Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Gen.b and Trojan.zeroaccess


  • This topic is locked This topic is locked
4 replies to this topic

#1 DanTheMan6

DanTheMan6

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 01 July 2012 - 06:33 PM

Norton keeps alerting me that the Trojan.Gen.B virus and Trojan.Zeroaccess virus' have been detected and blocked. I've run the DDS, OTL, TDSSKiller, and FSS. All scans were run as administrator, and the norton antivirus protection was temporarily disabled during the scans. Here are the Results:

DDS Scan:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Dan at 19:25:14 on 2012-07-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.854 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\vssvc.exe
C:\Users\Dan\Desktop\tdsskiller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\Dan\Desktop\OTL.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://search.blekko.com/ws/?source=5a76da41&toolbarid=searchcom_001&u=2012041082E14F569E47EF82AB786BC4&tbp=homepage
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = about:blank
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.7.1.3\ips\IPSBHO.DLL
BHO: Search.com Bar: {80987362-6216-49bc-98e4-77e6cf71a5d7} - c:\program files\searchcom_001\searchcom_001X.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Search.com Bar: {80987362-6216-49bc-98e4-77e6cf71a5d7} - c:\program files\searchcom_001\searchcom_001X.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD} : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD}\64275656458656E456470275966696 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD}\74575637470294E6475627E6564702143636563737E2 : DhcpNameServer = 75.94.255.12 64.13.115.12
TCP: Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD}\84162727963784F6D656 : DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD}\C696E6B6379737 : DhcpNameServer = 167.206.254.1 167.206.254.2
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\rnjzq5k6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\dan\appdata\roaming\mozilla\firefox\profiles\rnjzq5k6.default\extensions\vshare@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dan\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-3 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-18 821920]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20120629.001\IDSvix86.sys [2012-6-30 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-3 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1207010.003\symnets.sys [2012-4-3 299640]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\quickplay\000.fcl [2008-1-4 39408]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-10-24 99896]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2008-11-7 25824]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2012-4-10 13880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-3 106656]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-12 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-22 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 129976]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-10-24 17408]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-06-28 02:53:21 -------- d-----w- c:\users\dan\appdata\local\NPE
2012-06-25 02:37:12 -------- d-----w- c:\users\dan\appdata\local\Macromedia
2012-06-25 01:02:27 -------- d-----w- c:\users\dan\appdata\roaming\Tific
2012-06-25 01:02:12 -------- d-----w- c:\users\dan\appdata\local\Symantec
2012-06-22 15:55:40 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 15:18:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 10:44:36 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 10:43:04 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 10:41:43 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 10:41:43 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-17 12:48:11 -------- d-----w- c:\program files\iPod
2012-06-17 12:48:10 -------- d-----w- c:\program files\iTunes
2012-06-13 22:06:00 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:05:59 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 22:05:57 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:05:55 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:05:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:05:55 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:05:54 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 22:05:48 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 22:05:48 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 22:05:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-10 03:55:35 -------- d-----w- c:\users\dan\appdata\local\WinZip
2012-06-05 21:44:44 -------- d-----w- c:\program files\Enigmatis - The Ghosts of Maple Creek Collector's Edition
2012-06-05 03:05:14 -------- d-----w- c:\users\dan\appdata\roaming\Oberon Media
2012-06-05 02:50:58 -------- d-----w- c:\users\dan\appdata\roaming\Masque
2012-06-05 02:49:34 -------- d-----w- c:\program files\Yahoo! Games
2012-06-04 03:50:57 -------- d-----w- c:\users\dan\appdata\roaming\Artifex Mundi
.
==================== Find3M ====================
.
2012-06-25 01:25:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:26:16.36 ===============


Kapersky's TDSSKiller found no threats

FSS Scan Results:

Farbar Service Scanner Version: 01-07-2012
Ran by Dan (administrator) on 01-07-2012 at 18:57:08
Running from "C:\Users\Dan\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
IE proxy is enabled.



Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

OTL Scan:

OTL logfile created on: 7/1/2012 7:11:54 PM - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Dan\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.05% Memory free
4.00 Gb Paging File | 2.60 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.86 Gb Total Space | 88.33 Gb Free Space | 39.99% Space Free | Partition Type: NTFS
Drive D: | 12.02 Gb Total Space | 1.82 Gb Free Space | 15.18% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 18:32:55 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
PRC - [2012/06/27 23:45:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2012/06/24 21:25:18 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/04 16:45:43 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/01 14:57:36 | 000,232,616 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/09 14:57:54 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/07 15:38:26 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2007/09/15 04:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/24 21:25:18 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/05/04 16:45:43 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/09 17:56:17 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/20 13:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 13:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 13:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/06/24 21:25:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 16:45:43 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
SRV - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/28 04:00:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/09 14:57:54 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/11/07 15:38:26 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - [2012/06/26 17:54:15 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120630.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/06/26 17:54:15 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120630.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/06/18 20:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 14:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120629.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/31 07:19:33 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 07:19:33 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/09 22:41:27 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\symnets.sys -- (SymNetS)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2010/07/01 17:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2009/10/26 03:01:40 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009/10/03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007/09/30 23:34:02 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 02:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 18:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 20:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{66F00777-E2CA-4B62-B7A4-84C1ECB19796}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AB803740-4F48-471B-B18F-189876C45BD5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.blekko.com/ws/?source=5a76da41&toolbarid=searchcom_001&u=2012041082E14F569E47EF82AB786BC4&tbp=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{03098b35-e47c-4ba2-8563-e8288ae4b3a4}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2673D1CF-7D8E-47AE-82EA-C243C66C20F8}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MDF&o=15691&src=kw&q={searchTerms}&locale=&apn_ptnrs=FY&apn_dtid=YYYYYYYYUS&apn_uid=ebcd25f1-23c3-4ae9-9458-62cab80e9a63&apn_sauid=33F80B26-16B2-4F7F-9885-CC25F079F8B7
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?source=5a76da41&tbp=rbox&toolbarid=searchcom_001&u=2012041082E14F569E47EF82AB786BC4&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AB803740-4F48-471B-B18F-189876C45BD5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.order.2: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120102,6902,0,24,0"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.optimum.net/"
FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.3
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {6FCD9DF9-71FB-49CE-A60F-915A258C2B64}:1.9.1
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={57BA2F40-F14D-422A-BF02-D06B9DCB1F48}&Version=3.6.5&Vintage=20120102&Defaultbrowserid=24&Productid=2750&Vendorid=6290&Offerid=6894&searchterm="
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/08 02:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/02/01 22:33:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/06/21 22:03:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 08:38:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/17 08:38:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/08 02:19:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6FCD9DF9-71FB-49CE-A60F-915A258C2B64}: C:\Users\Dan\AppData\Local\{6FCD9DF9-71FB-49CE-A60F-915A258C2B64}\ [2010/02/19 00:24:28 | 000,000,000 | ---D | M]

[2012/01/09 23:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2012/06/08 09:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions
[2010/11/27 00:25:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/10 19:26:58 | 000,000,000 | ---D | M] (Bekko Search Bar 1.0) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\{65253f44-5bbe-8f44-dd13-9a975643fec2}
[2012/04/10 19:24:36 | 000,000,000 | ---D | M] (Search.com Bar) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\{80987362-6216-49bc-98e4-77e6cf71a5d7}
[2011/01/30 21:08:28 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\vshare@toolbar
[2012/06/08 09:45:02 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\wecarereminder@bryan
[2009/12/20 21:12:34 | 000,004,554 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\searchplugins\aim-search.xml
[2012/01/09 21:07:00 | 000,002,572 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\searchplugins\askcom.xml
[2012/01/09 23:25:17 | 000,002,519 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\searchplugins\Search_Results.xml
[2012/01/09 23:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/07 11:59:41 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\DAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNJZQ5K6.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012/05/27 15:26:22 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\DAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNJZQ5K6.DEFAULT\EXTENSIONS\BOVNMJQHMK@BOVNMJQHMK.ORG.XPI
[2011/11/10 10:59:53 | 000,019,317 | ---- | M] () (No name found) -- C:\USERS\DAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNJZQ5K6.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM.XPI
[2012/05/04 16:45:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 15:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/08/01 23:53:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 15:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/03/22 13:45:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/10 19:24:35 | 000,002,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/01/09 23:25:17 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/03/22 13:45:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vshare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search.com Bar) - {80987362-6216-49bc-98e4-77e6cf71a5d7} - C:\Program Files\searchcom_001\searchcom_001X.dll ()
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vshare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search.com Bar) - {80987362-6216-49bc-98e4-77e6cf71a5d7} - C:\Program Files\searchcom_001\searchcom_001X.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vshare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vshare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop BackupWallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{ce3e8405-4eca-11df-a13e-001b24739154}\Shell - "" = AutoRun
O33 - MountPoints2\{ce3e8405-4eca-11df-a13e-001b24739154}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{de2e7449-f218-11de-b632-001b24739154}\Shell - "" = AutoRun
O33 - MountPoints2\{de2e7449-f218-11de-b632-001b24739154}\Shell\AutoRun\command - "" = F:\MI.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 18:32:50 | 002,134,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2012/06/27 23:45:38 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2012/06/27 22:53:21 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\NPE
[2012/06/24 22:37:12 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Macromedia
[2012/06/24 21:02:27 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Tific
[2012/06/24 21:02:12 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Symantec
[2012/06/22 11:55:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/06/22 11:18:59 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/19 06:44:37 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 06:44:36 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 06:43:04 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 06:43:04 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 06:43:04 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 06:41:43 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 06:41:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/17 08:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/17 08:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/17 08:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/17 08:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/17 08:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/14 06:07:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 06:07:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 06:07:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 06:07:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 06:07:01 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 06:07:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 06:07:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 18:06:00 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 18:05:55 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/13 18:05:55 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/13 18:05:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/09 23:55:35 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\WinZip
[2012/06/09 23:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/06/09 23:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/06/05 17:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enigmatis - The Ghosts of Maple Creek Collector's Edition
[2012/06/05 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enigmatis - The Ghosts of Maple Creek Collector's Edition
[2012/06/05 17:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigmatis - The Ghosts of Maple Creek Collector's Edition
[2012/06/04 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Oberon Media
[2012/06/04 22:50:58 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Masque
[2012/06/04 22:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Games
[2012/06/04 22:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games
[2012/06/03 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Artifex Mundi
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/01 18:33:56 | 000,341,321 | ---- | M] () -- C:\Users\Dan\Desktop\FSS.exe
[2012/07/01 18:32:55 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2012/07/01 18:30:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 18:30:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 15:13:15 | 000,003,168 | ---- | M] () -- C:\{6A9956D7-6FDC-4A4A-B8B7-2A4215DCFB84}
[2012/06/28 06:53:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 06:53:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 00:27:41 | 1609,814,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 23:45:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2012/06/27 23:10:09 | 000,003,168 | ---- | M] () -- C:\{A6CD24EB-448E-4385-A430-AF12015281D1}
[2012/06/27 22:51:26 | 000,003,192 | ---- | M] () -- C:\{396446A5-844D-43AB-9A44-30CA350C8DA5}
[2012/06/24 21:25:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/24 21:25:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/17 08:49:41 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/17 08:35:08 | 000,002,503 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/14 19:03:13 | 000,672,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 19:03:13 | 000,126,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/14 18:50:20 | 000,000,222 | ---- | M] () -- C:\Users\Dan\.swfinfo
[2012/06/14 06:42:28 | 000,386,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/10 20:29:49 | 340,065,094 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/09 23:46:29 | 000,007,680 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/05 17:46:25 | 000,002,328 | ---- | M] () -- C:\Users\Public\Desktop\Play Enigmatis - The Ghosts of Maple Creek Collector's Edition.lnk
[2012/06/05 17:46:25 | 000,001,320 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/01 18:39:03 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\800000cb.@
[2012/07/01 18:33:56 | 000,341,321 | ---- | C] () -- C:\Users\Dan\Desktop\FSS.exe
[2012/06/30 15:13:10 | 000,003,168 | ---- | C] () -- C:\{6A9956D7-6FDC-4A4A-B8B7-2A4215DCFB84}
[2012/06/30 14:57:43 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\80000000.@
[2012/06/30 14:57:42 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\00000001.@
[2012/06/27 23:10:09 | 000,003,168 | ---- | C] () -- C:\{A6CD24EB-448E-4385-A430-AF12015281D1}
[2012/06/27 22:51:23 | 000,003,192 | ---- | C] () -- C:\{396446A5-844D-43AB-9A44-30CA350C8DA5}
[2012/06/22 11:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 08:49:40 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/05 17:46:25 | 000,001,320 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/06/05 17:46:22 | 000,002,328 | ---- | C] () -- C:\Users\Public\Desktop\Play Enigmatis - The Ghosts of Maple Creek Collector's Edition.lnk
[2012/05/23 18:12:41 | 000,000,222 | ---- | C] () -- C:\Users\Dan\.swfinfo
[2012/04/25 22:35:37 | 000,000,031 | ---- | C] () -- C:\Users\Dan\.mjsync_en_US
[2012/02/19 17:27:23 | 000,000,194 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/21 18:50:56 | 000,000,218 | ---- | C] () -- C:\Users\Dan\.recently-used.xbel
[2012/01/13 15:18:04 | 000,007,605 | ---- | C] () -- C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
[2012/01/11 12:32:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\@
[2012/01/11 12:32:13 | 000,002,048 | -HS- | C] () -- C:\Users\Dan\AppData\Local\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\@
[2011/10/25 11:29:15 | 000,000,668 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\wklnhst.dat
[2011/10/18 10:50:31 | 000,170,880 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/24 02:46:04 | 000,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2011/04/23 10:25:32 | 000,036,378 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/12/27 12:13:20 | 000,000,140 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/02 23:57:10 | 000,000,561 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\AutoGK.ini
[2010/12/02 00:33:40 | 000,007,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/27 01:13:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/24 13:51:17 | 001,486,848 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2010/10/24 13:51:17 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2010/10/24 13:50:47 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2010/10/24 13:50:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2010/10/24 13:50:43 | 000,046,592 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2010/06/01 18:22:36 | 000,000,091 | ---- | C] () -- C:\Users\Dan\AppData\Local\fusioncache.dat
[2010/04/02 23:41:00 | 000,008,956 | -HS- | C] () -- C:\Users\Dan\AppData\Local\Wv7V1mEL4UH
[2010/04/02 23:41:00 | 000,008,956 | -HS- | C] () -- C:\ProgramData\Wv7V1mEL4UH
[2010/04/01 07:58:38 | 000,011,322 | -HS- | C] () -- C:\Users\Dan\AppData\Local\8kUL5H5g
[2010/04/01 07:58:38 | 000,011,322 | -HS- | C] () -- C:\ProgramData\8kUL5H5g
[2010/03/14 21:47:50 | 000,009,486 | -HS- | C] () -- C:\Users\Dan\AppData\Local\5S3XHQw8vF
[2010/02/19 00:24:29 | 000,000,120 | ---- | C] () -- C:\Users\Dan\AppData\Local\Vxanikikodurexur.dat
[2010/02/19 00:24:29 | 000,000,000 | ---- | C] () -- C:\Users\Dan\AppData\Local\Cgakolop.bin
[2010/02/19 00:20:46 | 000,000,024 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\cqfyto.dat
[2009/12/23 22:07:17 | 000,086,757 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\nvModes.001
[2009/12/14 14:13:34 | 000,086,757 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\nvModes.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 255 bytes -> C:\ProgramData\TEMP:2B40A7DB
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:25D6137A
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:774C075A
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:D0757AAB
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:5A7229F8
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:1B90AAB4
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:14B2E0BD
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:6F55EB66
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:0B90CB6E
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:1DD8718C
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:C5AE4E07
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:80FE037D
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:C66222F3
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:32EB03F7
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:B8791731
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:5C818B5D
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:13019F4B
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9EDB8010
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:48977386
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:24439EC4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F7A0076D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BECA50FF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E73E1C2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:BFE54417
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:5517FE79
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B5910F53
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:417158A5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E3D8C69A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:7FB925BF
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F0A0EEBB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8AA8199A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:703C37CD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:339F5966
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:203CAFEE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:ACE7A9BB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DDD1277F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CB299F13
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:AE75CCC8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:42D908E5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:283B4301
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A4560327
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6285760B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:20D4F98B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:15F6F939
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0F6AC518
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E6540C35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4244811A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CD5582E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F26F5952
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:71004506
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:90C320E1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5433DBEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F3029A65
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8164A00A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:ABADFC83
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DE813CDD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:98F6F85C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E37F131C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9962F07B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7E0EFF7B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:13CDB0E0
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:B9AB561D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FD2BFC89
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:064877B6
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:ABFEED8E

< End of report >

Please help me to fix the problems. I appreciate your help greatly.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 PM

Posted 06 July 2012 - 12:04 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
    FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
    FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: {6FCD9DF9-71FB-49CE-A60F-915A258C2B64}:1.9.1
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/06/21 22:03:15 | 000,000,000 | ---D | M]
    [2011/01/30 21:08:28 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\vshare@toolbar
    [2011/03/18 15:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/03/18 15:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vshare\vshare_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vshare\vshare_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vshare\vshare_toolbar.dll ()
    O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vshare\vshare_toolbar.dll ()
    @Alternate Data Stream - 255 bytes -> C:\ProgramData\TEMP:2B40A7DB
    @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:A819A132
    @Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:25D6137A
    @Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:774C075A
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:D0757AAB
    @Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:5A7229F8
    @Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:1B90AAB4
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:14B2E0BD
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:4EC7F009
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:6F55EB66
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:0B90CB6E
    @Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:1DD8718C
    @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:C5AE4E07
    @Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:80FE037D
    @Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:C66222F3
    @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:32EB03F7
    @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:B8791731
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:5C818B5D
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:13019F4B
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9EDB8010
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:48977386
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:24439EC4
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F7A0076D
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BECA50FF
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E73E1C2
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:BFE54417
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:5517FE79
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:16F4BC64
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B5910F53
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:417158A5
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E3D8C69A
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:7FB925BF
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F0A0EEBB
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8AA8199A
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:703C37CD
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:339F5966
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:203CAFEE
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:ACE7A9BB
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:12258D63
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DDD1277F
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CB299F13
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:AE75CCC8
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:943971F5
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:42D908E5
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:283B4301
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A4560327
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6285760B
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:20D4F98B
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:15F6F939
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0F6AC518
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E6540C35
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4244811A
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CD5582E
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F26F5952
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:71004506
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:90C320E1
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5433DBEF
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F3029A65
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8164A00A
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6A0A47E7
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:ABADFC83
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DE813CDD
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:98F6F85C
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E37F131C
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9962F07B
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8BE7A048
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7E0EFF7B
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:13CDB0E0
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:B9AB561D
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FD2BFC89
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:064877B6
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:ABFEED8E
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

--------------

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Please post the logs and let me know what problem persists.

#3 DanTheMan6

DanTheMan6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:32 PM

Posted 06 July 2012 - 04:28 PM

OTL quickscan log:

OTL logfile created on: 7/6/2012 4:39:53 PM - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Dan\Desktop\Computer Issues
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 62.99% Memory free
4.00 Gb Paging File | 3.15 Gb Available in Paging File | 78.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.86 Gb Total Space | 88.52 Gb Free Space | 40.08% Space Free | Partition Type: NTFS
Drive D: | 12.02 Gb Total Space | 1.82 Gb Free Space | 15.18% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 23:45:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\Computer Issues\OTL.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/03/01 14:57:36 | 000,232,616 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
PRC - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/09 14:57:54 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/07 15:38:26 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2008/06/16 09:03:20 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2007/09/15 04:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 06:47:41 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 06:47:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 06:46:52 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 06:46:08 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/14 07:01:23 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/14 07:00:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/14 07:00:56 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/05/14 07:00:56 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/14 07:00:55 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/14 07:00:54 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/14 06:59:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/14 06:59:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/14 06:59:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/14 06:59:33 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/14 06:59:22 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 00:12:59 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2010/11/04 21:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/12/09 17:56:17 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/20 13:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 13:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 13:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2007/10/01 20:11:02 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2007/10/01 20:11:00 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2007/10/01 20:10:50 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2007/10/01 20:10:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2007/10/01 20:10:20 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2007/10/01 20:10:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2007/10/01 20:10:20 | 000,006,144 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/07/02 06:40:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/24 21:25:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
SRV - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/28 04:00:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/09 14:57:54 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/11/07 15:38:26 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - [2012/06/26 17:54:15 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120705.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/06/26 17:54:15 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120705.036\NAVENG.SYS -- (NAVENG)
DRV - [2012/06/18 20:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 14:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120705.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/31 07:19:33 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 07:19:33 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/09 22:41:27 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\symnets.sys -- (SymNetS)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NAV\1207010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2010/07/01 17:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2009/10/26 03:01:40 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009/10/03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007/09/30 23:34:02 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 02:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 18:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 20:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{66F00777-E2CA-4B62-B7A4-84C1ECB19796}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{AB803740-4F48-471B-B18F-189876C45BD5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.blekko.com/ws/?source=5a76da41&toolbarid=searchcom_001&u=2012041082E14F569E47EF82AB786BC4&tbp=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{03098b35-e47c-4ba2-8563-e8288ae4b3a4}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2673D1CF-7D8E-47AE-82EA-C243C66C20F8}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MDF&o=15691&src=kw&q={searchTerms}&locale=&apn_ptnrs=FY&apn_dtid=YYYYYYYYUS&apn_uid=ebcd25f1-23c3-4ae9-9458-62cab80e9a63&apn_sauid=33F80B26-16B2-4F7F-9885-CC25F079F8B7
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?source=5a76da41&tbp=rbox&toolbarid=searchcom_001&u=2012041082E14F569E47EF82AB786BC4&q={searchTerms}
IE - HKCU\..\SearchScopes\{AB803740-4F48-471B-B18F-189876C45BD5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.order.2: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120102,6902,0,24,0"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.optimum.net/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/08 02:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/02/01 22:33:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/06/21 22:03:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/02 06:40:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/06 16:32:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/08 02:19:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6FCD9DF9-71FB-49CE-A60F-915A258C2B64}: C:\Users\Dan\AppData\Local\{6FCD9DF9-71FB-49CE-A60F-915A258C2B64}\ [2010/02/19 00:24:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/02 06:40:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/06 16:32:52 | 000,000,000 | ---D | M]

[2012/01/09 23:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2012/07/06 16:32:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions
[2010/11/27 00:25:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/10 19:26:58 | 000,000,000 | ---D | M] (Bekko Search Bar 1.0) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\{65253f44-5bbe-8f44-dd13-9a975643fec2}
[2012/04/10 19:24:36 | 000,000,000 | ---D | M] (Search.com Bar) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\{80987362-6216-49bc-98e4-77e6cf71a5d7}
[2012/06/08 09:45:02 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\wecarereminder@bryan
[2009/12/20 21:12:34 | 000,004,554 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\searchplugins\aim-search.xml
[2012/01/09 21:07:00 | 000,002,572 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\searchplugins\askcom.xml
[2012/01/09 23:25:17 | 000,002,519 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\searchplugins\Search_Results.xml
[2012/01/09 23:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/07 11:59:41 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\DAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNJZQ5K6.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012/05/27 15:26:22 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\DAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNJZQ5K6.DEFAULT\EXTENSIONS\BOVNMJQHMK@BOVNMJQHMK.ORG.XPI
[2011/11/10 10:59:53 | 000,019,317 | ---- | M] () (No name found) -- C:\USERS\DAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNJZQ5K6.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM.XPI
[2012/07/02 06:40:32 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/01 23:53:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/22 13:45:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/10 19:24:35 | 000,002,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/01/09 23:25:17 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/03/22 13:45:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search.com Bar) - {80987362-6216-49bc-98e4-77e6cf71a5d7} - C:\Program Files\searchcom_001\searchcom_001X.dll ()
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search.com Bar) - {80987362-6216-49bc-98e4-77e6cf71a5d7} - C:\Program Files\searchcom_001\searchcom_001X.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD}: DhcpNameServer = 192.168.1.1 68.237.161.12
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop BackupWallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{ce3e8405-4eca-11df-a13e-001b24739154}\Shell - "" = AutoRun
O33 - MountPoints2\{ce3e8405-4eca-11df-a13e-001b24739154}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{de2e7449-f218-11de-b632-001b24739154}\Shell - "" = AutoRun
O33 - MountPoints2\{de2e7449-f218-11de-b632-001b24739154}\Shell\AutoRun\command - "" = F:\MI.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 16:32:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/06 16:31:31 | 004,573,044 | ---- | C] (Swearware) -- C:\Users\Dan\Desktop\ComboFix.exe
[2012/07/05 18:43:36 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dan\Desktop\aswMBR.exe
[2012/07/01 20:21:55 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Computer Issues
[2012/06/27 22:53:21 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\NPE
[2012/06/24 22:37:12 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Macromedia
[2012/06/24 21:02:27 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Tific
[2012/06/24 21:02:12 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Symantec
[2012/06/22 11:55:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/06/17 08:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/17 08:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/17 08:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/17 08:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/17 08:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/09 23:55:35 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\WinZip
[2012/06/09 23:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/06/09 23:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/06 16:45:08 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 16:45:08 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 16:44:16 | 000,672,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/06 16:44:16 | 000,126,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/06 16:37:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 16:36:41 | 1609,814,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 16:31:34 | 004,573,044 | ---- | M] (Swearware) -- C:\Users\Dan\Desktop\ComboFix.exe
[2012/07/06 16:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 15:53:15 | 000,000,222 | ---- | M] () -- C:\Users\Dan\.swfinfo
[2012/07/06 07:31:18 | 000,000,512 | ---- | M] () -- C:\Users\Dan\Desktop\MBR.dat
[2012/07/05 20:11:58 | 000,003,184 | ---- | M] () -- C:\{600D70DC-9569-4853-83BD-B47AB48D29CF}
[2012/07/05 19:06:22 | 305,868,644 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/05 18:43:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dan\Desktop\aswMBR.exe
[2012/07/03 19:50:56 | 000,001,808 | ---- | M] () -- C:\{A422E826-D401-4AC9-8202-A734938DC044}
[2012/07/03 19:49:50 | 000,003,184 | ---- | M] () -- C:\{02B5E936-A57C-4A57-A36C-86F89D5F4990}
[2012/07/03 19:41:32 | 000,003,184 | ---- | M] () -- C:\{88C75C86-981F-4F94-B0C3-1659D4D14E8B}
[2012/07/03 19:32:32 | 000,003,184 | ---- | M] () -- C:\{A8C35D1E-C3AA-42E9-9CF0-B7B3947E7A62}
[2012/07/03 19:20:38 | 000,003,168 | ---- | M] () -- C:\{DD61604A-2FFA-42CF-9FB3-D9232BA1BAC1}
[2012/07/03 19:16:42 | 000,002,320 | ---- | M] () -- C:\{B42C5498-FD98-41E9-98BC-C337E7B07BEF}
[2012/07/01 20:07:24 | 000,003,168 | ---- | M] () -- C:\{D2D769CD-04CC-4F75-A832-9E2D2C4BCD01}
[2012/06/30 15:13:15 | 000,003,168 | ---- | M] () -- C:\{6A9956D7-6FDC-4A4A-B8B7-2A4215DCFB84}
[2012/06/27 23:10:09 | 000,003,168 | ---- | M] () -- C:\{A6CD24EB-448E-4385-A430-AF12015281D1}
[2012/06/27 22:51:26 | 000,003,192 | ---- | M] () -- C:\{396446A5-844D-43AB-9A44-30CA350C8DA5}
[2012/06/17 08:49:41 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/17 08:35:08 | 000,002,503 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/14 06:42:28 | 000,386,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/09 23:46:29 | 000,007,680 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/06 16:38:10 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\800000cb.@
[2012/07/06 16:38:10 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\80000000.@
[2012/07/06 07:31:18 | 000,000,512 | ---- | C] () -- C:\Users\Dan\Desktop\MBR.dat
[2012/07/05 20:11:58 | 000,003,184 | ---- | C] () -- C:\{600D70DC-9569-4853-83BD-B47AB48D29CF}
[2012/07/03 19:50:54 | 000,001,808 | ---- | C] () -- C:\{A422E826-D401-4AC9-8202-A734938DC044}
[2012/07/03 19:49:49 | 000,003,184 | ---- | C] () -- C:\{02B5E936-A57C-4A57-A36C-86F89D5F4990}
[2012/07/03 19:41:30 | 000,003,184 | ---- | C] () -- C:\{88C75C86-981F-4F94-B0C3-1659D4D14E8B}
[2012/07/03 19:32:31 | 000,003,184 | ---- | C] () -- C:\{A8C35D1E-C3AA-42E9-9CF0-B7B3947E7A62}
[2012/07/03 19:20:36 | 000,003,168 | ---- | C] () -- C:\{DD61604A-2FFA-42CF-9FB3-D9232BA1BAC1}
[2012/07/03 19:16:40 | 000,002,320 | ---- | C] () -- C:\{B42C5498-FD98-41E9-98BC-C337E7B07BEF}
[2012/07/01 20:07:24 | 000,003,168 | ---- | C] () -- C:\{D2D769CD-04CC-4F75-A832-9E2D2C4BCD01}
[2012/06/30 15:13:10 | 000,003,168 | ---- | C] () -- C:\{6A9956D7-6FDC-4A4A-B8B7-2A4215DCFB84}
[2012/06/30 14:57:42 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\00000001.@
[2012/06/27 23:10:09 | 000,003,168 | ---- | C] () -- C:\{A6CD24EB-448E-4385-A430-AF12015281D1}
[2012/06/27 22:51:23 | 000,003,192 | ---- | C] () -- C:\{396446A5-844D-43AB-9A44-30CA350C8DA5}
[2012/06/22 11:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 08:49:40 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/23 18:12:41 | 000,000,222 | ---- | C] () -- C:\Users\Dan\.swfinfo
[2012/04/25 22:35:37 | 000,000,031 | ---- | C] () -- C:\Users\Dan\.mjsync_en_US
[2012/02/19 17:27:23 | 000,000,194 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/21 18:50:56 | 000,000,218 | ---- | C] () -- C:\Users\Dan\.recently-used.xbel
[2012/01/13 15:18:04 | 000,007,605 | ---- | C] () -- C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
[2012/01/11 12:32:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\@
[2012/01/11 12:32:13 | 000,002,048 | -HS- | C] () -- C:\Users\Dan\AppData\Local\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\@
[2011/10/25 11:29:15 | 000,000,668 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\wklnhst.dat
[2011/10/18 10:50:31 | 000,170,880 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/24 02:46:04 | 000,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2011/04/23 10:25:32 | 000,036,378 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/12/27 12:13:20 | 000,000,140 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/02 23:57:10 | 000,000,561 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\AutoGK.ini
[2010/12/02 00:33:40 | 000,007,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/27 01:13:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/24 13:51:17 | 001,486,848 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2010/10/24 13:51:17 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2010/10/24 13:50:47 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2010/10/24 13:50:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2010/10/24 13:50:43 | 000,046,592 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2010/06/01 18:22:36 | 000,000,091 | ---- | C] () -- C:\Users\Dan\AppData\Local\fusioncache.dat
[2010/04/02 23:41:00 | 000,008,956 | -HS- | C] () -- C:\Users\Dan\AppData\Local\Wv7V1mEL4UH
[2010/04/02 23:41:00 | 000,008,956 | -HS- | C] () -- C:\ProgramData\Wv7V1mEL4UH
[2010/04/01 07:58:38 | 000,011,322 | -HS- | C] () -- C:\Users\Dan\AppData\Local\8kUL5H5g
[2010/04/01 07:58:38 | 000,011,322 | -HS- | C] () -- C:\ProgramData\8kUL5H5g
[2010/03/14 21:47:50 | 000,009,486 | -HS- | C] () -- C:\Users\Dan\AppData\Local\5S3XHQw8vF
[2010/02/19 00:24:29 | 000,000,120 | ---- | C] () -- C:\Users\Dan\AppData\Local\Vxanikikodurexur.dat
[2010/02/19 00:24:29 | 000,000,000 | ---- | C] () -- C:\Users\Dan\AppData\Local\Cgakolop.bin
[2010/02/19 00:20:46 | 000,000,024 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\cqfyto.dat
[2009/12/23 22:07:17 | 000,086,757 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\nvModes.001
[2009/12/14 14:13:34 | 000,086,757 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\nvModes.dat

========== LOP Check ==========

[2012/06/24 22:32:15 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\acccore
[2011/10/11 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Alawar Stargaze
[2011/12/27 12:17:52 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\AlawarEntertainment
[2011/09/08 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\AlderGames
[2011/07/22 13:02:18 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Amazon
[2012/06/03 23:50:57 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Artifex Mundi
[2011/08/23 23:04:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Boolat Games
[2012/01/11 00:54:16 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Boomzap
[2011/12/13 22:46:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DieselPuppet
[2012/01/10 04:23:34 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\EA
[2012/02/07 23:57:36 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\EleFun Games
[2011/10/06 23:11:40 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Elephant Games
[2012/02/20 19:03:42 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ERS Game Studios
[2011/08/10 22:12:12 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Frogwares
[2011/09/24 01:44:24 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\funkitron
[2011/07/21 00:13:11 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Funlinker
[2012/04/09 21:56:48 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\GameInvest
[2011/10/19 21:58:35 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Games
[2011/09/23 21:13:46 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Ghost Ship Studios
[2012/02/14 00:20:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Gogii
[2012/01/21 18:50:40 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\gtk-2.0
[2011/12/02 22:55:00 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\HdO Adventure
[2011/09/05 21:00:12 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\IronCode
[2011/06/19 16:17:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\iWin
[2011/07/11 22:36:42 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LestaStudio
[2012/02/09 00:09:36 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Ludia
[2010/08/14 14:10:36 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\magellangps.com
[2012/06/04 22:50:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Masque
[2010/02/08 02:35:18 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Memeo
[2012/04/09 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mipony
[2011/09/23 18:09:22 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\monkey money
[2010/09/20 20:03:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\muvee Technologies
[2012/06/04 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Oberon Media
[2012/06/04 22:47:36 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\OpenCandy
[2012/02/20 23:42:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Orneon
[2011/08/19 08:13:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Pi Eye Games
[2011/07/30 17:09:17 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Pirateville
[2012/01/09 17:55:34 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PlayFirst
[2012/02/07 00:12:19 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PlayPond
[2011/07/29 16:43:21 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Pogo Games
[2011/09/24 02:54:21 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Quirky Games
[2011/06/29 23:07:36 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ReelDealSlotQuest_Alice
[2011/07/23 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ReelDealVampireAdventure
[2011/09/05 10:44:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\RockHero
[2012/05/06 19:31:25 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Spotify
[2011/10/25 11:29:18 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Template
[2012/06/24 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Tific
[2011/07/29 23:28:46 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Try2
[2012/01/09 00:39:30 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Twilight Games
[2010/02/08 02:35:24 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Uniblue
[2011/07/12 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uTorrent
[2011/12/26 23:21:38 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Vast Studios
[2011/06/19 15:52:39 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\WildTangent
[2010/11/01 21:59:39 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Windows Live Writer
[2011/09/25 20:18:22 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\www.playpublic.com
[2012/01/15 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\YoudaGames
[2012/04/18 17:58:43 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >





Combofix log:

ComboFix 12-07-06.02 - Dan 07/06/2012 17:02:29.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1243 [GMT -4:00]
Running from: c:\users\Dan\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\@
c:\windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\00000001.@
c:\windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\80000000.@
c:\windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\800000cb.@
c:\windows\system32\KBL.LOG
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy8_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 21:15 . 2012-07-06 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 20:32 . 2012-07-06 20:32 -------- d-----w- C:\_OTL
2012-07-02 10:40 . 2012-07-02 10:40 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-02 10:40 . 2012-07-02 10:40 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-28 02:53 . 2012-06-28 03:44 -------- d-----w- c:\users\Dan\AppData\Local\NPE
2012-06-25 02:37 . 2012-06-25 02:37 -------- d-----w- c:\users\Dan\AppData\Local\Macromedia
2012-06-25 01:02 . 2012-06-25 01:02 -------- d-----w- c:\users\Dan\AppData\Roaming\Tific
2012-06-25 01:02 . 2012-06-25 01:02 -------- d-----w- c:\users\Dan\AppData\Local\Symantec
2012-06-22 15:55 . 2012-06-22 15:55 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 15:18 . 2012-06-25 01:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 10:44 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 10:44 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 10:44 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 10:44 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 10:43 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 10:43 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 10:43 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 10:41 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 10:41 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 12:48 . 2012-06-17 12:48 -------- d-----w- c:\program files\iPod
2012-06-17 12:48 . 2012-06-17 12:49 -------- d-----w- c:\program files\iTunes
2012-06-14 10:07 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-13 22:06 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:05 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 22:05 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:05 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:05 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:05 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:05 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 22:05 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 22:05 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 22:05 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-10 03:55 . 2012-06-10 03:55 -------- d-----w- c:\users\Dan\AppData\Local\WinZip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 01:25 . 2011-12-01 14:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-07-02 10:40 . 2011-11-10 14:57 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{80987362-6216-49bc-98e4-77e6cf71a5d7}]
2012-03-01 21:00 85288 ----a-w- c:\program files\searchcom_001\searchcom_001X.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{80987362-6216-49bc-98e4-77e6cf71a5d7}"= "c:\program files\searchcom_001\searchcom_001X.dll" [2012-03-01 85288]
.
[HKEY_CLASSES_ROOT\clsid\{80987362-6216-49bc-98e4-77e6cf71a5d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-01 232616]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 13:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-04-04 19:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoBackup]
2008-11-07 19:38 144608 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2008-11-06 18:20 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 20:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 21:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-10-01 03:34 181544 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1207010.003\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1207010.003\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120705.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1207010.003\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1207010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 01:25]
.
.
------- Supplementary Scan -------
.
uStart Page = https://search.blekko.com/ws/?source=5a76da41&toolbarid=searchcom_001&u=2012041082E14F569E47EF82AB786BC4&tbp=homepage
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-QlbCtrl - c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
MSConfigStartUp-userinit - c:\users\Dan\AppData\Roaming\sdra64.exe
AddRemove-BFG-Film Fatale - Lights, Camera, Madness! - c:\program files\Film Fatale - Lights
AddRemove-CNXT_AUDIO_HDA - c:\program files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe
AddRemove-CNXT_MODEM_HDA_HSF - c:\program files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe
AddRemove-WT026598 - c:\program files\HP Games\7 Wonders of the Ancient World\Uninstall.exe
AddRemove-WT026599 - c:\program files\HP Games\Blasterball 2 Revolution\Uninstall.exe
AddRemove-WT026600 - c:\program files\HP Games\Blasterball 3\Uninstall.exe
AddRemove-WT026617 - c:\program files\HP Games\FATE\Uninstall.exe
AddRemove-WT026647 - c:\program files\HP Games\Fish Tycoon\Uninstall.exe
AddRemove-WT026656 - c:\program files\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT026657 - c:\program files\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT026658 - c:\program files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe
AddRemove-WT026659 - c:\program files\HP Games\Super Granny\Uninstall.exe
AddRemove-WT026678 - c:\program files\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT026689 - c:\program files\HP Games\Insaniquarium Deluxe\Uninstall.exe
AddRemove-WT026728 - c:\program files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe
AddRemove-WT026729 - c:\program files\HP Games\Virtual Villagers - A New Home\Uninstall.exe
AddRemove-WT026730 - c:\program files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe
AddRemove-WT026780 - c:\program files\HP Games\Final Drive Nitro\Uninstall.exe
AddRemove-WT026781 - c:\program files\HP Games\Tradewinds\Uninstall.exe
AddRemove-WT026813 - c:\program files\HP Games\Shooting Stars Pool\Uninstall.exe
AddRemove-WT026814 - c:\program files\HP Games\Ricochet Lost Worlds\Uninstall.exe
AddRemove-WT026837 - c:\program files\HP Games\Diner Dash\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5180)
c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\DllHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-07-06 17:25:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-06 21:25
.
Pre-Run: 94,951,120,896 bytes free
Post-Run: 94,751,383,552 bytes free
.
- - End Of File - - 825FDF8AA9AD655AD8480EFE03D77FDD


I will let you know if any problems persist. Thanks for the help!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 PM

Posted 07 July 2012 - 09:48 AM

Looking good.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 PM

Posted 13 July 2012 - 08:38 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users