Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

advanced system protection and other problems


  • This topic is locked This topic is locked

#1
cyborg555

cyborg555

    Member

  • Member
  • PipPip
  • 15 posts
I'm assisting a friend with an infected computer. It is an HP/Compaq desktop Windows 7 it's a 32 bit system with AMD processor. He had installed the program called Advanced System Protection which I believe to be a fake antivirus. The program would not uninstall. One online source suggested using Rovo to uninstall. The only way I could use it was to reinstall the Advanced System Protection while Rovo was monitoring the installation and then uninstall it. That didn't seem to get rid of the program but numerous problems persist.

All attempts at Windows update are failing. The error codes say it's a problem with Windows installer. Because Windows installer is an integral part of Windows 7 I cannot reinstall it. Some online sites have suggested is a problem with folder permissions on the C:\Windows\Installer folder. However the installer is in C:\Windows\system32 and every time I tried to change permissions on that folder it will not let me.

Even if the Advanced System Protection program is not malware, there may have been other viruses or malware on the machine possibly obtained through ads on Facebook or suspicious emails "I like your profile and I really want to chat with you" (this guy isn't very Internet savvy. God knows what he's clicked on).

Attempts to download various programs such as Super anti-spyware and malware bites have failed to download. The only way I was able to install them was to download the installer file on a different PC and transfer it through file transfer on team viewer. I could then run both of those programs and the scans turned up nothing except the usual tracking cookies.

Attempts to change any system settings such as folder options, taskbar options, notification tray behavior etc. all seems to fail. When you try to make a change to the settings it does not stick. Attempts to disable or remove toolbars from Internet Explorer all fail. In many cases the disable button is gray and cannot be clicked on.

OTL and extra files are attached. This guy does not have a lot of stuff on his PC and so wiping it is an option. I'm not fully investigated but I think he's got an OS in a protected partition. He does not have a Windows installation CD. I would prefer not to wipe and start from scratch if we can come up with a way to repair the system.

The members of this forum have helped me work magic in the past. I'm hoping you can do it again.

OTL logfile created on: 9/19/2013 12:32:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 69.33% Memory free
6.50 Gb Paging File | 5.11 Gb Available in Paging File | 78.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 694.40 Gb Total Space | 531.76 Gb Free Space | 76.58% Space Free | Partition Type: NTFS
Drive E: | 3.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DUKE-HP505B | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/19 12:31:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/09/12 04:31:24 | 004,536,160 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe
PRC - [2013/09/12 04:31:23 | 012,614,496 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/09/12 04:31:23 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/09/12 04:22:33 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2013/09/03 16:42:21 | 000,257,136 | ---- | M] (Microsoft Corporation) -- C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/08/05 16:13:28 | 004,624,712 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2013/06/13 17:14:50 | 000,067,584 | ---- | M] (PasswordBox, Inc.) -- C:\Program Files\PasswordBox\pbbtnService.exe
PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/03/26 18:13:08 | 000,196,624 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
PRC - [2013/02/05 11:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2012/06/18 13:34:28 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2012/03/12 22:02:26 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/06/18 12:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/08/01 05:01:22 | 001,832,192 | ---- | M] (Verdiem) -- C:\Program Files\Verdiem\PowerManager\PowerManager.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 10:31:39 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/15 10:03:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/15 10:02:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 10:02:38 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\62f93ab850d8784b320de819666df705\System.Data.ni.dll
MOD - [2013/08/15 10:02:16 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\548bbc2efbc316bb53319785c6d18c44\PresentationFramework.ni.dll
MOD - [2013/08/15 10:02:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/15 10:01:56 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 10:01:55 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f93d632cb58d2d161d60f7c6d0e725fc\PresentationCore.ni.dll
MOD - [2013/08/15 10:01:45 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/15 10:01:39 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 10:01:36 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/15 10:01:22 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 06:47:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 06:46:07 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\033da6b735d41afaa20309b5e87e2ae0\UIAutomationTypes.ni.dll
MOD - [2013/07/11 06:45:38 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/11/18 16:15:46 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/10/11 21:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/10/11 21:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/07/15 20:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/15 20:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/15 20:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/15 20:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/15 20:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/15 20:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/15 20:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/15 20:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Users\Duke\AppData\Local\temp\7zS4731\hpslpsvc32.dll -- (HPSLPSVC)
SRV - File not found [Auto | Stopped] -- C:\Users\Duke\AppData\Local\Temp\000071~1.EXE -- (0000711334670334mcinstcleanup)
SRV - [2013/09/17 15:39:42 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/12 04:31:23 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/07/30 18:47:46 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/13 17:14:50 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Auto | Running] -- C:\Program Files\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/03/26 18:13:08 | 000,196,624 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe -- (NitroReaderDriverReadSpool3)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/06/18 13:34:28 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/03/12 22:02:26 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/23 14:16:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/18 12:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/01 05:01:20 | 000,075,008 | ---- | M] (Verdiem) [Auto | Stopped] -- C:\Program Files\Verdiem\PowerManager\edsvc.exe -- (edsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wncfomir.sys -- (wncfomir)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Duke\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys -- (AODDriver4.01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\amdiox86.sys -- (amdiox86)
DRV - [2013/07/13 08:58:27 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2013/06/20 20:02:44 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/20 12:43:33 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/04/11 11:06:45 | 000,041,584 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV - [2013/01/10 15:41:34 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/17 21:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/17 21:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/08 14:11:51 | 011,621,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/22 16:17:32 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2010/04/30 18:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 18:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/10 15:28:44 | 000,246,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/07/31 01:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/06/22 23:35:00 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmdt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=13/04/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=13/04/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=13/04/2013
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=13/04/2013
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF.PrevVerNRD: File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/07 01:38:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/07 01:38:59 | 000,000,000 | ---D | M]

[2011/11/20 09:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/09/01 15:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/03 14:58:08 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/08/11 12:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/11 12:19:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/17 15:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/09/17 15:38:28 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files\Mozilla Firefox\updated\extensions\[email protected]
[2013/09/17 15:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/09/17 15:38:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/05/05 11:35:11 | 000,447,746 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15373 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll File not found
O2 - BHO: (PasswordBox Helper) - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (PasswordBox Toolbar) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Edison] C:\Program Files\Verdiem\PowerManager\PowerManager.exe (Verdiem)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLockedUserId = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect1262.cab (GMNRev Class)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2C94D0C-AA1E-41BA-8942-C223B2B830DD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2C94D0C-AA1E-41BA-8942-C223B2B830DD}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/19 12:31:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/09/17 17:08:01 | 000,000,000 | ---D | C] -- C:\Temp
[2013/09/17 15:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/09/17 15:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/09/17 15:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/09/11 18:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/09/11 18:12:12 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2013/09/11 18:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/09/11 18:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/09/11 18:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/09/11 14:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/11 14:40:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/09/11 14:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/11 13:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/09/11 13:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/09/11 13:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/08 18:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/09/08 17:35:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\adawarebp
[2013/09/04 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\LavasoftStatistics
[2013/09/04 16:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013/09/04 16:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/09/04 16:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2013/09/04 15:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Protector
[2013/09/03 13:45:10 | 000,000,000 | ---D | C] -- C:\07374f318e9024eb990d0701ec761199
[2013/09/03 13:42:41 | 000,000,000 | ---D | C] -- C:\560d6bcdc7dfb34c90b4c6087b77d3
[2013/09/03 12:05:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\10 things the intern won’t tell you - 10 things - MarketWatch_files
[2013/09/01 15:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013/09/01 15:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/09/01 15:06:05 | 000,000,000 | ---D | C] -- C:\Mozilla
[2013/08/26 16:43:07 | 000,000,000 | ---D | C] -- C:\Oberon Media
[2013/08/24 01:15:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2013/08/24 01:00:32 | 000,000,000 | ---D | C] -- C:\adawarebp
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/19 12:31:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/09/19 12:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/19 12:29:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/19 12:28:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/09/19 12:19:44 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/19 12:19:37 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/09/19 12:19:37 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/09/19 11:31:31 | 000,005,814 | ---- | M] () -- C:\Windows\mozy.flt
[2013/09/19 11:31:31 | 000,003,272 | ---- | M] () -- C:\Windows\mozy.blk
[2013/09/19 11:17:03 | 000,014,832 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/19 11:17:03 | 000,014,832 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/19 11:10:50 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/09/19 11:09:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/19 11:09:24 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/18 13:58:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 2e906e7d-0589-4821-a51d-f67192fbbb80.job
[2013/09/18 02:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 093a5736-5e31-4ea1-94c3-e1c41bb54106.job
[2013/09/17 17:10:59 | 000,015,202 | ---- | M] () -- C:\mbam-log-2013-09-17 (16-32-24) - Notepad.pdf
[2013/09/17 17:08:01 | 000,000,146 | ---- | M] () -- C:\Windows\System32\~.inf
[2013/09/17 15:48:26 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/09/17 15:48:26 | 000,001,925 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/09/16 22:52:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job
[2013/09/16 18:48:13 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Duke.job
[2013/09/16 11:18:08 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Wise Disk Cleaner Schedule Task.job
[2013/09/15 03:00:02 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
[2013/09/11 20:23:54 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/11 18:12:13 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/09/11 14:40:35 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/11 13:57:43 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/09 00:15:22 | 001,556,784 | ---- | M] () -- C:\Users\Administrator\Documents\Aiming Higher for Indiana's Future.mht
[2013/09/04 13:55:15 | 000,000,229 | ---- | M] () -- C:\prefs.js
[2013/09/04 10:25:37 | 000,007,641 | ---- | M] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2013/09/03 15:52:02 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDuke.job
[2013/09/03 14:20:26 | 000,894,855 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn32.mht
[2013/09/03 14:13:44 | 001,573,257 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn31.mht
[2013/09/03 14:12:44 | 001,573,292 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn30.mht
[2013/09/03 14:11:40 | 001,573,728 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn29.mht
[2013/09/03 14:10:13 | 001,560,448 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn28.mht
[2013/09/03 14:09:11 | 001,573,292 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn27.mht
[2013/09/03 14:07:56 | 001,573,238 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn26.mht
[2013/09/03 14:07:18 | 001,569,272 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn25.mht
[2013/09/03 14:06:37 | 001,573,293 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn24.mht
[2013/09/03 14:05:05 | 001,573,255 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn23.mht
[2013/09/03 14:04:24 | 001,573,292 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn22.mht
[2013/09/03 14:03:50 | 001,573,293 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn21.mht
[2013/09/03 14:03:14 | 001,573,254 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn20.mht
[2013/09/03 14:02:42 | 001,573,293 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn19.mht
[2013/09/03 14:01:41 | 001,573,292 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn18.mht
[2013/09/03 14:01:15 | 001,573,292 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn17.mht
[2013/09/03 14:00:41 | 001,573,294 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn16.mht
[2013/09/03 13:59:57 | 001,573,257 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn15.mht
[2013/09/03 13:59:22 | 001,573,360 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn14.mht
[2013/09/03 13:58:45 | 001,573,172 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn13.mht
[2013/09/03 13:57:57 | 001,573,297 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn12.mht
[2013/09/03 13:57:21 | 001,573,296 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn11.mht
[2013/09/03 13:56:19 | 001,573,297 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn10.mht
[2013/09/03 13:55:33 | 001,573,258 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn9.mht
[2013/09/03 13:54:56 | 001,573,277 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn8.mht
[2013/09/03 13:54:25 | 001,573,259 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn7.mht
[2013/09/03 13:53:23 | 001,573,223 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn6.mht
[2013/09/03 13:52:55 | 001,573,296 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn5.mht
[2013/09/03 13:52:33 | 001,573,261 | ---- | M] () -- C:\Users\Administrator\Documents\4linkedin.mht
[2013/09/03 13:51:57 | 001,573,295 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn3.mht
[2013/09/03 13:51:07 | 001,573,220 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn2.mht
[2013/09/03 13:47:41 | 001,576,185 | ---- | M] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn.mht
[2013/09/03 12:05:53 | 000,132,364 | ---- | M] () -- C:\Users\Administrator\Documents\10 things the intern won’t tell you - 10 things - MarketWatch.htm
[2013/09/01 15:06:08 | 000,000,009 | ---- | M] () -- C:\END
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/17 17:10:57 | 000,015,202 | ---- | C] () -- C:\mbam-log-2013-09-17 (16-32-24) - Notepad.pdf
[2013/09/17 17:08:01 | 000,000,146 | ---- | C] () -- C:\Windows\System32\~.inf
[2013/09/17 15:39:47 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/09/17 15:39:47 | 000,001,925 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/09/11 18:12:13 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/09/11 14:40:35 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/11 13:58:23 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 2e906e7d-0589-4821-a51d-f67192fbbb80.job
[2013/09/11 13:58:23 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 093a5736-5e31-4ea1-94c3-e1c41bb54106.job
[2013/09/11 13:57:43 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/09/09 00:15:20 | 001,556,784 | ---- | C] () -- C:\Users\Administrator\Documents\Aiming Higher for Indiana's Future.mht
[2013/09/04 15:40:33 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2013/09/03 14:20:23 | 000,894,855 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn32.mht
[2013/09/03 14:13:43 | 001,573,257 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn31.mht
[2013/09/03 14:12:43 | 001,573,292 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn30.mht
[2013/09/03 14:11:38 | 001,573,728 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn29.mht
[2013/09/03 14:10:11 | 001,560,448 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn28.mht
[2013/09/03 14:09:09 | 001,573,292 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn27.mht
[2013/09/03 14:07:55 | 001,573,238 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn26.mht
[2013/09/03 14:07:13 | 001,569,272 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn25.mht
[2013/09/03 14:06:36 | 001,573,293 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn24.mht
[2013/09/03 14:05:04 | 001,573,255 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn23.mht
[2013/09/03 14:04:23 | 001,573,292 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn22.mht
[2013/09/03 14:03:48 | 001,573,293 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn21.mht
[2013/09/03 14:03:11 | 001,573,254 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn20.mht
[2013/09/03 14:02:41 | 001,573,293 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn19.mht
[2013/09/03 14:01:40 | 001,573,292 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn18.mht
[2013/09/03 14:01:14 | 001,573,292 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn17.mht
[2013/09/03 14:00:39 | 001,573,294 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn16.mht
[2013/09/03 13:59:56 | 001,573,257 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn15.mht
[2013/09/03 13:59:19 | 001,573,360 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn14.mht
[2013/09/03 13:58:44 | 001,573,172 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn13.mht
[2013/09/03 13:57:56 | 001,573,297 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn12.mht
[2013/09/03 13:57:20 | 001,573,296 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn11.mht
[2013/09/03 13:56:17 | 001,573,297 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn10.mht
[2013/09/03 13:55:32 | 001,573,258 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn9.mht
[2013/09/03 13:54:54 | 001,573,277 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn8.mht
[2013/09/03 13:54:23 | 001,573,259 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn7.mht
[2013/09/03 13:53:21 | 001,573,223 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn6.mht
[2013/09/03 13:52:54 | 001,573,296 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn5.mht
[2013/09/03 13:52:32 | 001,573,261 | ---- | C] () -- C:\Users\Administrator\Documents\4linkedin.mht
[2013/09/03 13:51:56 | 001,573,295 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn3.mht
[2013/09/03 13:51:05 | 001,573,220 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn2.mht
[2013/09/03 13:47:39 | 001,576,185 | ---- | C] () -- C:\Users\Administrator\Documents\People You May Know LinkedIn.mht
[2013/09/03 12:05:50 | 000,132,364 | ---- | C] () -- C:\Users\Administrator\Documents\10 things the intern won’t tell you - 10 things - MarketWatch.htm
[2013/07/18 16:43:11 | 000,000,706 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2013/06/07 14:02:26 | 000,221,292 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2013/06/07 14:02:26 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2013/06/05 12:39:34 | 000,001,684 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2013/05/28 14:05:32 | 000,007,641 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2013/05/06 09:37:31 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/04/15 16:42:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\2c3c3831423a295d594636_c
[2013/04/07 14:57:32 | 000,221,078 | ---- | C] () -- C:\Windows\hpoins19.dat
[2013/04/07 14:57:32 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2013/03/18 16:19:22 | 000,246,000 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys
[2012/10/31 00:53:00 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/06/16 10:02:42 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/05/02 12:11:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/02 12:11:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/02 12:11:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/02 12:11:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/02 12:11:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/12 22:00:40 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2011/12/19 07:18:48 | 000,202,904 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011/10/13 15:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/10/13 15:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/01 05:16:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
[2013/04/11 14:22:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2013/06/04 14:20:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FileOpen
[2013/04/03 19:20:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Free-backup.info
[2013/04/10 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2013/06/04 14:20:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nitro
[2013/06/01 12:34:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nitro PDF
[2013/04/11 23:59:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Oberon Media
[2013/04/11 14:22:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ParetoLogic
[2013/04/07 13:47:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PCCUStubInstaller
[2013/09/11 17:48:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Systweak
[2013/04/11 13:26:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Visan
[2013/09/04 11:05:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Windows Live Writer
[2013/04/08 13:16:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Wise Registry Cleaner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:C5B78274
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:029E021F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:815D61C4
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Attached Files


  • 0

Advertisements


#2
cyborg555

cyborg555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I realize that everyone who offers advice here is a volunteer. I really appreciate the help I gotten in the past. I posted this message several days ago and it has got no reply. Is there anything at all anyone can offer in the way of a strategy if not an actual fix? If not online have to do a complete wipe and I really really hate to do that.
  • 0

#3
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello cyborg555, :wave: Welcome back to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

If you still need assistance let's get a fresh, more in depth, OTL scan and a couple of other scans as well.


Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

  • Click here to go to the RogueKiller download page.
  • Click the Build 32 bits (x86): download button and save the RogueKiller.exe file to the desktop.
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
    NOTE: If this is the first time you have used the program you will need to accept the User Agreement.
  • Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
2. The aswMBR log
3. the RKreport.txt log
  • 0

#4
cyborg555

cyborg555

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I must apologize I should have posted another message here. When I had not gotten a reply from anyone in this forum for several days I had to move on and attempt to do a wipe of the system. I should have posted a disregard message here.

Unfortunately the system wipe did not go well. Supposedly you should be able to punch
f11 during the boot process to get you to a secure partition that has a Windows image on it. That is sort of standard on HP/Compaq computers. When that did not work another form somewhere watching through a process to activate that alternative partition. Either I did so wrong (not likely I think I know what I was doing) or that partition was also corrupt because I ended up turning the thing into a giant brick that will not boot at all. I purchased recovery disks from a third-party and so far they are not working either. I'm going to try to reformat hard drive, see if the recovery disks work after that, and if that does not work I will have to purchase an OEM version of Windows.

Again I apologize for wasting your time. I just got impatient (or rather my friend one helping was impatient) and I had to move on.


  • 0

#5
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I'm sorry you fell through the cracks. That was not our intention. But when we look through the forum we look for posts that don't have any replies. And since you had made a reply, (made necessary because we had not responded yet), the topic got over looked.

Unfortunately the system wipe did not go well. Supposedly you should be able to punch f11 during the boot process to get you to a secure partition that has a Windows image on it. That is sort of standard on HP/Compaq computers...

Well yes and no. See the HP Support Forums page here There are a lot of people who aren't able to get the f-11 key to work on the HP machine.

If you need help reinstalling the system please consider starting a new topic in our Windows Vista/7 Operating System forum. Our system Techs are very knowledgeable and should be able to help you. If you do start a new topic there and want to send me a PM with a link to it I will ask our Techs to look for it.

I apologize again.
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Topic closed at user's request.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP