Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows critical error an restarts


  • This topic is locked This topic is locked
24 replies to this topic

#1 PersonaUser314

PersonaUser314

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 01 July 2012 - 04:52 PM

My problem is as listed in my topic here: http://www.bleepingcomputer.com/forums/topic458953.html
I was advised to make a topic here.

My computer's Microsoft security essentials detects 2 viruses before a message pops up saying that windows has encountered a critical error and must restart. This happens EVEN IN SAFE MODE.

I can't run any of the scans from steps 6-9 suggested in the last topic as my computer will not stay on long enough.

Can anyone help? Or will I be forced to use my last system restore point? (Will that even work?)

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 AM

Posted 02 July 2012 - 12:04 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


download Farbar Recovery Scan Tool and save it to a flash drive.



Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 02 July 2012 - 04:45 PM

Hi, thanks for agreeing to help. Here's the log you asked for:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 02-07-2012 22:41:43
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Lauren\...\Run: [Akamai NetSession Interface] "C:\Users\Lauren\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-25] (Akamai Technologies, Inc)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

================================ Services (Whitelisted) ==================

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 catchme; \??\C:\Users\Lauren\AppData\Local\Temp\catchme.sys [x]
3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]
2 NEWDRIVER; \??\C:\Windows\system32\WinVDEdrv6.sys [x]
3 Profos; \??\C:\Program Files\Virgin Media\Security\BitDefender\profos.sys [x]
4 sptd; C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]
3 Trufos; \??\C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-01 06:34 - 2012-07-01 06:34 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-01 06:33 - 2012-07-01 06:33 - 10288512 ____A (Microsoft Corporation) C:\Users\Lauren\Desktop\mseinstall.exe
2012-06-30 17:29 - 2012-06-30 17:29 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-30 17:25 - 2012-06-30 17:35 - 00140832 ____A C:\Windows\System32\Drivers\str.sys
2012-06-30 16:41 - 2012-06-30 16:41 - 03368064 ____A C:\Users\Lauren\Desktop\Ponderosa.mp3
2012-06-26 10:03 - 2012-06-26 10:03 - 04905600 ____A C:\Users\Lauren\Desktop\Risingson.mp3
2012-06-26 05:43 - 2012-06-26 05:43 - 01694832 ____A C:\Users\Lauren\Desktop\Shadow Chie.png
2012-06-26 02:03 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-26 02:03 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-26 02:03 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-26 02:03 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-26 02:03 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-26 02:03 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-26 02:03 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-26 02:02 - 2012-06-02 06:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-26 02:02 - 2012-06-02 06:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-25 06:26 - 2012-06-25 06:26 - 02849648 ____A C:\Users\Lauren\Desktop\102_a_fierce_good_fight.mp3
2012-06-24 17:24 - 2012-06-24 17:24 - 04068864 ____A C:\Users\Lauren\Desktop\Killer7 - Blackburn.mp3
2012-06-24 17:24 - 2012-06-24 17:24 - 03543552 ____A C:\Users\Lauren\Desktop\Killer7 - Sweet Blue Flag.mp3
2012-06-23 11:28 - 2012-06-23 11:51 - 42191192 ____A C:\Users\Lauren\Desktop\Dog_Tags.mp3
2012-06-22 14:53 - 2012-06-25 07:16 - 00248880 ____A C:\Users\Lauren\Desktop\Mike Franks says wut.png
2012-06-22 14:53 - 2012-06-25 07:16 - 00129481 ____A C:\Users\Lauren\Desktop\Spring Cleaning.png
2012-06-22 12:57 - 2012-06-22 12:57 - 04677504 ____A C:\Users\Lauren\Desktop\The Boxer Rebellion - Caught By The Light.mp3
2012-06-22 10:08 - 2012-06-22 10:32 - 42534337 ____A C:\Users\Lauren\Desktop\Bloodbath.mp3
2012-06-22 09:02 - 2012-06-22 09:02 - 00685601 ____A C:\Users\Lauren\Desktop\13 Orphans.png
2012-06-20 14:12 - 2012-06-20 14:13 - 03930960 ____A C:\Users\Lauren\Desktop\Dbd (While You Can).mp3
2012-06-20 14:12 - 2012-06-20 14:13 - 03229761 ____A C:\Users\Lauren\Desktop\C.S..mp3
2012-06-19 07:45 - 2012-06-19 07:50 - 00000000 ____D C:\Users\Lauren\Desktop\Ib
2012-06-18 08:54 - 2012-06-18 13:39 - 05193539 ____A C:\Users\Lauren\Desktop\Dreamsleep.mp3
2012-06-17 17:34 - 2012-06-18 13:39 - 04742723 ____A C:\Users\Lauren\Desktop\Monochrome.mp3
2012-06-17 17:34 - 2012-06-18 13:39 - 03806529 ____A C:\Users\Lauren\Desktop\Transfer.mp3
2012-06-17 17:34 - 2012-06-18 04:28 - 04826047 ____A C:\Users\Lauren\Desktop\Frozen.mp3
2012-06-17 17:31 - 2012-06-17 17:31 - 00001715 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-17 17:30 - 2012-06-17 17:30 - 00000000 ____D C:\Program Files\iPod
2012-06-17 06:03 - 2012-06-17 06:03 - 00000000 ____D C:\Users\Lauren\AppData\Local\Macromedia
2012-06-16 10:08 - 2012-06-16 10:08 - 00004495 ____A C:\Users\Lauren\AppData\Local\recently-used.xbel
2012-06-15 18:56 - 2012-06-15 18:56 - 03139968 ____A C:\Users\Lauren\Desktop\Strange Sunset (Guiles Theme).mp3
2012-06-15 18:56 - 2012-06-15 18:56 - 03027840 ____A C:\Users\Lauren\Desktop\Stronger (Garudas Theme).mp3
2012-06-15 18:56 - 2012-06-15 18:56 - 02951424 ____A C:\Users\Lauren\Desktop\Sakura Mankai (Hokutos Theme).mp3
2012-06-15 18:56 - 2012-06-15 18:56 - 02441088 ____A C:\Users\Lauren\Desktop\Passage of Lotus (Kairis Theme).mp3
2012-06-15 14:19 - 2012-06-15 14:20 - 00000000 ____D C:\Program Files\Graboid
2012-06-15 09:26 - 2012-06-15 09:26 - 00001777 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-14 17:42 - 2012-06-14 17:42 - 01961088 ____A C:\Users\Lauren\Desktop\Mystery.mp3
2012-06-13 13:39 - 2012-06-18 04:42 - 00189996 ____A C:\Users\Lauren\Desktop\Indubitably.png
2012-06-13 13:39 - 2012-06-18 04:41 - 00428964 ____A C:\Users\Lauren\Desktop\An astute observation.png
2012-06-13 13:07 - 2012-06-13 13:07 - 00000000 ____D C:\Users\All Users\Nexon
2012-06-13 12:10 - 2012-06-13 13:05 - 00000000 ____D C:\Users\All Users\NexonUS
2012-06-13 12:09 - 2012-06-13 12:09 - 00000000 ____D C:\Nexon
2012-06-13 12:05 - 2012-06-20 10:21 - 00000000 ___SD C:\Users\Lauren\Documents\Mabinogi
2012-06-13 11:19 - 2012-06-13 13:39 - 00000000 ____D C:\Users\Lauren\AppData\Local\PMB Files
2012-06-13 11:19 - 2012-06-13 11:19 - 00000000 ____D C:\Users\All Users\PMB Files
2012-06-13 11:19 - 2012-06-13 11:19 - 00000000 ____D C:\Program Files\Pando Networks
2012-06-13 04:40 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 04:40 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 04:40 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 04:40 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 04:40 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 04:40 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 04:40 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-13 04:40 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 04:40 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 04:40 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 04:40 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 04:40 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 04:39 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 04:39 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 04:39 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 04:39 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 04:39 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 04:39 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 04:39 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 04:39 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 04:39 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 04:39 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-11 03:54 - 2012-06-11 03:55 - 02243328 ____A C:\Users\Lauren\Desktop\NCIS Theme.mp3
2012-06-10 16:42 - 2012-06-10 16:42 - 00000121 ____A C:\Users\Lauren\Desktop\secret.txt
2012-06-10 12:58 - 2012-06-10 12:59 - 07351296 ____A C:\Users\Lauren\Desktop\Celldweller - The Last Firstborn.mp3
2012-06-10 10:57 - 2012-06-10 10:57 - 03032122 ____A C:\Users\Lauren\Desktop\SenRetsu Kyaku EX '96 R.mp3
2012-06-10 08:46 - 2012-06-10 08:52 - 00176828 ____A C:\Users\Lauren\Desktop\NCIS Fandom Secret.png
2012-06-10 08:11 - 2012-06-16 10:08 - 00000000 ____D C:\Users\Lauren\.gimp-2.8
2012-06-10 08:11 - 2012-06-10 08:11 - 00000000 ____D C:\Users\Lauren\AppData\Local\gegl-0.2
2012-06-10 08:04 - 2012-06-10 08:04 - 00001011 ____A C:\Users\Lauren\Desktop\GIMP 2.lnk
2012-06-10 08:02 - 2012-06-10 08:04 - 00000000 ____D C:\Program Files\GIMP 2
2012-06-09 14:57 - 2012-06-09 14:57 - 00446464 ____A (OldTimer Tools) C:\Users\Lauren\Desktop\TFC.exe
2012-06-09 12:20 - 2012-06-18 04:40 - 00232170 ____A C:\Users\Lauren\Desktop\Egads!.png
2012-06-09 07:58 - 2012-06-09 07:58 - 00000000 ____D C:\Program Files\ESET
2012-06-09 07:51 - 2012-06-09 07:51 - 00001033 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-09 07:47 - 2012-06-09 07:47 - 00010624 ____A C:\ComboFix.txt
2012-06-09 06:40 - 2012-06-09 06:41 - 04539936 ____A (Swearware) C:\Users\Lauren\Downloads\ComboFix.exe
2012-06-09 03:29 - 2012-06-09 03:29 - 10847608 ____A (Malwarebytes Corporation ) C:\Users\Lauren\Downloads\mbam-setup-1.60.0.1800.exe
2012-06-09 03:29 - 2012-06-09 03:29 - 02620464 ____A (pcsafedoctor.com, Inc. ) C:\Users\Lauren\Downloads\PCSafeDoctor_Setup.exe
2012-06-09 02:34 - 2012-06-09 02:34 - 00610631 ____A C:\Users\Lauren\Desktop\two.png
2012-06-09 02:34 - 2012-06-09 02:34 - 00222681 ____A C:\Users\Lauren\Desktop\She raised her eyebrow at this.....png
2012-06-09 02:34 - 2012-06-09 02:34 - 00010933 ____A C:\Users\Lauren\Desktop\one.png
2012-06-09 02:34 - 2012-06-09 02:34 - 00003849 ____A C:\Users\Lauren\Desktop\persona.txt
2012-06-09 02:34 - 2012-06-09 02:34 - 00001992 ____A C:\Users\Lauren\Desktop\Wild Artifact.txt
2012-06-09 02:34 - 2012-06-09 02:34 - 00000670 ____A C:\Users\Lauren\Desktop\links.txt
2012-06-09 02:34 - 2012-06-09 02:34 - 00000220 ____A C:\Users\Lauren\Desktop\LG Specs.txt
2012-06-09 02:34 - 2012-06-09 02:34 - 00000216 ____A C:\Users\Lauren\Desktop\Terraria.url
2012-06-09 02:34 - 2012-06-09 02:34 - 00000215 ____A C:\Users\Lauren\Desktop\SEGA Genesis & Mega Drive Classics.url
2012-06-09 02:34 - 2012-06-09 02:34 - 00000048 ____A C:\Users\Lauren\Desktop\list.txt
2012-06-09 02:33 - 2012-06-09 02:33 - 09907915 ____A (Adobe Systems, Inc.) C:\Users\Lauren\Desktop\katawa_crash_beta_8-36.exe
2012-06-09 02:33 - 2012-06-09 02:33 - 00520651 ____A C:\Users\Lauren\Desktop\Buffy.png
2012-06-09 02:33 - 2012-06-09 02:33 - 00376885 ____A C:\Users\Lauren\Desktop\ACTUAL CANNIBAL LEA MICHELE.png
2012-06-09 02:33 - 2012-06-09 02:33 - 00023145 ____A C:\Users\Lauren\Desktop\Brain Blast.txt
2012-06-09 02:33 - 2012-06-09 02:33 - 00011412 ____A C:\Users\Lauren\Desktop\A trend!.png
2012-06-09 02:33 - 2012-06-09 02:33 - 00005919 ____A C:\Users\Lauren\Desktop\A trio of BAMFS.png
2012-06-09 02:33 - 2012-06-09 02:33 - 00001553 ____A C:\Users\Lauren\Desktop\Leader times.txt
2012-06-09 02:33 - 2012-06-09 02:33 - 00000733 ____A C:\Users\Lauren\Desktop\Grades.txt
2012-06-09 02:33 - 2012-06-09 02:33 - 00000586 ____A C:\Users\Lauren\Desktop\Glee Stay Night.txt
2012-06-09 02:33 - 2012-06-09 02:33 - 00000215 ____A C:\Users\Lauren\Desktop\Audiosurf.url
2012-06-09 02:25 - 2012-06-09 02:25 - 00004096 ____A C:\Users\Lauren\AppData\Local\keyfile3.drm
2012-06-09 02:23 - 2012-06-09 02:23 - 00008192 ____A C:\BOOTSECT.BAK
2012-06-09 02:23 - 2012-06-09 02:23 - 00004757 ____A C:\dell.sdr
2012-06-09 02:14 - 2012-06-09 02:14 - 00448816 ____A (Kaspersky Lab ZAO) C:\Users\Lauren\Downloads\rannohdecryptor.exe
2012-06-06 04:50 - 2012-06-06 04:50 - 00302592 ____A C:\Users\Lauren\Downloads\9mqv2ve1.exe
2012-06-06 04:45 - 2012-06-06 04:45 - 00050477 ____A C:\Users\Lauren\Downloads\Defogger.exe
2012-06-06 04:45 - 2012-06-06 04:45 - 00000176 ____A C:\Users\Lauren\defogger_reenable
2012-06-04 09:36 - 2012-06-04 09:36 - 00000700 __ASH C:\Users\Lauren\AppData\Local\systemFL7.dat
2012-06-04 09:31 - 2012-06-04 09:31 - 08400984 ____A (NewSoftwares.net, Inc.) C:\Users\Lauren\Downloads\folder-lock-dn.exe
2012-06-04 09:25 - 2012-06-04 09:46 - 00000000 ____D C:\Program Files\hpmonitor
2012-06-04 09:24 - 2012-06-04 09:24 - 00000254 ____A C:\user.js
2012-06-04 09:24 - 2012-06-04 09:24 - 00000000 ____D C:\Users\Lauren\AppData\Roaming\Babylon
2012-06-04 09:24 - 2012-06-04 09:24 - 00000000 ____D C:\Users\All Users\Babylon
2012-06-04 09:23 - 2012-06-04 09:48 - 00000000 ____D C:\Program Files\4dots Software
2012-06-04 09:23 - 2012-06-04 09:23 - 08834110 ____A C:\Users\Lauren\Downloads\FreeFileUnlockerSetup.exe
2012-06-04 09:22 - 2012-06-04 09:22 - 03897504 ____A (AVG Technologies) C:\Users\Lauren\Downloads\avg_avct_stb_all_2012_1796_cm10.exe
2012-06-04 09:22 - 2012-06-04 09:22 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-03 07:06 - 2012-06-03 07:06 - 00000000 ____D C:\Program Files\Common Files\Java
2012-06-03 07:05 - 2012-06-03 07:05 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-03 07:05 - 2012-06-03 07:05 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-03 07:05 - 2012-06-03 07:05 - 00000000 ____D C:\Program Files\Oracle
2012-06-03 07:05 - 2012-04-04 09:47 - 00227720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-03 07:04 - 2012-06-03 07:04 - 00892360 ____A (Oracle Corporation) C:\Users\Lauren\Downloads\jre-7u4-windows-i586-iftw.exe


============ 3 Months Modified Files ========================

2012-07-02 13:35 - 2010-06-13 14:49 - 00117931 ____A C:\Windows\setupact.log
2012-07-02 13:35 - 2010-03-16 08:35 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-02 13:35 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-01 13:23 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-01 07:03 - 2009-07-13 20:53 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-01 06:35 - 2009-10-26 12:20 - 01730298 ____A C:\Windows\WindowsUpdate.log
2012-07-01 06:34 - 2011-01-26 13:04 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-01 06:34 - 2009-10-26 04:35 - 00739196 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-01 06:33 - 2012-07-01 06:33 - 10288512 ____A (Microsoft Corporation) C:\Users\Lauren\Desktop\mseinstall.exe
2012-07-01 06:26 - 2010-03-16 08:35 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-01 05:40 - 2012-04-12 04:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-01 03:11 - 2009-07-13 20:34 - 00013776 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-01 03:11 - 2009-07-13 20:34 - 00013776 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-30 17:35 - 2012-06-30 17:25 - 00140832 ____A C:\Windows\System32\Drivers\str.sys
2012-06-30 16:41 - 2012-06-30 16:41 - 03368064 ____A C:\Users\Lauren\Desktop\Ponderosa.mp3
2012-06-26 10:03 - 2012-06-26 10:03 - 04905600 ____A C:\Users\Lauren\Desktop\Risingson.mp3
2012-06-26 05:43 - 2012-06-26 05:43 - 01694832 ____A C:\Users\Lauren\Desktop\Shadow Chie.png
2012-06-25 07:16 - 2012-06-22 14:53 - 00248880 ____A C:\Users\Lauren\Desktop\Mike Franks says wut.png
2012-06-25 07:16 - 2012-06-22 14:53 - 00129481 ____A C:\Users\Lauren\Desktop\Spring Cleaning.png
2012-06-25 06:26 - 2012-06-25 06:26 - 02849648 ____A C:\Users\Lauren\Desktop\102_a_fierce_good_fight.mp3
2012-06-24 17:24 - 2012-06-24 17:24 - 04068864 ____A C:\Users\Lauren\Desktop\Killer7 - Blackburn.mp3
2012-06-24 17:24 - 2012-06-24 17:24 - 03543552 ____A C:\Users\Lauren\Desktop\Killer7 - Sweet Blue Flag.mp3
2012-06-23 15:40 - 2012-04-12 04:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-23 15:40 - 2011-06-16 11:28 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-23 11:51 - 2012-06-23 11:28 - 42191192 ____A C:\Users\Lauren\Desktop\Dog_Tags.mp3
2012-06-22 12:57 - 2012-06-22 12:57 - 04677504 ____A C:\Users\Lauren\Desktop\The Boxer Rebellion - Caught By The Light.mp3
2012-06-22 10:32 - 2012-06-22 10:08 - 42534337 ____A C:\Users\Lauren\Desktop\Bloodbath.mp3
2012-06-22 09:02 - 2012-06-22 09:02 - 00685601 ____A C:\Users\Lauren\Desktop\13 Orphans.png
2012-06-21 06:34 - 2010-06-14 03:22 - 00129140 ____A C:\Windows\PFRO.log
2012-06-20 14:13 - 2012-06-20 14:12 - 03930960 ____A C:\Users\Lauren\Desktop\Dbd (While You Can).mp3
2012-06-20 14:13 - 2012-06-20 14:12 - 03229761 ____A C:\Users\Lauren\Desktop\C.S..mp3
2012-06-18 13:39 - 2012-06-18 08:54 - 05193539 ____A C:\Users\Lauren\Desktop\Dreamsleep.mp3
2012-06-18 13:39 - 2012-06-17 17:34 - 04742723 ____A C:\Users\Lauren\Desktop\Monochrome.mp3
2012-06-18 13:39 - 2012-06-17 17:34 - 03806529 ____A C:\Users\Lauren\Desktop\Transfer.mp3
2012-06-18 04:42 - 2012-06-13 13:39 - 00189996 ____A C:\Users\Lauren\Desktop\Indubitably.png
2012-06-18 04:41 - 2012-06-13 13:39 - 00428964 ____A C:\Users\Lauren\Desktop\An astute observation.png
2012-06-18 04:40 - 2012-06-09 12:20 - 00232170 ____A C:\Users\Lauren\Desktop\Egads!.png
2012-06-18 04:28 - 2012-06-17 17:34 - 04826047 ____A C:\Users\Lauren\Desktop\Frozen.mp3
2012-06-17 17:31 - 2012-06-17 17:31 - 00001715 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-16 10:08 - 2012-06-16 10:08 - 00004495 ____A C:\Users\Lauren\AppData\Local\recently-used.xbel
2012-06-15 18:56 - 2012-06-15 18:56 - 03139968 ____A C:\Users\Lauren\Desktop\Strange Sunset (Guiles Theme).mp3
2012-06-15 18:56 - 2012-06-15 18:56 - 03027840 ____A C:\Users\Lauren\Desktop\Stronger (Garudas Theme).mp3
2012-06-15 18:56 - 2012-06-15 18:56 - 02951424 ____A C:\Users\Lauren\Desktop\Sakura Mankai (Hokutos Theme).mp3
2012-06-15 18:56 - 2012-06-15 18:56 - 02441088 ____A C:\Users\Lauren\Desktop\Passage of Lotus (Kairis Theme).mp3
2012-06-15 09:26 - 2012-06-15 09:26 - 00001777 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-14 17:42 - 2012-06-14 17:42 - 01961088 ____A C:\Users\Lauren\Desktop\Mystery.mp3
2012-06-13 06:26 - 2009-07-13 20:33 - 00391240 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 06:01 - 2009-10-28 03:44 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-11 03:55 - 2012-06-11 03:54 - 02243328 ____A C:\Users\Lauren\Desktop\NCIS Theme.mp3
2012-06-10 16:42 - 2012-06-10 16:42 - 00000121 ____A C:\Users\Lauren\Desktop\secret.txt
2012-06-10 12:59 - 2012-06-10 12:58 - 07351296 ____A C:\Users\Lauren\Desktop\Celldweller - The Last Firstborn.mp3
2012-06-10 10:57 - 2012-06-10 10:57 - 03032122 ____A C:\Users\Lauren\Desktop\SenRetsu Kyaku EX '96 R.mp3
2012-06-10 08:52 - 2012-06-10 08:46 - 00176828 ____A C:\Users\Lauren\Desktop\NCIS Fandom Secret.png
2012-06-10 08:04 - 2012-06-10 08:04 - 00001011 ____A C:\Users\Lauren\Desktop\GIMP 2.lnk
2012-06-09 14:57 - 2012-06-09 14:57 - 00446464 ____A (OldTimer Tools) C:\Users\Lauren\Desktop\TFC.exe
2012-06-09 07:51 - 2012-06-09 07:51 - 00001033 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-09 07:47 - 2012-06-09 07:47 - 00010624 ____A C:\ComboFix.txt
2012-06-09 07:45 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-06-09 06:41 - 2012-06-09 06:40 - 04539936 ____A (Swearware) C:\Users\Lauren\Downloads\ComboFix.exe
2012-06-09 03:29 - 2012-06-09 03:29 - 10847608 ____A (Malwarebytes Corporation ) C:\Users\Lauren\Downloads\mbam-setup-1.60.0.1800.exe
2012-06-09 03:29 - 2012-06-09 03:29 - 02620464 ____A (pcsafedoctor.com, Inc. ) C:\Users\Lauren\Downloads\PCSafeDoctor_Setup.exe
2012-06-09 02:34 - 2012-06-09 02:34 - 00610631 ____A C:\Users\Lauren\Desktop\two.png
2012-06-09 02:34 - 2012-06-09 02:34 - 00222681 ____A C:\Users\Lauren\Desktop\She raised her eyebrow at this.....png
2012-06-09 02:34 - 2012-06-09 02:34 - 00010933 ____A C:\Users\Lauren\Desktop\one.png
2012-06-09 02:34 - 2012-06-09 02:34 - 00003849 ____A C:\Users\Lauren\Desktop\persona.txt
2012-06-09 02:34 - 2012-06-09 02:34 - 00001992 ____A C:\Users\Lauren\Desktop\Wild Artifact.txt
2012-06-09 02:34 - 2012-06-09 02:34 - 00000670 ____A C:\Users\Lauren\Desktop\links.txt
2012-06-09 02:34 - 2012-06-09 02:34 - 00000220 ____A C:\Users\Lauren\Desktop\LG Specs.txt
2012-06-09 02:34 - 2012-06-09 02:34 - 00000216 ____A C:\Users\Lauren\Desktop\Terraria.url
2012-06-09 02:34 - 2012-06-09 02:34 - 00000215 ____A C:\Users\Lauren\Desktop\SEGA Genesis & Mega Drive Classics.url
2012-06-09 02:34 - 2012-06-09 02:34 - 00000048 ____A C:\Users\Lauren\Desktop\list.txt
2012-06-09 02:33 - 2012-06-09 02:33 - 09907915 ____A (Adobe Systems, Inc.) C:\Users\Lauren\Desktop\katawa_crash_beta_8-36.exe
2012-06-09 02:33 - 2012-06-09 02:33 - 00520651 ____A C:\Users\Lauren\Desktop\Buffy.png
2012-06-09 02:33 - 2012-06-09 02:33 - 00376885 ____A C:\Users\Lauren\Desktop\ACTUAL CANNIBAL LEA MICHELE.png
2012-06-09 02:33 - 2012-06-09 02:33 - 00023145 ____A C:\Users\Lauren\Desktop\Brain Blast.txt
2012-06-09 02:33 - 2012-06-09 02:33 - 00011412 ____A C:\Users\Lauren\Desktop\A trend!.png
2012-06-09 02:33 - 2012-06-09 02:33 - 00005919 ____A C:\Users\Lauren\Desktop\A trio of BAMFS.png
2012-06-09 02:33 - 2012-06-09 02:33 - 00001553 ____A C:\Users\Lauren\Desktop\Leader times.txt
2012-06-09 02:33 - 2012-06-09 02:33 - 00000733 ____A C:\Users\Lauren\Desktop\Grades.txt
2012-06-09 02:33 - 2012-06-09 02:33 - 00000586 ____A C:\Users\Lauren\Desktop\Glee Stay Night.txt
2012-06-09 02:33 - 2012-06-09 02:33 - 00000215 ____A C:\Users\Lauren\Desktop\Audiosurf.url
2012-06-09 02:25 - 2012-06-09 02:25 - 00004096 ____A C:\Users\Lauren\AppData\Local\keyfile3.drm
2012-06-09 02:23 - 2012-06-09 02:23 - 00008192 ____A C:\BOOTSECT.BAK
2012-06-09 02:23 - 2012-06-09 02:23 - 00004757 ____A C:\dell.sdr
2012-06-09 02:14 - 2012-06-09 02:14 - 00448816 ____A (Kaspersky Lab ZAO) C:\Users\Lauren\Downloads\rannohdecryptor.exe
2012-06-06 04:50 - 2012-06-06 04:50 - 00302592 ____A C:\Users\Lauren\Downloads\9mqv2ve1.exe
2012-06-06 04:45 - 2012-06-06 04:45 - 00050477 ____A C:\Users\Lauren\Downloads\Defogger.exe
2012-06-06 04:45 - 2012-06-06 04:45 - 00000176 ____A C:\Users\Lauren\defogger_reenable
2012-06-04 09:36 - 2012-06-04 09:36 - 00000700 __ASH C:\Users\Lauren\AppData\Local\systemFL7.dat
2012-06-04 09:31 - 2012-06-04 09:31 - 08400984 ____A (NewSoftwares.net, Inc.) C:\Users\Lauren\Downloads\folder-lock-dn.exe
2012-06-04 09:24 - 2012-06-04 09:24 - 00000254 ____A C:\user.js
2012-06-04 09:23 - 2012-06-04 09:23 - 08834110 ____A C:\Users\Lauren\Downloads\FreeFileUnlockerSetup.exe
2012-06-04 09:22 - 2012-06-04 09:22 - 03897504 ____A (AVG Technologies) C:\Users\Lauren\Downloads\avg_avct_stb_all_2012_1796_cm10.exe
2012-06-03 07:05 - 2012-06-03 07:05 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-03 07:05 - 2012-06-03 07:05 - 00174024 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-03 07:04 - 2012-06-03 07:04 - 00892360 ____A (Oracle Corporation) C:\Users\Lauren\Downloads\jre-7u4-windows-i586-iftw.exe
2012-06-02 14:19 - 2012-06-26 02:03 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-26 02:03 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-26 02:03 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-26 02:03 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-26 02:03 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-26 02:03 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-26 02:03 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-26 02:02 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:12 - 2012-06-26 02:02 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 13:55 - 2012-05-31 13:55 - 00030890 ____A C:\Users\Lauren\Downloads\Result.txt
2012-05-31 13:47 - 2012-05-31 13:47 - 00396465 ____A C:\Users\Lauren\Downloads\MiniToolBox.exe
2012-05-14 19:03 - 2012-06-13 04:40 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:00 - 2012-06-13 04:40 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 17:05 - 2012-06-13 04:39 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 18:03 - 2009-07-13 18:04 - 00000499 ____A C:\Windows\win.ini
2012-04-30 20:44 - 2012-06-13 04:39 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:17 - 2012-06-13 04:40 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-13 04:39 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-13 04:39 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-13 04:39 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-13 04:39 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-13 04:39 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 04:39 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-19 21:00 - 2012-06-13 04:40 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:00 - 2012-06-13 04:40 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 20:57 - 2012-06-13 04:40 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 20:57 - 2012-06-13 04:40 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 20:57 - 2012-06-13 04:40 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 20:56 - 2012-06-13 04:40 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 20:56 - 2012-06-13 04:40 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 20:56 - 2012-06-13 04:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 19:16 - 2012-06-13 04:40 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-18 11:56 - 2012-04-18 11:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 11:56 - 2012-04-18 11:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-16 20:34 - 2012-06-13 04:39 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-07 07:09 - 2012-04-07 07:09 - 00001031 ____A C:\Users\Lauren\Desktop\Katawa Shoujo.lnk
2012-04-07 03:26 - 2012-06-13 04:39 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-04 09:47 - 2012-06-03 07:05 - 00227720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-04-04 09:47 - 2012-02-09 17:16 - 00772504 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2012-04-04 09:47 - 2010-05-28 05:46 - 00687504 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-04-04 06:56 - 2012-01-20 12:50 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys


ZeroAccess:
C:\Windows\Installer\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}
C:\Windows\Installer\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\@
C:\Windows\Installer\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\L
C:\Windows\Installer\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\n
C:\Windows\Installer\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\U
C:\Windows\Installer\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\U\00000001.@
C:\Windows\Installer\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\U\80000000.@
C:\Windows\Installer\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\U\800000cb.@

ZeroAccess:
C:\Users\Lauren\AppData\Local\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}
C:\Users\Lauren\AppData\Local\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\@
C:\Users\Lauren\AppData\Local\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\L
C:\Users\Lauren\AppData\Local\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\n
C:\Users\Lauren\AppData\Local\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\U
C:\Users\Lauren\AppData\Local\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\U\00000001.@
C:\Users\Lauren\AppData\Local\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}\U\80000000.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 4085.18 MB
Available physical RAM: 3616.61 MB
Total Pagefile: 4083.45 MB
Available Pagefile: 3616.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:450.7 GB) (Free:117.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:14.03 GB) NTFS
3 Drive e: (Sims3EP04) (CDROM) (Total:4.93 GB) (Free:0 GB) UDF
4 Drive f: () (Removable) (Total:3.76 GB) (Free:3.69 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3854 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 62 MB 31 KB
Partition 2 Primary 15 GB 63 MB
Partition 3 Primary 450 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 62 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 15 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 450 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3853 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3853 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-01 03:23

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 AM

Posted 02 July 2012 - 05:39 PM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 03 July 2012 - 04:57 PM

Here's the search:

Farbar Recovery Scan Tool Version: 01-07-2012
Ran by SYSTEM at 2012-07-03 22:43:49
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-01 13:23] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

C:\Windows\ERDNT\cache\services.exe
[2012-01-27 08:07] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 AM

Posted 03 July 2012 - 10:08 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\ERDNT\cache\services.exe C:\Windows\System32\services.exe
C:\Users\Lauren\AppData\Local\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}
C:\Windows\Installer\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]

Edited by gringo_pr, 04 July 2012 - 12:15 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 04 July 2012 - 11:43 AM

Sorry, just to check for this step: is FRST64 definitely the one I should be running this time around? My windows 7 is the 32 bit version, so I don't wanna mess this process up by running the wrong one.

Edited by PersonaUser314, 04 July 2012 - 11:43 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 AM

Posted 04 July 2012 - 12:15 PM

Sorry typo - have removed the 64



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 04 July 2012 - 12:18 PM

Coolness^^ Here's the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 2012-07-04 18:17:06 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\ERDNT\cache\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Users\Lauren\AppData\Local\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a} moved successfully.
C:\Windows\Installer\{b62a84d2-afc5-c5e1-7bf1-7f25bd85229a} moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 AM

Posted 04 July 2012 - 12:34 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 04 July 2012 - 01:03 PM

Here's the combofix log:

ComboFix 12-07-04.04 - Lauren 04/07/2012 18:47:18.5.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3317.2305 [GMT 1:00]
Running from: c:\users\Lauren\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\str.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 17:53 . 2012-07-04 17:54 -------- d-----w- c:\users\Lauren\AppData\Local\temp
2012-07-04 17:53 . 2012-07-04 17:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-04 17:53 . 2012-07-04 17:53 -------- d-----w- c:\users\Lauren1\AppData\Local\temp
2012-07-04 17:53 . 2012-07-04 17:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 06:41 . 2012-07-03 06:41 -------- d-----w- C:\FRST
2012-07-01 21:19 . 2012-07-04 17:54 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA10A1CE-00D8-4E7F-B9FC-95852C77DA9D}\offreg.dll
2012-07-01 14:36 . 2012-02-09 13:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F0F5242-13F8-4258-ABFB-11E2DBA63CF1}\gapaengine.dll
2012-07-01 14:35 . 2012-06-18 02:14 6762896 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA10A1CE-00D8-4E7F-B9FC-95852C77DA9D}\mpengine.dll
2012-07-01 14:34 . 2012-07-01 14:34 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-01 01:29 . 2012-07-01 01:29 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-26 10:03 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-26 10:03 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-26 10:03 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-26 10:03 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-26 10:03 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-26 10:03 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-26 10:03 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-26 10:02 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-26 10:02 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 01:30 . 2012-06-18 01:30 -------- d-----w- c:\program files\iPod
2012-06-17 20:12 . 2012-06-17 20:12 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-17 20:12 . 2012-06-17 20:12 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-17 14:03 . 2012-06-17 14:03 -------- d-----w- c:\users\Lauren\AppData\Local\Macromedia
2012-06-15 22:19 . 2012-06-15 22:20 -------- d-----w- c:\program files\Graboid
2012-06-15 17:26 . 2012-06-15 17:26 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-15 17:26 . 2012-06-15 17:26 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-15 17:26 . 2012-06-15 17:26 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-15 17:26 . 2012-06-15 17:26 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-15 17:26 . 2012-06-15 17:26 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-15 17:26 . 2012-06-15 17:26 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-15 17:26 . 2012-06-15 17:26 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-06-13 21:07 . 2012-06-13 21:07 -------- d-----w- c:\programdata\Nexon
2012-06-13 20:09 . 2012-06-13 20:09 -------- d-----w- C:\Nexon
2012-06-13 19:19 . 2012-06-13 21:39 -------- d-----w- c:\users\Lauren\AppData\Local\PMB Files
2012-06-13 19:19 . 2012-06-13 19:19 -------- d-----w- c:\programdata\PMB Files
2012-06-13 19:19 . 2012-06-13 19:19 -------- d-----w- c:\program files\Pando Networks
2012-06-13 12:39 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 12:39 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 12:39 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 12:39 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 12:39 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 12:39 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 12:39 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 12:39 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 12:39 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-10 16:11 . 2012-06-10 16:11 -------- d-----w- c:\users\Lauren\AppData\Local\fontconfig
2012-06-10 16:11 . 2012-06-16 18:08 -------- d-----w- c:\users\Lauren\.gimp-2.8
2012-06-10 16:11 . 2012-06-10 16:11 -------- d-----w- c:\users\Lauren\AppData\Local\gegl-0.2
2012-06-10 16:02 . 2012-06-10 16:04 -------- d-----w- c:\program files\GIMP 2
2012-06-09 15:58 . 2012-06-09 15:58 -------- d-----w- c:\program files\ESET
2012-06-09 10:25 . 2012-06-09 10:25 40960 ----a-w- c:\users\Lauren\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-06-09 10:25 . 2012-06-09 10:25 40960 ----a-w- c:\users\Lauren\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-06-09 10:25 . 2012-06-09 10:25 29184 ----a-w- c:\users\Lauren\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 23:40 . 2012-04-12 12:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 23:40 . 2011-06-16 19:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 10:23 . 2012-05-26 13:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-17 20:12 . 2012-01-21 01:13 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Lauren\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 NEWDRIVER;NEWDRIVER;c:\windows\system32\WinVDEdrv6.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 23:40]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 16:35]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-16 16:35]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\kj7vdly3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110019&tt=220512_53ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - eed80c340000000000000024e8142280
FF - user.js: extensions.BabylonToolbar_i.hardId - eed80c340000000000000024e8142280
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15495
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-07-04 18:58:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 17:58
ComboFix2.txt 2012-06-09 15:47
.
Pre-Run: 123,013,099,520 bytes free
Post-Run: 123,151,990,784 bytes free
.
- - End Of File - - 60A35A6AE0C42743CF593530012F3CC9


No problems as such, though the log itself took some time to be produced (though I don't know if that's a problem or just a sign of how much combofix had to report on)
The computer seems to be OK, no crazy restarting and MSE didn't report on any viruses for quarentine before I had to shut it off for combofix.
Should I turn MSE on again, or will there be more to do?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 AM

Posted 04 July 2012 - 01:36 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 04 July 2012 - 02:23 PM

Here's the OTL:

OTL logfile created on: 7/4/2012 7:59:19 PM - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Lauren\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.24 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 64.83% Memory free
6.48 Gb Paging File | 5.24 Gb Available in Paging File | 80.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 114.75 Gb Free Space | 25.46% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 14.03 Gb Free Space | 93.55% Space Free | Partition Type: NTFS
Drive E: | 4.93 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 2.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LAUREN-PC | User Name: Lauren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lauren\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Lauren\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (Trufos) -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys File not found
DRV - (sptd) -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys File not found
DRV - (Profos) -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys File not found
DRV - (NEWDRIVER) -- C:\Windows\system32\WinVDEdrv6.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\system32\drivers\mbamswissarmy.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (catchme) -- C:\Users\Lauren\AppData\Local\Temp\catchme.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 19 20 60 E7 4B CD 01 [binary data]
IE - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=startsear.info%2F
IE - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110019&tt=220512_53ctrl&babsrc=SP_ss&mntrId=eed80c340000000000000024e8142280
IE - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 21:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/21 02:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions
[2012/06/09 23:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\kj7vdly3.default\extensions
[2012/06/09 23:59:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\kj7vdly3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/06/09 11:25:55 | 000,002,105 | ---- | M] () -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\kj7vdly3.default\searchplugins\google.xml
[2012/01/21 02:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/17 21:12:38 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/17 21:12:35 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/04 18:24:30 | 000,002,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/06/17 21:12:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/17 21:12:35 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/17 21:12:35 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/17 21:12:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/17 21:12:35 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/07/04 18:54:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000..\Run: [Akamai NetSession Interface] C:\Users\Lauren\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AF7E242-E0A6-4B7F-9C07-708F97E3808F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F55DD86-8B07-4E96-A314-87973FB9BD35}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5292756D-EE0E-432B-9105-EECC825BCECD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BB823E6-FE78-41B1-A824-F16DE6062387}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCA1DF52-2354-449A-8DC3-8EE1B8255A2E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5387D32-A527-4127-BD1A-2E4922D0AEFA}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/21 23:09:01 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/12/10 21:32:49 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007/06/26 06:48:55 | 000,000,047 | R--- | M] () - J:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 19:57:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
[2012/07/04 18:58:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/04 18:53:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/04 18:53:03 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\temp
[2012/07/04 18:45:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/04 18:45:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/04 18:45:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/04 18:45:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/04 18:43:01 | 004,571,247 | R--- | C] (Swearware) -- C:\Users\Lauren\Desktop\ComboFix.exe
[2012/07/03 07:41:35 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/01 15:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/01 15:34:09 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/01 15:33:38 | 010,288,512 | ---- | C] (Microsoft Corporation) -- C:\Users\Lauren\Desktop\mseinstall.exe
[2012/07/01 02:29:22 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/06/26 11:03:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/26 11:03:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/26 11:03:01 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/26 11:03:01 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/26 11:03:01 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/26 11:02:45 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/26 11:02:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/19 16:45:48 | 000,000,000 | ---D | C] -- C:\Users\Lauren\Desktop\Ib
[2012/06/18 02:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/18 02:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/17 15:03:36 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\Macromedia
[2012/06/15 23:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2012/06/15 18:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/13 22:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012/06/13 21:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/06/13 21:09:14 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/06/13 21:05:25 | 000,000,000 | --SD | C] -- C:\Users\Lauren\Documents\Mabinogi
[2012/06/13 20:19:33 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\PMB Files
[2012/06/13 20:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/06/13 20:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2012/06/13 13:40:36 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/06/13 13:40:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/13 13:40:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/13 13:40:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 13:40:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/13 13:39:12 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 13:39:08 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/13 13:39:08 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/13 13:39:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/10 17:11:20 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\fontconfig
[2012/06/10 17:11:19 | 000,000,000 | ---D | C] -- C:\Users\Lauren\.gimp-2.8
[2012/06/10 17:11:18 | 000,000,000 | ---D | C] -- C:\Users\Lauren\AppData\Local\gegl-0.2
[2012/06/10 17:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/06/09 23:57:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Lauren\Desktop\TFC.exe
[2012/06/09 16:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/09 11:33:57 | 009,907,915 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Lauren\Desktop\katawa_crash_beta_8-36.exe

========== Files - Modified Within 30 Days ==========

[2012/07/04 19:57:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\OTL.exe
[2012/07/04 19:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/04 19:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/04 19:07:36 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 19:07:36 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 19:04:45 | 000,633,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/04 19:04:45 | 000,112,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/04 19:00:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/04 19:00:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/04 19:00:19 | 2608,730,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 18:54:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/04 18:43:04 | 004,571,247 | R--- | M] (Swearware) -- C:\Users\Lauren\Desktop\ComboFix.exe
[2012/07/01 15:34:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/01 15:33:46 | 010,288,512 | ---- | M] (Microsoft Corporation) -- C:\Users\Lauren\Desktop\mseinstall.exe
[2012/07/01 01:41:34 | 003,368,064 | ---- | M] () -- C:\Users\Lauren\Desktop\Ponderosa.mp3
[2012/06/26 19:03:26 | 004,905,600 | ---- | M] () -- C:\Users\Lauren\Desktop\Risingson.mp3
[2012/06/26 15:48:01 | 000,039,061 | ---- | M] () -- C:\Users\Lauren\Desktop\ALERT.jpg
[2012/06/26 14:43:28 | 001,694,832 | ---- | M] () -- C:\Users\Lauren\Desktop\Shadow Chie.png
[2012/06/26 11:52:13 | 000,010,639 | ---- | M] () -- C:\Users\Lauren\Desktop\oranges and lemons.jpg
[2012/06/26 11:39:51 | 002,109,554 | ---- | M] () -- C:\Users\Lauren\Desktop\Pic for Prince and I.jpg
[2012/06/26 11:24:57 | 000,822,240 | ---- | M] () -- C:\Users\Lauren\Desktop\Picture for cures.jpg
[2012/06/25 16:16:30 | 000,129,481 | ---- | M] () -- C:\Users\Lauren\Desktop\Spring Cleaning.png
[2012/06/25 16:16:09 | 000,248,880 | ---- | M] () -- C:\Users\Lauren\Desktop\Mike Franks says wut.png
[2012/06/25 15:26:56 | 002,849,648 | ---- | M] () -- C:\Users\Lauren\Desktop\102_a_fierce_good_fight.mp3
[2012/06/25 02:24:50 | 003,543,552 | ---- | M] () -- C:\Users\Lauren\Desktop\Killer7 - Sweet Blue Flag.mp3
[2012/06/25 02:24:38 | 004,068,864 | ---- | M] () -- C:\Users\Lauren\Desktop\Killer7 - Blackburn.mp3
[2012/06/24 00:40:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/24 00:40:40 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/23 20:51:53 | 042,191,192 | ---- | M] () -- C:\Users\Lauren\Desktop\Dog_Tags.mp3
[2012/06/22 21:57:19 | 004,677,504 | ---- | M] () -- C:\Users\Lauren\Desktop\The Boxer Rebellion - Caught By The Light.mp3
[2012/06/22 19:32:04 | 042,534,337 | ---- | M] () -- C:\Users\Lauren\Desktop\Bloodbath.mp3
[2012/06/22 18:02:52 | 000,685,601 | ---- | M] () -- C:\Users\Lauren\Desktop\13 Orphans.png
[2012/06/20 23:13:40 | 003,930,960 | ---- | M] () -- C:\Users\Lauren\Desktop\Dbd (While You Can).mp3
[2012/06/20 23:13:15 | 003,229,761 | ---- | M] () -- C:\Users\Lauren\Desktop\C.S..mp3
[2012/06/18 22:39:41 | 003,806,529 | ---- | M] () -- C:\Users\Lauren\Desktop\Transfer.mp3
[2012/06/18 22:39:25 | 004,742,723 | ---- | M] () -- C:\Users\Lauren\Desktop\Monochrome.mp3
[2012/06/18 22:39:03 | 005,193,539 | ---- | M] () -- C:\Users\Lauren\Desktop\Dreamsleep.mp3
[2012/06/18 13:42:09 | 000,189,996 | ---- | M] () -- C:\Users\Lauren\Desktop\Indubitably.png
[2012/06/18 13:41:42 | 000,428,964 | ---- | M] () -- C:\Users\Lauren\Desktop\An astute observation.png
[2012/06/18 13:40:58 | 000,232,170 | ---- | M] () -- C:\Users\Lauren\Desktop\Egads!.png
[2012/06/18 13:28:02 | 004,826,047 | ---- | M] () -- C:\Users\Lauren\Desktop\Frozen.mp3
[2012/06/18 02:31:31 | 000,001,715 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/16 19:08:01 | 000,004,495 | ---- | M] () -- C:\Users\Lauren\AppData\Local\recently-used.xbel
[2012/06/16 03:56:48 | 003,027,840 | ---- | M] () -- C:\Users\Lauren\Desktop\Stronger (Garudas Theme).mp3
[2012/06/16 03:56:38 | 002,441,088 | ---- | M] () -- C:\Users\Lauren\Desktop\Passage of Lotus (Kairis Theme).mp3
[2012/06/16 03:56:29 | 003,139,968 | ---- | M] () -- C:\Users\Lauren\Desktop\Strange Sunset (Guiles Theme).mp3
[2012/06/16 03:56:17 | 002,951,424 | ---- | M] () -- C:\Users\Lauren\Desktop\Sakura Mankai (Hokutos Theme).mp3
[2012/06/15 18:26:51 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/15 14:24:58 | 000,035,384 | ---- | M] () -- C:\Users\Lauren\Desktop\Why a cat.jpg
[2012/06/15 02:42:58 | 001,961,088 | ---- | M] () -- C:\Users\Lauren\Desktop\Mystery.mp3
[2012/06/13 21:43:50 | 000,049,558 | ---- | M] () -- C:\Users\Lauren\Desktop\Warestache 13.jpg
[2012/06/13 15:26:15 | 000,391,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/11 12:55:04 | 002,243,328 | ---- | M] () -- C:\Users\Lauren\Desktop\NCIS Theme.mp3
[2012/06/10 21:59:18 | 007,351,296 | ---- | M] () -- C:\Users\Lauren\Desktop\Celldweller - The Last Firstborn.mp3
[2012/06/10 19:57:23 | 003,032,122 | ---- | M] () -- C:\Users\Lauren\Desktop\SenRetsu Kyaku EX '96 R.mp3
[2012/06/10 17:52:10 | 000,176,828 | ---- | M] () -- C:\Users\Lauren\Desktop\NCIS Fandom Secret.png
[2012/06/10 17:04:52 | 000,001,011 | ---- | M] () -- C:\Users\Lauren\Desktop\GIMP 2.lnk
[2012/06/09 23:57:40 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lauren\Desktop\TFC.exe
[2012/06/09 16:51:19 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 11:34:01 | 000,610,631 | ---- | M] () -- C:\Users\Lauren\Desktop\two.png
[2012/06/09 11:34:01 | 000,222,681 | ---- | M] () -- C:\Users\Lauren\Desktop\She raised her eyebrow at this.....png
[2012/06/09 11:34:01 | 000,093,180 | ---- | M] () -- C:\Users\Lauren\Desktop\vocab.jpg
[2012/06/09 11:34:01 | 000,019,615 | ---- | M] () -- C:\Users\Lauren\Desktop\That's kind of awesome.gif
[2012/06/09 11:34:01 | 000,000,216 | ---- | M] () -- C:\Users\Lauren\Desktop\Terraria.url
[2012/06/09 11:34:01 | 000,000,215 | ---- | M] () -- C:\Users\Lauren\Desktop\SEGA Genesis & Mega Drive Classics.url
[2012/06/09 11:34:00 | 000,010,933 | ---- | M] () -- C:\Users\Lauren\Desktop\one.png
[2012/06/09 11:33:59 | 009,907,915 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Lauren\Desktop\katawa_crash_beta_8-36.exe
[2012/06/09 11:33:54 | 000,520,651 | ---- | M] () -- C:\Users\Lauren\Desktop\Buffy.png
[2012/06/09 11:33:53 | 000,376,885 | ---- | M] () -- C:\Users\Lauren\Desktop\ACTUAL CANNIBAL LEA MICHELE.png
[2012/06/09 11:33:53 | 000,011,412 | ---- | M] () -- C:\Users\Lauren\Desktop\A trend!.png
[2012/06/09 11:33:53 | 000,005,919 | ---- | M] () -- C:\Users\Lauren\Desktop\A trio of BAMFS.png
[2012/06/09 11:33:53 | 000,000,215 | ---- | M] () -- C:\Users\Lauren\Desktop\Audiosurf.url
[2012/06/09 11:25:02 | 000,004,096 | ---- | M] () -- C:\Users\Lauren\AppData\Local\keyfile3.drm
[2012/06/09 11:23:33 | 000,008,192 | ---- | M] () -- C:\BOOTSECT.BAK
[2012/06/09 11:23:33 | 000,004,757 | ---- | M] () -- C:\dell.sdr
[2012/06/06 13:45:29 | 000,000,176 | ---- | M] () -- C:\Users\Lauren\defogger_reenable

========== Files Created - No Company Name ==========

[2012/07/04 18:45:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/04 18:45:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/04 18:45:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/04 18:45:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/04 18:45:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/01 15:34:45 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/01 01:41:21 | 003,368,064 | ---- | C] () -- C:\Users\Lauren\Desktop\Ponderosa.mp3
[2012/06/26 19:03:06 | 004,905,600 | ---- | C] () -- C:\Users\Lauren\Desktop\Risingson.mp3
[2012/06/26 15:47:57 | 000,039,061 | ---- | C] () -- C:\Users\Lauren\Desktop\ALERT.jpg
[2012/06/26 14:43:27 | 001,694,832 | ---- | C] () -- C:\Users\Lauren\Desktop\Shadow Chie.png
[2012/06/26 11:52:12 | 000,010,639 | ---- | C] () -- C:\Users\Lauren\Desktop\oranges and lemons.jpg
[2012/06/26 11:39:50 | 002,109,554 | ---- | C] () -- C:\Users\Lauren\Desktop\Pic for Prince and I.jpg
[2012/06/26 11:24:56 | 000,822,240 | ---- | C] () -- C:\Users\Lauren\Desktop\Picture for cures.jpg
[2012/06/25 15:26:34 | 002,849,648 | ---- | C] () -- C:\Users\Lauren\Desktop\102_a_fierce_good_fight.mp3
[2012/06/25 02:24:38 | 003,543,552 | ---- | C] () -- C:\Users\Lauren\Desktop\Killer7 - Sweet Blue Flag.mp3
[2012/06/25 02:24:22 | 004,068,864 | ---- | C] () -- C:\Users\Lauren\Desktop\Killer7 - Blackburn.mp3
[2012/06/23 20:28:22 | 042,191,192 | ---- | C] () -- C:\Users\Lauren\Desktop\Dog_Tags.mp3
[2012/06/22 23:53:42 | 000,248,880 | ---- | C] () -- C:\Users\Lauren\Desktop\Mike Franks says wut.png
[2012/06/22 23:53:10 | 000,129,481 | ---- | C] () -- C:\Users\Lauren\Desktop\Spring Cleaning.png
[2012/06/22 21:57:02 | 004,677,504 | ---- | C] () -- C:\Users\Lauren\Desktop\The Boxer Rebellion - Caught By The Light.mp3
[2012/06/22 19:08:24 | 042,534,337 | ---- | C] () -- C:\Users\Lauren\Desktop\Bloodbath.mp3
[2012/06/22 18:02:51 | 000,685,601 | ---- | C] () -- C:\Users\Lauren\Desktop\13 Orphans.png
[2012/06/20 23:12:27 | 003,930,960 | ---- | C] () -- C:\Users\Lauren\Desktop\Dbd (While You Can).mp3
[2012/06/20 23:12:14 | 003,229,761 | ---- | C] () -- C:\Users\Lauren\Desktop\C.S..mp3
[2012/06/18 17:54:08 | 005,193,539 | ---- | C] () -- C:\Users\Lauren\Desktop\Dreamsleep.mp3
[2012/06/18 02:34:37 | 004,826,047 | ---- | C] () -- C:\Users\Lauren\Desktop\Frozen.mp3
[2012/06/18 02:34:22 | 004,742,723 | ---- | C] () -- C:\Users\Lauren\Desktop\Monochrome.mp3
[2012/06/18 02:34:09 | 003,806,529 | ---- | C] () -- C:\Users\Lauren\Desktop\Transfer.mp3
[2012/06/18 02:31:31 | 000,001,715 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/16 19:08:01 | 000,004,495 | ---- | C] () -- C:\Users\Lauren\AppData\Local\recently-used.xbel
[2012/06/16 03:56:38 | 003,027,840 | ---- | C] () -- C:\Users\Lauren\Desktop\Stronger (Garudas Theme).mp3
[2012/06/16 03:56:29 | 002,441,088 | ---- | C] () -- C:\Users\Lauren\Desktop\Passage of Lotus (Kairis Theme).mp3
[2012/06/16 03:56:17 | 003,139,968 | ---- | C] () -- C:\Users\Lauren\Desktop\Strange Sunset (Guiles Theme).mp3
[2012/06/16 03:56:06 | 002,951,424 | ---- | C] () -- C:\Users\Lauren\Desktop\Sakura Mankai (Hokutos Theme).mp3
[2012/06/15 18:26:51 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/15 14:24:54 | 000,035,384 | ---- | C] () -- C:\Users\Lauren\Desktop\Why a cat.jpg
[2012/06/15 02:42:51 | 001,961,088 | ---- | C] () -- C:\Users\Lauren\Desktop\Mystery.mp3
[2012/06/13 22:39:46 | 000,428,964 | ---- | C] () -- C:\Users\Lauren\Desktop\An astute observation.png
[2012/06/13 22:39:30 | 000,189,996 | ---- | C] () -- C:\Users\Lauren\Desktop\Indubitably.png
[2012/06/13 21:43:49 | 000,049,558 | ---- | C] () -- C:\Users\Lauren\Desktop\Warestache 13.jpg
[2012/06/11 12:54:56 | 002,243,328 | ---- | C] () -- C:\Users\Lauren\Desktop\NCIS Theme.mp3
[2012/06/10 21:58:52 | 007,351,296 | ---- | C] () -- C:\Users\Lauren\Desktop\Celldweller - The Last Firstborn.mp3
[2012/06/10 19:57:19 | 003,032,122 | ---- | C] () -- C:\Users\Lauren\Desktop\SenRetsu Kyaku EX '96 R.mp3
[2012/06/10 17:46:36 | 000,176,828 | ---- | C] () -- C:\Users\Lauren\Desktop\NCIS Fandom Secret.png
[2012/06/10 17:04:52 | 000,001,011 | ---- | C] () -- C:\Users\Lauren\Desktop\GIMP 2.lnk
[2012/06/10 17:04:35 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012/06/09 21:20:16 | 000,232,170 | ---- | C] () -- C:\Users\Lauren\Desktop\Egads!.png
[2012/06/09 16:51:19 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 11:34:01 | 000,610,631 | ---- | C] () -- C:\Users\Lauren\Desktop\two.png
[2012/06/09 11:34:01 | 000,222,681 | ---- | C] () -- C:\Users\Lauren\Desktop\She raised her eyebrow at this.....png
[2012/06/09 11:34:01 | 000,093,180 | ---- | C] () -- C:\Users\Lauren\Desktop\vocab.jpg
[2012/06/09 11:34:01 | 000,019,615 | ---- | C] () -- C:\Users\Lauren\Desktop\That's kind of awesome.gif
[2012/06/09 11:34:01 | 000,000,216 | ---- | C] () -- C:\Users\Lauren\Desktop\Terraria.url
[2012/06/09 11:34:01 | 000,000,215 | ---- | C] () -- C:\Users\Lauren\Desktop\SEGA Genesis & Mega Drive Classics.url
[2012/06/09 11:34:00 | 000,010,933 | ---- | C] () -- C:\Users\Lauren\Desktop\one.png
[2012/06/09 11:33:54 | 000,520,651 | ---- | C] () -- C:\Users\Lauren\Desktop\Buffy.png
[2012/06/09 11:33:53 | 000,376,885 | ---- | C] () -- C:\Users\Lauren\Desktop\ACTUAL CANNIBAL LEA MICHELE.png
[2012/06/09 11:33:53 | 000,011,412 | ---- | C] () -- C:\Users\Lauren\Desktop\A trend!.png
[2012/06/09 11:33:53 | 000,005,919 | ---- | C] () -- C:\Users\Lauren\Desktop\A trio of BAMFS.png
[2012/06/09 11:33:53 | 000,000,215 | ---- | C] () -- C:\Users\Lauren\Desktop\Audiosurf.url
[2012/06/09 11:25:02 | 000,004,096 | ---- | C] () -- C:\Users\Lauren\AppData\Local\keyfile3.drm
[2012/06/09 11:23:33 | 000,008,192 | ---- | C] () -- C:\BOOTSECT.BAK
[2012/06/09 11:23:33 | 000,004,757 | ---- | C] () -- C:\dell.sdr
[2012/06/06 13:45:17 | 000,000,176 | ---- | C] () -- C:\Users\Lauren\defogger_reenable
[2012/06/04 18:36:09 | 000,000,700 | -HS- | C] () -- C:\Users\Lauren\AppData\Local\systemFL7.dat
[2011/09/02 23:59:25 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/09/02 23:59:23 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/09/02 23:59:20 | 003,164,160 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011/09/02 23:59:20 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/09/02 23:59:19 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/02 23:59:19 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/02 23:59:19 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/12/02 01:12:32 | 000,003,584 | ---- | C] () -- C:\Users\Lauren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/14 23:36:43 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== Files - Unicode (All) ==========
[2011/09/07 16:39:49 | 000,000,918 | ---- | M] ()(C:\Users\Lauren\Desktop\???????????.lnk) -- C:\Users\Lauren\Desktop\ギャラクシーエンジェル.lnk
[2011/09/07 16:39:49 | 000,000,918 | ---- | C] ()(C:\Users\Lauren\Desktop\???????????.lnk) -- C:\Users\Lauren\Desktop\ギャラクシーエンジェル.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ブロッコリー

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:09 AM

Posted 04 July 2012 - 03:12 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    IE - HKU\S-1-5-21-2179354138-2495226338-1312034963-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110019&tt=220512_53ctrl&babsrc=SP_ss&mntrId=eed80c340000000000000024e8142280
    [2012/06/04 18:24:30 | 000,002,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 PersonaUser314

PersonaUser314
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 04 July 2012 - 03:20 PM

Here:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2179354138-2495226338-1312034963-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lauren\Desktop\cmd.bat deleted successfully.
C:\Users\Lauren\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lauren
->Java cache emptied: 151291 bytes

User: Lauren1

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lauren
->Flash cache emptied: 100557 bytes

User: Lauren1

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07042012_211815


Still no obvious problems to speak of. OTL Didn't ask for a reboot and the fix ran quite quickly




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users