa.mp3
[2012/11/10 21:39:54 | 007,094,904 | ---- | M] () -- C:\Users\Windows\Documents\19-chris_brown-touch_me_(feat._sevyn)-whoa.mp3
[2012/11/10 21:39:54 | 000,300,936 | ---- | M] () -- C:\Users\Windows\Documents\00-chris_brown-fortune_(deluxe_edition)-2012-whoa.jpg
[2012/11/10 21:39:53 | 007,508,914 | ---- | M] () -- C:\Users\Windows\Documents\18-chris_brown-wait_for_you-whoa.mp3
[2012/11/10 21:39:52 | 006,809,074 | ---- | M] () -- C:\Users\Windows\Documents\17-chris_brown-remember_my_name_(feat._sevyn)-whoa.mp3
[2012/11/10 21:39:51 | 007,866,479 | ---- | M] () -- C:\Users\Windows\Documents\16-chris_brown-free_run-whoa.mp3
[2012/11/10 21:39:49 | 007,839,051 | ---- | M] () -- C:\Users\Windows\Documents\15-chris_brown-tell_somebody-whoa.mp3
[2012/11/10 21:39:48 | 007,635,156 | ---- | M] () -- C:\Users\Windows\Documents\14-chris_brown-trumpet_lights_(feat._sabrina_antoinette)-whoa.mp3
[2012/11/10 18:04:04 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/09 22:51:42 | 000,001,102 | ---- | M] () -- C:\Users\Windows\Desktop\Get More Games at PlayFirst.com.lnk
[2012/11/09 22:51:42 | 000,001,061 | ---- | M] () -- C:\Users\Windows\Desktop\Diner Dash 2.lnk

========== Files Created - No Company Name ==========

[2012/12/07 15:11:30 | 000,000,512 | ---- | C] () -- C:\Users\Windows\Desktop\MBR.dat
[2012/11/28 17:42:17 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/22 08:27:21 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/22 08:23:53 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/10 18:04:04 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/10 18:00:37 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/11/09 22:51:42 | 000,001,102 | ---- | C] () -- C:\Users\Windows\Desktop\Get More Games at PlayFirst.com.lnk
[2012/11/09 22:51:42 | 000,001,061 | ---- | C] () -- C:\Users\Windows\Desktop\Diner Dash 2.lnk
[2012/09/16 16:04:25 | 000,000,081 | ---- | C] () -- C:\Windows\spwdrhsa.INI
[2012/07/20 23:41:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/09/15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/09 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\PlayFirst

========== Purity Check ==========



< End of report >

So far things look fine. I'm going to restart the computer a few times in normal mode and see if things are operational.
  • 0

#12
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi tstumo,

You're logs look good. Let run a few scans to check your security and sweep for remnants.

Step 1: Run SecurityCheck.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.

  • Open Malwarebytes and make sure it is updated.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any remaining problems?

  • 0

#13
tstumo

tstumo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
security check log

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 7
Java version out of Date!
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


MBAM

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.08.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Windows :: WINDOWS-PC [administrator]

Protection: Enabled

12/8/2012 3:32:30 PM
mbam-log-2012-12-08 (15-32-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198585
Time elapsed: 7 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET log

C:\Users\Windows\AppData\Local\Temp\YontooSetup-S.exe multiple threats cleaned by deleting - quarantined
C:\Users\Windows\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\10663c71-161e497d a variant of Java/Exploit.CVE-2012-5076.M trojan deleted - quarantined
C:\_OTL\MovedFiles\12072012_141117\C_Users\Windows\mvvnsonztqrgmfjxaugr.exe a variant of Win32/Injector.ZVR trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12072012_141117\C_Users\Windows\vocluljrqqlijwblrm.exe Win32/LockScreen.AKU trojan cleaned by deleting - quarantined

wasnt sure if this was the log for eset. had a hard time seeing a button that said save log or anything along those lines so I hope that was it. It did say it found and removed 4 files. so far no issues have been present and no signs of the fbi virus.
  • 0

#14
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Congratulations, tstumo :). Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

Please update these programs, as old versions pose a security risk.
  • Java
    Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.
  • Any logs or removal tools left over can be deleted now.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access.
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Protection tab.
    • Un-check the boxes next to your hard drives.
    • Click Apply, and then click OK.
  • Reboot.
  • Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Protection tab.
  • Check the boxes next to your hard drives.
  • Click Apply, and then click OK.

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

  • Download OTC to your desktop and run it
  • Click Cleanup to begin cleaning up our tools and logs.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Defragment your hard drive. Your hard drive is showing 11% fragmentation. This refers to how your files are spread out on the physical "disk" in your hard drive. You could possibly gain a little better performance from your PC if you defragment your hard drive. Instructions can be found here.

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click onAll Programs, then Windows Update.
  • Click on Change Settings in the left pane and then check the option for Automatic Updates.

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

#15
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi tstumo,

I made a mistake in my cleanup speech above. Instead of running OTC, I meant to recommend TFC for cleaning up temporary files.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP