Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ICE Rasomware Virus on Windows 7 PC [Solved]


  • This topic is locked This topic is locked

#1
Littleyog

Littleyog

    Member

  • Member
  • PipPip
  • 10 posts
I have been infected with the ICE Virus. Everytime I start up the computer in my username the ICE Screen appears. I have tried KickStart Pro to correct issue. I have attempted to log on in safe mode and safe mode with network support without success. The only thing I was able to do was get to safe mode with command prompt. From here I was able to create a new user which I was able to log onto successfully. I then ran malwarebytes to attempt to delete the ransomware but it did not seem to find it. I would greatly appreciate some expert help.


Thanks in advance.
  • 0

Advertisements


#2
Littleyog

Littleyog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
My apologies... I forgot to add the OTL..

OTL logfile created on: 6/26/2013 8:39:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\removevirus\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 66.91% Memory free
6.49 Gb Paging File | 5.39 Gb Available in Paging File | 82.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.85 Gb Total Space | 12.79 Gb Free Space | 18.06% Space Free | Partition Type: NTFS
Drive D: | 312.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KEVINPC | User Name: removevirus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/26 20:38:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\removevirus\Desktop\OTL.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/03/08 10:24:22 | 000,708,721 | ---- | M] ( ) -- C:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/07 08:02:06 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2012/08/07 08:02:00 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2012/08/07 08:01:46 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/03/14 22:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2009/09/13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/08 10:23:16 | 002,641,920 | ---- | M] () -- C:\Program Files\TSST Korea\FW LiveUpdate\LiveUpdate.dat
MOD - [2013/01/19 14:41:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/19 14:41:27 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/19 14:41:00 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
MOD - [2009/06/17 12:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 12:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 12:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL


========== Services (SafeList) ==========

SRV - [2013/05/29 08:23:19 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/08/07 08:02:06 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2012/08/07 08:02:00 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/02/24 23:00:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/25 18:40:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/11/18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2013/06/24 07:12:41 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130620.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/22 06:59:28 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130626.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 06:59:27 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130626.002\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 20:43:56 | 000,339,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symnets.sys -- (SymNetS)
DRV - [2013/04/15 22:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ccsetx86.sys -- (ccSet_NIS)
DRV - [2013/03/04 21:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013/03/04 21:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2013/01/21 02:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/18 17:43:10 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130625.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/09 07:13:29 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/16 03:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.3.1.22
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...397&lg=EN&cc=US
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 92 59 53 C5 72 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2013/06/26 20:35:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\ [2013/01/21 17:20:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/29 08:23:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/29 08:23:05 | 000,000,000 | ---D | M]

[2013/05/29 08:23:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/29 08:22:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/29 08:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/29 08:23:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2011/06/08 21:10:36 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/06/08 21:10:36 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/09/13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/09/13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Updater For Verizon Toolbar) - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files\verizontb\auxi\verizonAu.dll (Visicom Media)
O2 - BHO: (Browese2ssaaviee) - {B493F06C-A286-CDBF-841A-37DC3A8760D0} - C:\ProgramData\Browese2ssaaviee\5139f4b80e901.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Name of App] C:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe ( )
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKey = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnextDisconnect = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\cachecleaner.cab (F5 Networks CacheCleaner)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\f5syschk.cab (F5 Networks OS Policy Agent)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72066CE0-8361-47B5-9451-1005729F6CDD}: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FABA7FF3-F94A-4F2C-BFC4-74D5F725630E}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/26 20:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/06/26 20:38:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\removevirus\Desktop\OTL.exe
[2013/06/26 19:34:49 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Roaming\Malwarebytes
[2013/06/26 19:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/26 19:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/26 19:34:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/26 19:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/26 19:34:14 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Local\Programs
[2013/06/26 19:30:33 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Roaming\ICAClient
[2013/06/26 19:30:29 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Local\SupportSoft
[2013/06/26 19:30:24 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Roaming\Apple Computer
[2013/06/26 19:30:23 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Local\Citrix
[2013/06/26 19:30:06 | 000,000,000 | R--D | C] -- C:\Users\removevirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/06/26 19:30:06 | 000,000,000 | R--D | C] -- C:\Users\removevirus\Searches
[2013/06/26 19:30:06 | 000,000,000 | R--D | C] -- C:\Users\removevirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/06/26 19:30:05 | 000,000,000 | -H-D | C] -- C:\Users\removevirus\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/06/26 19:29:54 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Roaming\Identities
[2013/06/26 19:29:50 | 000,000,000 | R--D | C] -- C:\Users\removevirus\Contacts
[2013/06/26 19:29:36 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Roaming\Adobe
[2013/06/26 19:28:28 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Local\VirtualStore
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\AppData\Local\Temporary Internet Files
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\Templates
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\Start Menu
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\SendTo
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\Recent
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\PrintHood
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\NetHood
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\Documents\My Videos
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\Documents\My Pictures
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\Documents\My Music
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\My Documents
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\Local Settings
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\AppData\Local\History
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\Cookies
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\Application Data
[2013/06/26 19:28:14 | 000,000,000 | -HSD | C] -- C:\Users\removevirus\AppData\Local\Application Data
[2013/06/26 19:28:13 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Local\Temp
[2013/06/26 19:28:13 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Local\Microsoft Help
[2013/06/26 19:28:13 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Local\Microsoft
[2013/06/26 19:28:13 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Roaming\Media Center Programs
[2013/06/26 19:28:13 | 000,000,000 | ---D | C] -- C:\Users\removevirus\AppData\Roaming\Macromedia
[2013/06/26 19:28:12 | 000,000,000 | --SD | C] -- C:\Users\removevirus\AppData\Roaming\Microsoft
[2013/06/26 19:28:12 | 000,000,000 | R--D | C] -- C:\Users\removevirus\Videos
[2013/06/26 19:28:12 | 000,000,000 | R--D | C] -- C:\Users\removevirus\Saved Games
[2013/06/26 19:28:12 | 000,000,000 | R--D | C] -- C:\Users\removevirus\Pictures
[2013/06/26 19:28:12 | 000,000,000 | R--D | C] -- C:\Users\removevirus\Music
[2013/06/26 19:28:12 | 000,000,000 | R--D | C] -- C:\Users\removevirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/06/26 19:28:12 | 000,000,000 | R--D | C] -- C:\Users\removevirus\Links
[2013/06/26 19:28:12 | 000,000,000 | R--D | C] -- C:\Users\removevirus\Favorites
[2013/06/26 19:28:12 | 000,000,000 | R--D | C] -- C:\Users\removevirus\Downloads
[2013/06/26 19:28:12 | 000,000,000 | R--D | C] -- C:\Users\removevirus\Documents
[2013/06/26 19:28:12 | 000,000,000 | R--D | C] -- C:\Users\removevirus\Desktop
[2013/06/26 19:28:12 | 000,000,000 | R--D | C] -- C:\Users\removevirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/06/26 19:28:12 | 000,000,000 | -H-D | C] -- C:\Users\removevirus\AppData
[2013/06/25 21:28:04 | 000,000,000 | ---D | C] -- C:\$Anvi Rescue Disk$
[2013/06/25 15:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/25 12:14:04 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/06/02 16:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/06/02 16:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab
[2013/05/29 08:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/06/26 20:43:04 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 20:43:03 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 20:38:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\removevirus\Desktop\OTL.exe
[2013/06/26 20:36:22 | 000,000,196 | ---- | M] () -- C:\Users\removevirus\AppData\Roaming\TSSTLiveUpdateConfig.ini
[2013/06/26 20:34:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/26 20:34:37 | 2615,787,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/26 20:33:22 | 001,097,643 | ---- | M] () -- C:\ProgramData\2433f433
[2013/06/26 20:05:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1067918926-534509289-3002198927-1001UA.job
[2013/06/26 19:34:34 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/26 19:31:16 | 000,001,407 | ---- | M] () -- C:\Users\removevirus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/25 20:29:12 | 000,003,344 | ---- | M] () -- C:\bootsqm.dat
[2013/06/25 15:59:28 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/25 15:59:28 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/25 15:46:47 | 000,001,540 | ---- | M] () -- C:\Windows\System32\.crusader
[2013/06/25 14:12:48 | 000,002,423 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/06/25 14:12:23 | 001,900,209 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB
[2013/06/24 08:05:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1067918926-534509289-3002198927-1001Core.job
[2013/06/24 07:12:41 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/06/24 07:12:41 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/06/24 07:12:41 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/06/04 02:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\isolate.ini

========== Files Created - No Company Name ==========

[2013/06/26 20:33:22 | 001,097,643 | ---- | C] () -- C:\ProgramData\2433f433
[2013/06/26 19:34:34 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/26 19:31:16 | 000,001,407 | ---- | C] () -- C:\Users\removevirus\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/26 19:30:55 | 000,000,196 | ---- | C] () -- C:\Users\removevirus\AppData\Roaming\TSSTLiveUpdateConfig.ini
[2013/06/26 19:29:36 | 000,001,413 | ---- | C] () -- C:\Users\removevirus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/06/26 19:28:13 | 000,000,290 | ---- | C] () -- C:\Users\removevirus\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/06/26 19:28:13 | 000,000,272 | ---- | C] () -- C:\Users\removevirus\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/06/25 20:29:12 | 000,003,344 | ---- | C] () -- C:\bootsqm.dat
[2013/06/25 15:46:47 | 000,001,540 | ---- | C] () -- C:\Windows\System32\.crusader
[2013/02/11 13:02:16 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/26 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\removevirus\AppData\Roaming\ICAClient

========== Purity Check ==========



< End of report >
  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Littleyog,

Welcome to Geekstogo.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. The 32 bit one will be the right version for you.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#4
Littleyog

Littleyog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks emeraldnzl for your help.

Here is the FRST.txt....
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-07-2013 01
Ran by removevirus (administrator) on 01-07-2013 07:17:48
Running from C:\Users\removevirus\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\tgsrvc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
( ) C:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(SupportSoft, Inc.) C:\Program Files\VERIZONDM\bin\sprtcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry [x]
HKLM\...\Run: [Name of App] C:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exe r [708721 2013-03-08] ( )
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-13] (Citrix Systems, Inc.)
HKLM\...\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [110592 2004-01-07] (Sonic Solutions)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2012-08-07] (SupportSoft, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] %SystemRoot%\system32\shell32.dll ATTENTION! ====> ZeroAccess?
HKU\Kevin.Damiano\...\Run: [Google Update] "C:\Users\Kevin.Damiano\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2008-09-03] (Google Inc.)
HKU\Kevin.Damiano\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [ 2010-12-13] ()
HKU\Kevin.Damiano\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\KEVIN~1.DAM\AppData\Local\Temp\eycjaytkbrutscshj.exe [x] <===== ATTENTION
HKU\Kevin.Damiano\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKU\Kevin.Damiano\...\Winlogon: [Shell] cmd.exe [26624 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Kevin.Damiano\...\Command Processor: "C:\Users\KEVIN~1.DAM\AppData\Local\Temp\eycjaytkbrutscshj.exe" <===== ATTENTION!
HKU\Mcx1-KEVINPC\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKU\Mcx1-KEVINPC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [26624 2009-07-13] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Kevin.Damiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.3.1.22
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...=5.5&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM - {01bd49d7-c76b-4310-8beb-14d7e5f322c6} URL = http://search.easyli...397&lg=EN&cc=US
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
BHO: Updater For Verizon Toolbar - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files\verizontb\auxi\verizonAu.dll (Visicom Media)
BHO: Browese2ssaaviee - {B493F06C-A286-CDBF-841A-37DC3A8760D0} - C:\ProgramData\Browese2ssaaviee\5139f4b80e901.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
Toolbar: HKLM - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files\verizontb\verizonDx.dll ()
Toolbar: HKLM - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -BitTorrentBar Toolbar - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\cachecleaner.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\InstallerControl.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\f5InspectionHost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} C:\Users\KEVIN~1.DAM\AppData\Local\Temp\f5tmp\f5syschk.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15111/CTPID.cab
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

========================== Services (Whitelisted) =================

R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
R2 sprtsvc_verizondm; C:\Program Files\VERIZONDM\bin\sprtsvc.exe [206120 2012-08-07] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files\VERIZONDM\bin\tgsrvc.exe [185640 2012-08-07] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130620.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-01-21] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130625.001\IDSvix86.sys [386720 2013-01-18] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130626.002\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130626.002\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
R3 P17; C:\Windows\System32\drivers\P17.sys [1168896 2009-10-16] (Creative Technology Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-01 07:17 - 2013-07-01 07:17 - 00000000 ____D C:\FRST
2013-07-01 07:16 - 2013-07-01 07:17 - 01372463 ____A (Farbar) C:\Users\removevirus\Desktop\FRST.exe
2013-06-26 20:56 - 2013-06-26 20:56 - 00061740 ____A C:\Users\removevirus\Desktop\Extras.Txt
2013-06-26 20:53 - 2013-06-26 20:53 - 00079706 ____A C:\Users\removevirus\Desktop\OTL.Txt
2013-06-26 20:38 - 2013-06-26 20:38 - 00602112 ____A (OldTimer Tools) C:\Users\removevirus\Desktop\OTL.exe
2013-06-26 20:33 - 2013-06-26 20:33 - 01097668 ____A C:\Users\Kevin.Damiano\AppData\Local\2433f433
2013-06-26 20:33 - 2013-06-26 20:33 - 01097643 ____A C:\ProgramData\2433f433
2013-06-26 20:33 - 2013-06-26 20:33 - 01097593 ____A C:\Users\Kevin.Damiano\AppData\Roaming\2433f433
2013-06-26 19:34 - 2013-06-26 19:34 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-26 19:34 - 2013-06-26 19:34 - 00000000 ____D C:\Users\removevirus\AppData\Roaming\Malwarebytes
2013-06-26 19:34 - 2013-06-26 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-26 19:34 - 2013-06-26 19:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-26 19:34 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-26 19:30 - 2013-07-01 07:13 - 00000196 ____A C:\Users\removevirus\AppData\Roaming\TSSTLiveUpdateConfig.ini
2013-06-26 19:30 - 2013-06-26 19:30 - 00000000 ____D C:\Users\removevirus\AppData\Roaming\ICAClient
2013-06-26 19:30 - 2013-06-26 19:30 - 00000000 ____D C:\Users\removevirus\AppData\Roaming\Apple Computer
2013-06-26 19:30 - 2013-06-26 19:30 - 00000000 ____D C:\Users\removevirus\AppData\Local\SupportSoft
2013-06-26 19:30 - 2013-06-26 19:30 - 00000000 ____D C:\Users\removevirus\AppData\Local\Citrix
2013-06-26 19:29 - 2013-06-26 19:29 - 00000000 ____D C:\Users\removevirus\AppData\Roaming\Adobe
2013-06-26 19:28 - 2013-06-26 19:30 - 00000000 ____D C:\users\removevirus
2013-06-26 19:28 - 2013-06-26 19:28 - 00000020 ___SH C:\Users\removevirus\ntuser.ini
2013-06-26 19:28 - 2013-06-26 19:28 - 00000000 ____D C:\Users\removevirus\AppData\Local\VirtualStore
2013-06-26 19:28 - 2010-09-03 21:52 - 00000000 ____D C:\Users\removevirus\AppData\Local\Microsoft Help
2013-06-26 19:28 - 2010-01-25 21:11 - 00000000 ____D C:\Users\removevirus\AppData\Roaming\Macromedia
2013-06-25 21:30 - 2013-06-25 21:30 - 57671680 ____A C:\Windows\System32\config\software.bhv
2013-06-25 21:30 - 2013-06-25 21:30 - 17825792 ____A C:\Windows\System32\config\system.bhv
2013-06-25 21:30 - 2013-06-25 21:30 - 00262144 ____A C:\Windows\System32\config\security.bhv
2013-06-25 21:30 - 2013-06-25 21:30 - 00262144 ____A C:\Windows\System32\config\sam.bhv
2013-06-25 21:30 - 2013-06-25 21:30 - 00262144 ____A C:\Windows\System32\config\default.bhv
2013-06-25 21:28 - 2013-06-25 21:28 - 00000000 ___AD C:\$Anvi Rescue Disk$
2013-06-25 20:29 - 2013-06-25 20:29 - 00003344 ____N C:\bootsqm.dat
2013-06-25 15:46 - 2013-06-25 15:46 - 00001540 ____A C:\Windows\System32\.crusader
2013-06-25 15:27 - 2013-06-25 15:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-25 14:52 - 2013-06-25 14:56 - 09473555 ____A C:\Users\Kevin.Damiano\Downloads\Yurizan.rar.part
2013-06-25 14:52 - 2013-06-25 14:52 - 00000000 ____A C:\Users\Kevin.Damiano\Downloads\Yurizan.rar
2013-06-25 12:14 - 2013-06-25 12:28 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-24 10:06 - 2013-06-24 10:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-24 10:06 - 2013-06-24 10:06 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-14 13:16 - 2013-06-08 07:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 13:16 - 2013-06-08 07:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 13:16 - 2013-06-08 07:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 13:16 - 2013-06-08 07:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 13:16 - 2013-06-08 07:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 13:16 - 2013-06-08 07:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 13:13 - 2013-05-16 21:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-14 13:13 - 2013-05-16 21:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 13:13 - 2013-05-16 21:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 13:13 - 2013-05-16 21:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 13:13 - 2013-05-16 21:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 13:13 - 2013-05-16 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-14 13:13 - 2013-05-16 21:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-14 13:13 - 2013-05-16 21:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 13:13 - 2013-05-16 21:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-14 13:13 - 2013-05-14 04:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-14 06:55 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 06:55 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 06:55 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 06:55 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-14 06:55 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-14 06:55 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-14 06:55 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 06:55 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-14 06:54 - 2013-05-08 01:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 06:54 - 2013-05-06 01:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-14 06:54 - 2013-05-06 01:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-14 06:54 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-02 16:42 - 2013-06-02 16:42 - 00000000 ____D C:\ProgramData\StarApp
2013-06-02 16:41 - 2013-06-02 16:44 - 00000000 ____D C:\ProgramData\SearchNewTab

==================== One Month Modified Files and Folders ========

2013-07-01 07:17 - 2013-07-01 07:17 - 00000000 ____D C:\FRST
2013-07-01 07:17 - 2013-07-01 07:16 - 01372463 ____A (Farbar) C:\Users\removevirus\Desktop\FRST.exe
2013-07-01 07:13 - 2013-06-26 19:30 - 00000196 ____A C:\Users\removevirus\AppData\Roaming\TSSTLiveUpdateConfig.ini
2013-07-01 07:12 - 2009-07-14 00:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 07:12 - 2009-07-14 00:39 - 00046620 ____A C:\Windows\setupact.log
2013-06-26 21:03 - 2010-01-25 02:40 - 01078116 ____A C:\Windows\WindowsUpdate.log
2013-06-26 20:56 - 2013-06-26 20:56 - 00061740 ____A C:\Users\removevirus\Desktop\Extras.Txt
2013-06-26 20:53 - 2013-06-26 20:53 - 00079706 ____A C:\Users\removevirus\Desktop\OTL.Txt
2013-06-26 20:43 - 2009-07-14 00:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-26 20:43 - 2009-07-14 00:34 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-26 20:38 - 2013-06-26 20:38 - 00602112 ____A (OldTimer Tools) C:\Users\removevirus\Desktop\OTL.exe
2013-06-26 20:33 - 2013-06-26 20:33 - 01097668 ____A C:\Users\Kevin.Damiano\AppData\Local\2433f433
2013-06-26 20:33 - 2013-06-26 20:33 - 01097643 ____A C:\ProgramData\2433f433
2013-06-26 20:33 - 2013-06-26 20:33 - 01097593 ____A C:\Users\Kevin.Damiano\AppData\Roaming\2433f433
2013-06-26 20:05 - 2010-07-03 10:10 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067918926-534509289-3002198927-1001UA.job
2013-06-26 19:34 - 2013-06-26 19:34 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-26 19:34 - 2013-06-26 19:34 - 00000000 ____D C:\Users\removevirus\AppData\Roaming\Malwarebytes
2013-06-26 19:34 - 2013-06-26 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-26 19:34 - 2013-06-26 19:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-26 19:30 - 2013-06-26 19:30 - 00000000 ____D C:\Users\removevirus\AppData\Roaming\ICAClient
2013-06-26 19:30 - 2013-06-26 19:30 - 00000000 ____D C:\Users\removevirus\AppData\Roaming\Apple Computer
2013-06-26 19:30 - 2013-06-26 19:30 - 00000000 ____D C:\Users\removevirus\AppData\Local\SupportSoft
2013-06-26 19:30 - 2013-06-26 19:30 - 00000000 ____D C:\Users\removevirus\AppData\Local\Citrix
2013-06-26 19:30 - 2013-06-26 19:28 - 00000000 ____D C:\users\removevirus
2013-06-26 19:29 - 2013-06-26 19:29 - 00000000 ____D C:\Users\removevirus\AppData\Roaming\Adobe
2013-06-26 19:28 - 2013-06-26 19:28 - 00000020 ___SH C:\Users\removevirus\ntuser.ini
2013-06-26 19:28 - 2013-06-26 19:28 - 00000000 ____D C:\Users\removevirus\AppData\Local\VirtualStore
2013-06-25 21:30 - 2013-06-25 21:30 - 57671680 ____A C:\Windows\System32\config\software.bhv
2013-06-25 21:30 - 2013-06-25 21:30 - 17825792 ____A C:\Windows\System32\config\system.bhv
2013-06-25 21:30 - 2013-06-25 21:30 - 00262144 ____A C:\Windows\System32\config\security.bhv
2013-06-25 21:30 - 2013-06-25 21:30 - 00262144 ____A C:\Windows\System32\config\sam.bhv
2013-06-25 21:30 - 2013-06-25 21:30 - 00262144 ____A C:\Windows\System32\config\default.bhv
2013-06-25 21:30 - 2013-02-11 13:05 - 00000000 ____D C:\users\Mcx1-KEVINPC
2013-06-25 21:30 - 2010-01-25 00:03 - 00000000 ____D C:\users\Kevin.Damiano
2013-06-25 21:28 - 2013-06-25 21:28 - 00000000 ___AD C:\$Anvi Rescue Disk$
2013-06-25 20:29 - 2013-06-25 20:29 - 00003344 ____N C:\bootsqm.dat
2013-06-25 15:59 - 2010-01-25 00:05 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-25 15:47 - 2013-06-25 15:27 - 00000000 ____D C:\ProgramData\HitmanPro
2013-06-25 15:46 - 2013-06-25 15:46 - 00001540 ____A C:\Windows\System32\.crusader
2013-06-25 15:08 - 2010-01-25 00:50 - 00408672 ____A C:\Windows\PFRO.log
2013-06-25 14:56 - 2013-06-25 14:52 - 09473555 ____A C:\Users\Kevin.Damiano\Downloads\Yurizan.rar.part
2013-06-25 14:52 - 2013-06-25 14:52 - 00000000 ____A C:\Users\Kevin.Damiano\Downloads\Yurizan.rar
2013-06-25 14:15 - 2013-02-22 08:33 - 00000488 ____A C:\Users\Kevin.Damiano\AppData\Roaming\TSSTLiveUpdateConfig.ini
2013-06-25 14:13 - 2010-01-28 23:11 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-06-25 14:12 - 2010-01-28 23:11 - 00002423 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-06-25 12:28 - 2013-06-25 12:14 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-06-24 10:55 - 2011-01-09 23:21 - 14148096 __ASH C:\Users\Kevin.Damiano\Downloads\Thumbs.db
2013-06-24 10:43 - 2012-09-17 10:44 - 00000000 ____D C:\Users\Kevin.Damiano\AppData\Roaming\Applian FLV and Media Player
2013-06-24 10:06 - 2013-06-24 10:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-24 10:06 - 2013-06-24 10:06 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-24 08:05 - 2010-07-03 10:10 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067918926-534509289-3002198927-1001Core.job
2013-06-24 07:22 - 2010-07-03 10:10 - 00002403 ____A C:\Users\Kevin.Damiano\Desktop\Google Chrome.lnk
2013-06-24 07:12 - 2010-01-28 23:11 - 00142496 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-06-24 07:12 - 2010-01-28 23:11 - 00007611 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-06-14 13:14 - 2010-01-25 07:28 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 06:44 - 2013-05-03 13:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-08 07:42 - 2013-06-14 13:16 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 07:40 - 2013-06-14 13:16 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 07:40 - 2013-06-14 13:16 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 07:40 - 2013-06-14 13:16 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 07:40 - 2013-06-14 13:16 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 07:13 - 2013-06-14 13:16 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-02 19:37 - 2013-03-08 10:49 - 00000000 ____D C:\ProgramData\Byrowse2saavee
2013-06-02 17:50 - 2013-03-08 10:27 - 00000000 ____D C:\ProgramData\Browese2ssaaviee
2013-06-02 16:47 - 2010-08-14 16:48 - 00000000 ____D C:\Program Files\LG Electronics
2013-06-02 16:47 - 2010-01-25 00:47 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-02 16:46 - 2013-03-08 10:26 - 00000000 ____D C:\ProgramData\InstallMate
2013-06-02 16:44 - 2013-06-02 16:41 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-06-02 16:42 - 2013-06-02 16:42 - 00000000 ____D C:\ProgramData\StarApp

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-14 09:27

==================== End Of Log ============================



and here is the addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-07-2013 01
Ran by removevirus at 2013-07-01 07:18:54
Running from C:\Users\removevirus\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader 9.5.3 (Version: 9.5.3)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Amazon MP3 Uploader (Version: 1.0.7)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Applian FLV and Media Player 3.1.1.12 (Version: 3.1.1.12)
BIG-IP Edge Client Components (All Users) (Version: 70.2012.1109.1410)
BitTorrent (Version: 7.2.0)
BitTorrentBar Toolbar (Version: 6.2.7.3)
Bonjour (Version: 3.0.0.10)
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MG5300 series MP Drivers
Canon MG5300 series On-screen Manual
Canon MG5300 series User Registration
Canon MP Navigator EX 5.0
Canon MX850 series
Canon My Printer
CASIO USB Driver V1.2.2474.0623 (Version: 1.2.2474.0623)
Citrix online plug-in - web (Version: 11.2.0.31560)
Citrix online plug-in (DV) (Version: 11.2.0.31560)
Citrix online plug-in (HDX) (Version: 11.2.0.31560)
Citrix online plug-in (USB) (Version: 11.2.0.31560)
Citrix online plug-in (Web) (Version: 11.2.0.31560)
Coupon Printer for Windows (Version: 5.0.0.0)
Creative Audio Control Panel (Version: 2.56)
Creative MediaSource
Creative Software AutoUpdate (Version: 1.40)
Creative Sound Blaster Properties (Version: 1.02)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell ResourceCD
DriverBoost (Version: 8.0.1)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
FW LiveUpdate (Version: 3.0.1.2)
IHA_MessageCenter (Version: 1.8.70)
iTunes (Version: 11.0.2.26)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ SE Development Kit 6 Update 18 (Version: 1.6.0.180)
LightScribe System Software (Version: 1.18.6.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoHelper MergeModules (Version: 1.0.0)
MotoHelper MergeModules (Version: 1.2.0)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero Burning ROM 10 (Version: 10.5.10300)
Nero BurningROM 10 Help (CHM) (Version: 10.5.10100)
Nero BurnRights 10 (Version: 4.2.10300.0.102)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000)
Nero Control Center 10 (Version: 10.2.10600.0.6)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.17400.8.2)
Norton Internet Security (Version: 20.4.0.40)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
QuickTime (Version: 7.73.80.64)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (Version: 4.47)
Sonic RecordNow! (Version: 7.3)
Sonic Update Manager (Version: 2.9)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Verizon Download Manager (Version: 33)
Verizon Toolbar (Version: 6.0.0.22)
Verizon V CAST Media Manager
Vz In Home Agent (Version: 8.03.54)
WinRAR archiver
Wireless-G PCI Adapter
Yahoo! Detect

==================== Restore Points =========================

14-06-2013 13:34:07 Scheduled Checkpoint
14-06-2013 17:12:30 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {04DB6864-849C-4B18-A437-2D449F9ECA4D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {2CFC91AA-4DEC-44F1-905D-841CFD27D670} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-KEVINPC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {373B0AB9-473C-4744-B338-BFD131A8C9FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1067918926-534509289-3002198927-1001Core => C:\Users\Kevin.Damiano\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03] (Google Inc.)
Task: {4722D1EC-B53D-42BE-B068-6EB202D8CCFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CCD67D6-72F5-4F59-A735-F29BC036CB28} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {82851529-7B6D-49AD-A690-530524EDBBE1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {C890E11D-25C3-41DF-9F06-8C25FFE46DE2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1067918926-534509289-3002198927-1001UA => C:\Users\Kevin.Damiano\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03] (Google Inc.)
Task: {DEEACB2F-184E-4432-9A79-75BF848C659C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067918926-534509289-3002198927-1001Core.job => C:\Users\Kevin.Damiano\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067918926-534509289-3002198927-1001UA.job => C:\Users\Kevin.Damiano\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2013 07:29:39 PM) (Source: System Restore) (User: )
Description: The restore point selected was damaged or deleted during the restore (Scheduled Checkpoint).

Error: (06/14/2013 09:28:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/10/2013 09:29:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: ccSvcHst.exe, version: 12.3.1.2, time stamp: 0x50cfbfc9
Faulting module name: ccScanw.dll, version: 12.3.1.2, time stamp: 0x50cfcbad
Exception code: 0xc0000005
Fault offset: 0x0003ba48
Faulting process id: 0x75c
Faulting application start time: 0xccSvcHst.exe0
Faulting application path: ccSvcHst.exe1
Faulting module path: ccSvcHst.exe2
Report Id: ccSvcHst.exe3

Error: (06/02/2013 07:58:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/29/2013 06:55:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/22/2013 06:39:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: FWManager.exe, version: 3.1.1.2, time stamp: 0x51393dc4
Faulting module name: FWManager.exe, version: 3.1.1.2, time stamp: 0x51393dc4
Exception code: 0xc0000005
Fault offset: 0x00038fc8
Faulting process id: 0xf34
Faulting application start time: 0xFWManager.exe0
Faulting application path: FWManager.exe1
Faulting module path: FWManager.exe2
Report Id: FWManager.exe3

Error: (05/21/2013 01:28:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/20/2013 07:26:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 20.0.1.4847, time stamp: 0x51650aee
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000374
Fault offset: 0x000c380b
Faulting process id: 0x1d30
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (05/14/2013 07:08:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17893

Error: (05/14/2013 07:08:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17893


System errors:
=============
Error: (06/26/2013 07:27:06 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (06/26/2013 07:25:06 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
BHDrvx86
ccSet_NIS
CSC
ctxusbm
DfsC
discache
eeCtrl
IDSVix86
NetBIOS
NetBT
nsiproxy
OMCI
Psched
rdbss
spldr
SRTSPX
SymIRON
SymNetS
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (06/26/2013 07:25:06 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (06/26/2013 07:25:06 PM) (Source: Service Control Manager) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (06/26/2013 07:25:06 PM) (Source: Service Control Manager) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%1068

Error: (06/26/2013 07:25:06 PM) (Source: Service Control Manager) (User: )
Description: The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Error: (06/26/2013 07:25:06 PM) (Source: Service Control Manager) (User: )
Description: The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (06/26/2013 07:25:06 PM) (Source: Service Control Manager) (User: )
Description: The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068

Error: (06/26/2013 07:25:06 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (06/26/2013 07:25:06 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (06/26/2013 07:29:39 PM) (Source: System Restore)(User: )
Description: Scheduled Checkpoint

Error: (06/14/2013 09:28:34 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe

Error: (06/10/2013 09:29:49 AM) (Source: Application Error)(User: )
Description: ccSvcHst.exe12.3.1.250cfbfc9ccScanw.dll12.3.1.250cfcbadc00000050003ba4875c01ce65c7844436fbC:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exeC:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccScanw.dlld26de9a2-d1d1-11e2-9764-001111b56dbc

Error: (06/02/2013 07:58:01 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe

Error: (05/29/2013 06:55:11 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe

Error: (05/22/2013 06:39:28 AM) (Source: Application Error)(User: )
Description: FWManager.exe3.1.1.251393dc4FWManager.exe3.1.1.251393dc4c000000500038fc8f3401ce56d890f90b90C:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exeC:\Program Files\TSST Korea\FW LiveUpdate\FWManager.exee08c51d3-c2cb-11e2-bcb9-001111b56dbc

Error: (05/21/2013 01:28:32 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Canon\mp navigator ex 5.0\mpnmlif64.exe

Error: (05/20/2013 07:26:32 AM) (Source: Application Error)(User: )
Description: firefox.exe20.0.1.484751650aeentdll.dll6.1.7601.177254ec49b60c0000374000c380b1d3001ce554b960e85fbC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\SYSTEM32\ntdll.dll1f25c760-c140-11e2-bceb-001111b56dbc

Error: (05/14/2013 07:08:42 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17893

Error: (05/14/2013 07:08:42 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17893


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3326.15 MB
Available physical RAM: 2045.79 MB
Total Pagefile: 6648.53 MB
Available Pagefile: 5336.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:70.85 GB) (Free:12.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (KRD10) (CDROM) (Total:0.31 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4 GB) - (Type=DB)

==================== End Of Log ============================
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Littleyog,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
  • Fixlog.txt
  • ComboFix.txt

  • 0

#6
Littleyog

Littleyog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the fixlog.txt...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-07-2013 01
Ran by removevirus at 2013-07-01 17:29:19 Run:1
Running from C:\Users\removevirus\Desktop
Boot Mode: Normal

==============================================

HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key not found.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
HKU\Kevin.Damiano\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
C:\Users\KEVIN~1.DAM\AppData\Local\Temp\eycjaytkbrutscshj.exe => File/Directory not found.
HKU\Kevin.Damiano\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Kevin.Damiano\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
HKU\Mcx1-KEVINPC\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

==== End of Fixlog ====


Combofix.txt...

ComboFix 13-06-30.01 - removevirus 07/01/2013 17:38:46.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.2344 [GMT -4:00]
Running from: c:\users\removevirus\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\drvrtmp
C:\install.exe
c:\programdata\2433f433
c:\programdata\Browese2ssaaviee
c:\programdata\Browese2ssaaviee\5139f4b80e901.tlb
c:\programdata\Browese2ssaaviee\data\Browese2ssaaviee.dat
c:\programdata\Browese2ssaaviee\settings.ini
c:\programdata\Browese2ssaaviee\uninstall.exe
c:\programdata\Byrowse2saavee
c:\programdata\Byrowse2saavee\513a01b4a1b87.tlb
c:\programdata\Byrowse2saavee\data\Byrowse2saavee.dat
c:\programdata\Byrowse2saavee\settings.ini
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\51abae6149ec7.dll
c:\programdata\SearchNewTab\51abae6149ec7.tlb
c:\programdata\SearchNewTab\settings.ini
c:\users\Kevin.Damiano\AppData\Roaming\2433f433
c:\windows\COUPon~1.ocx
.
.
((((((((((((((((((((((((( Files Created from 2013-06-01 to 2013-07-01 )))))))))))))))))))))))))))))))
.
.
2013-07-01 21:48 . 2013-07-01 21:48 -------- d-----w- c:\users\Mcx1-KEVINPC\AppData\Local\temp
2013-07-01 21:48 . 2013-07-01 21:48 -------- d-----w- c:\users\Kevin.Damiano\AppData\Local\temp
2013-07-01 21:48 . 2013-07-01 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-01 11:17 . 2013-07-01 11:17 -------- d-----w- C:\FRST
2013-06-26 23:34 . 2013-06-26 23:34 -------- d-----w- c:\programdata\Malwarebytes
2013-06-26 23:34 . 2013-06-26 23:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-26 23:34 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-26 23:28 . 2013-06-26 23:30 -------- d-----w- c:\users\removevirus
2013-06-26 01:28 . 2013-06-26 01:28 -------- d---a-w- C:\$Anvi Rescue Disk$
2013-06-25 19:27 . 2013-06-25 19:47 -------- d-----w- c:\programdata\HitmanPro
2013-06-25 16:14 . 2013-06-25 16:28 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-06-24 14:06 . 2013-06-24 14:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-24 14:06 . 2013-06-24 14:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-14 17:16 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-14 17:16 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-14 10:55 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-14 10:55 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-14 10:55 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-14 10:55 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-14 10:55 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-14 10:55 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-14 10:55 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-14 10:55 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-14 10:54 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-14 10:54 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-14 10:54 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-14 10:54 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-10 11:05 . 2013-06-25 18:11 -------- d-----w- c:\windows\system32\drivers\NIS\1404000.028
2013-06-02 20:42 . 2013-06-02 20:42 -------- d-----w- c:\programdata\StarApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 11:12 . 2010-01-29 03:11 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-04-13 04:45 . 2013-05-20 11:32 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-20 11:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-29 11:24 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-20 11:32 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-20 11:32 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-20 11:33 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-08 11:18 . 2013-04-08 11:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-08 11:18 . 2012-07-13 12:13 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-08 11:18 . 2011-08-16 01:50 782240 ----a-w- c:\windows\system32\deployJava1.dll
2009-09-13 04:05 . 2013-05-29 12:23 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-13 04:06 . 2013-05-29 12:23 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-13 04:06 . 2013-05-29 12:23 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-09-13 04:06 . 2013-05-29 12:23 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-13 04:06 . 2013-05-29 12:23 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-13 04:07 . 2013-05-29 12:23 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-13 04:06 . 2013-05-29 12:23 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-13 04:06 . 2013-05-29 12:23 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-08-14 18:33 . 2013-05-29 12:23 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-13 04:06 . 2013-05-29 12:23 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
2010-08-16 17:38 262312 ----a-w- c:\program files\verizontb\auxi\verizonAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2010-08-16 17:38 86696 ----a-w- c:\program files\verizontb\verizonDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files\verizontb\verizonDx.dll" [2010-08-16 86696]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"Name of App"="c:\program files\TSST Korea\FW LiveUpdate\FWManager.exe" [2013-03-08 708721]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2012-08-07 206120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2565520]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Kevin.Damiano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeStartMenu"= 00000000
"MaxRecentDocs"= 0 (0x0)
"NoWinKey"= 0 (0x0)
"NoNetConnextDisconnect"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoControlPanle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-01-25 79360]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1404000.028\SYMDS.SYS [2013-05-21 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1404000.028\SYMEFA.SYS [2013-05-23 934488]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130620.001\BHDrvx86.sys [2013-05-31 1002072]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [2013-04-16 134744]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130628.001\IDSvix86.sys [2013-01-18 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [2013-03-05 175264]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [2013-04-25 339544]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-08-03 352248]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2012-08-07 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2012-08-07 185640]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-21 106656]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067918926-534509289-3002198927-1001Core.job
- c:\users\Kevin.Damiano\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 23:23]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067918926-534509289-3002198927-1001UA.job
- c:\users\Kevin.Damiano\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 23:23]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=20.3.1.22
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B493F06C-A286-CDBF-841A-37DC3A8760D0} - c:\programdata\Browese2ssaaviee\5139f4b80e901.dll
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-01 17:53:52
ComboFix-quarantined-files.txt 2013-07-01 21:53
.
Pre-Run: 16,097,206,272 bytes free
Post-Run: 17,696,067,584 bytes free
.
- - End Of File - - 783BA992CEFCDACE2CE0988BF311B306
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello Littleyog,

Please download AdwCleaner from here to your desktop
  • Click on the blue downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this.

On reboot a log will be produced please post that back here.

After that

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.
When you return please post
  • AdwCleaner log
  • ESET log

  • 0

#8
Littleyog

Littleyog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Everything has run.... I need to restart my PC to see if it works ok. I wanted to attach the logs first.

ESET log:
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8f9d3955714b0d46889bbebb7f82c2c7
# engine=14228
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-02 02:04:03
# local_time=2013-07-01 10:04:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 93 0 135237228 0 0
# compatibility_mode=5893 16776574 100 94 73171152 124275434 0 0
# scanned=172629
# found=4
# cleaned=4
# scan_time=11464
sh=6C5F221B49AD2693D21EE0528FE6286A410D7517 ft=1 fh=fdf8e68f729f4ef4 vn="a variant of Win32/Adware.MultiPlug.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\ProgramData\SearchNewTab\51abae6149ec7.dll.vir"
sh=B0FC12E9EE5E8540E1317D4803CAB1363FE2E06B ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Kevin.Damiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpaainkkkonhafcpekimpjgckomdlpoi\1\513a01b4a19369.25265639.js"
sh=5D270C91E95D41F8C4798ECAE64D2CE0AB8A7A56 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Kevin.Damiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakmocfbambjbomfkigpcgcacmdgbgpp\1\51abae6149c709.44489520.js"
sh=BCBB69C851DD2BCD4D52E65D04B0029B0A511CBF ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Kevin.Damiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfadglpmchodogeodcnkbbmbcdegjej\1\5139f4b80e6b55.56349766.js"

•AdwCleaner log

# AdwCleaner v2.303 - Logfile created 07/01/2013 at 18:36:40
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : removevirus - KEVINPC
# Boot Mode : Normal
# Running from : C:\Users\removevirus\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\BitTorrentBar
Folder Deleted : C:\Program Files\Common Files\FreeCause
Folder Deleted : C:\Program Files\verizontb
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\Users\Kevin.Damiano\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\Kevin.Damiano\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kevin.Damiano\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Kevin.Damiano\AppData\LocalLow\verizontb
Folder Deleted : C:\Users\removevirus\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\removevirus\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\removevirus\AppData\LocalLow\verizontb

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BE13FFA-54AD-4254-8730-FD0E35A74D66}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCSB000062385
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{45052BAA-F05D-4473-98A7-B4E6E04A07AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96673559-E653-4CDC-8923-F89347A952C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8D96645-337C-419B-8792-B6C126145811}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5BE13FFA-54AD-4254-8730-FD0E35A74D66}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F8D96645-337C-419B-8792-B6C126145811}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [4564 octets] - [01/07/2013 18:36:40]

########## EOF - C:\AdwCleaner[S1].txt - [4624 octets] ##########
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Looks as though everything ran successfully.

Look forward to hearing how your machine is after you have rebooted and given it a test run. :)
  • 0

#10
Littleyog

Littleyog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Seems to have worked. I was able to log onto my username without any issues. Was running a little slow to start but seems ok now... I think it was just starting everything up again. Should I run my Norton Scan now?

Thanks so much for your help emeraldnzl.
  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again Littleyog,

Should I run my Norton Scan now?


That would be a good idea. Make sure it is up to date first. As far as I am concerned the ESET one is enough and I think you are good to go.

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#12
Littleyog

Littleyog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I am receiving an error when I attempt to uninstall combofix. It says "Windows cannot find 'Combofix'. Make sure you typed the name correctly, and then try again.
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Is ComboFix.exe still on your desktop?

If so, try this, include the quotes, be sure to copy paste.

From the run box

"c:\documents and settings\User 1\Desktop\ComboFix.exe" /u

If ComboFix is not still on your desktop, download it again, and run the command. You may need to disable your protection software as you did when you first ran it.

Come back and tell me how you got on. :)
  • 0

#14
Littleyog

Littleyog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
That is probably the problem, I am log in under the user that was affected with the virus. I will log back onto the user I used to fix the virus and run those commands.
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Yep sounds right. :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP