Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen.b and Trojan.Zeroaccess.2


  • This topic is locked This topic is locked
9 replies to this topic

#1 DanTheMan6

DanTheMan6

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 05 July 2012 - 09:24 AM

Norton keeps alerting me that the Trojan.Gen.B virus and Trojan.Zeroaccess virus' have been detected and blocked. I've run the DDS, OTL, TDSSKiller, and FSS. All scans were run as administrator, and the norton antivirus protection was temporarily disabled during the scans. Here are the Results:

DDS Scan:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Dan at 19:25:14 on 2012-07-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.854 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\vssvc.exe
C:\Users\Dan\Desktop\tdsskiller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Users\Dan\Desktop\OTL.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://search.blekko.com/ws/?source=5a76da41&toolbarid=searchcom_001&u=2012041082E14F569E47EF82AB786BC4&tbp=homepage
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = about:blank
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.7.1.3\ips\IPSBHO.DLL
BHO: Search.com Bar: {80987362-6216-49bc-98e4-77e6cf71a5d7} - c:\program files\searchcom_001\searchcom_001X.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Search.com Bar: {80987362-6216-49bc-98e4-77e6cf71a5d7} - c:\program files\searchcom_001\searchcom_001X.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD} : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD}\64275656458656E456470275966696 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD}\74575637470294E6475627E6564702143636563737E2 : DhcpNameServer = 75.94.255.12 64.13.115.12
TCP: Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD}\84162727963784F6D656 : DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD}\C696E6B6379737 : DhcpNameServer = 167.206.254.1 167.206.254.2
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\rnjzq5k6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.optimum.net/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\dan\appdata\roaming\mozilla\firefox\profiles\rnjzq5k6.default\extensions\vshare@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dan\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-3 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20120619.001\BHDrvx86.sys [2012-6-18 821920]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20120629.001\IDSvix86.sys [2012-6-30 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-3 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1207010.003\symnets.sys [2012-4-3 299640]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\hp\quickplay\000.fcl [2008-1-4 39408]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-10-24 99896]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2008-11-7 25824]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2012-4-10 13880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-3 106656]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-12 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-22 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 129976]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-10-24 17408]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-06-28 02:53:21 -------- d-----w- c:\users\dan\appdata\local\NPE
2012-06-25 02:37:12 -------- d-----w- c:\users\dan\appdata\local\Macromedia
2012-06-25 01:02:27 -------- d-----w- c:\users\dan\appdata\roaming\Tific
2012-06-25 01:02:12 -------- d-----w- c:\users\dan\appdata\local\Symantec
2012-06-22 15:55:40 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 15:18:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 10:44:36 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 10:43:04 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 10:41:43 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 10:41:43 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-17 12:48:11 -------- d-----w- c:\program files\iPod
2012-06-17 12:48:10 -------- d-----w- c:\program files\iTunes
2012-06-13 22:06:00 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:05:59 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 22:05:57 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:05:55 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:05:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:05:55 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:05:54 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 22:05:48 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 22:05:48 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 22:05:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-10 03:55:35 -------- d-----w- c:\users\dan\appdata\local\WinZip
2012-06-05 21:44:44 -------- d-----w- c:\program files\Enigmatis - The Ghosts of Maple Creek Collector's Edition
2012-06-05 03:05:14 -------- d-----w- c:\users\dan\appdata\roaming\Oberon Media
2012-06-05 02:50:58 -------- d-----w- c:\users\dan\appdata\roaming\Masque
2012-06-05 02:49:34 -------- d-----w- c:\program files\Yahoo! Games
2012-06-04 03:50:57 -------- d-----w- c:\users\dan\appdata\roaming\Artifex Mundi
.
==================== Find3M ====================
.
2012-06-25 01:25:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:26:16.36 ===============


Kapersky's TDSSKiller found no threats

FSS Scan Results:

Farbar Service Scanner Version: 01-07-2012
Ran by Dan (administrator) on 01-07-2012 at 18:57:08
Running from "C:\Users\Dan\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
IE proxy is enabled.



Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

OTL Scan:

OTL logfile created on: 7/1/2012 7:11:54 PM - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Dan\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.05% Memory free
4.00 Gb Paging File | 2.60 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.86 Gb Total Space | 88.33 Gb Free Space | 39.99% Space Free | Partition Type: NTFS
Drive D: | 12.02 Gb Total Space | 1.82 Gb Free Space | 15.18% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 18:32:55 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
PRC - [2012/06/27 23:45:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
PRC - [2012/06/24 21:25:18 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/04 16:45:43 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/01 14:57:36 | 000,232,616 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/11/09 14:57:54 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/07 15:38:26 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2007/09/15 04:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/24 21:25:18 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/05/04 16:45:43 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/09 17:56:17 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/20 13:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 13:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 13:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/06/24 21:25:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 16:45:43 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
SRV - [2011/04/08 11:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/28 04:00:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/09 14:57:54 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/11/07 15:38:26 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - [2012/06/26 17:54:15 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120630.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/06/26 17:54:15 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120630.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/06/18 20:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 14:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120629.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/31 07:19:33 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 07:19:33 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/09 22:41:27 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\symnets.sys -- (SymNetS)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1207010.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2010/07/01 17:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2009/10/26 03:01:40 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009/10/03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/04/20 14:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2007/09/30 23:34:02 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 02:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 18:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 20:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{66F00777-E2CA-4B62-B7A4-84C1ECB19796}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AB803740-4F48-471B-B18F-189876C45BD5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.blekko.com/ws/?source=5a76da41&toolbarid=searchcom_001&u=2012041082E14F569E47EF82AB786BC4&tbp=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{03098b35-e47c-4ba2-8563-e8288ae4b3a4}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2673D1CF-7D8E-47AE-82EA-C243C66C20F8}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MDF&o=15691&src=kw&q={searchTerms}&locale=&apn_ptnrs=FY&apn_dtid=YYYYYYYYUS&apn_uid=ebcd25f1-23c3-4ae9-9458-62cab80e9a63&apn_sauid=33F80B26-16B2-4F7F-9885-CC25F079F8B7
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?source=5a76da41&tbp=rbox&toolbarid=searchcom_001&u=2012041082E14F569E47EF82AB786BC4&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AB803740-4F48-471B-B18F-189876C45BD5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.order.2: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120102,6902,0,24,0"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.optimum.net/"
FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.3
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {6FCD9DF9-71FB-49CE-A60F-915A258C2B64}:1.9.1
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.10.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={57BA2F40-F14D-422A-BF02-D06B9DCB1F48}&Version=3.6.5&Vintage=20120102&Defaultbrowserid=24&Productid=2750&Vendorid=6290&Offerid=6894&searchterm="
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/08 02:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/02/01 22:33:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/06/21 22:03:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/17 08:38:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/17 08:38:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/08 02:19:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6FCD9DF9-71FB-49CE-A60F-915A258C2B64}: C:\Users\Dan\AppData\Local\{6FCD9DF9-71FB-49CE-A60F-915A258C2B64}\ [2010/02/19 00:24:28 | 000,000,000 | ---D | M]

[2012/01/09 23:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2012/06/08 09:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions
[2010/11/27 00:25:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/10 19:26:58 | 000,000,000 | ---D | M] (Bekko Search Bar 1.0) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\{65253f44-5bbe-8f44-dd13-9a975643fec2}
[2012/04/10 19:24:36 | 000,000,000 | ---D | M] (Search.com Bar) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\{80987362-6216-49bc-98e4-77e6cf71a5d7}
[2011/01/30 21:08:28 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\vshare@toolbar
[2012/06/08 09:45:02 | 000,000,000 | ---D | M] (We-Care Reminder) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\extensions\wecarereminder@bryan
[2009/12/20 21:12:34 | 000,004,554 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\searchplugins\aim-search.xml
[2012/01/09 21:07:00 | 000,002,572 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\searchplugins\askcom.xml
[2012/01/09 23:25:17 | 000,002,519 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\rnjzq5k6.default\searchplugins\Search_Results.xml
[2012/01/09 23:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/07 11:59:41 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\DAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNJZQ5K6.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012/05/27 15:26:22 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\DAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNJZQ5K6.DEFAULT\EXTENSIONS\BOVNMJQHMK@BOVNMJQHMK.ORG.XPI
[2011/11/10 10:59:53 | 000,019,317 | ---- | M] () (No name found) -- C:\USERS\DAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNJZQ5K6.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM.XPI
[2012/05/04 16:45:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 15:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/08/01 23:53:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 15:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/03/22 13:45:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/10 19:24:35 | 000,002,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/01/09 23:25:17 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/03/22 13:45:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vshare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search.com Bar) - {80987362-6216-49bc-98e4-77e6cf71a5d7} - C:\Program Files\searchcom_001\searchcom_001X.dll ()
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vshare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search.com Bar) - {80987362-6216-49bc-98e4-77e6cf71a5d7} - C:\Program Files\searchcom_001\searchcom_001X.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vshare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6483B6B7-2CC6-43D9-9883-FAF50566CEFD}: DhcpNameServer = 192.168.1.1 68.237.161.12
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vshare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop BackupWallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{ce3e8405-4eca-11df-a13e-001b24739154}\Shell - "" = AutoRun
O33 - MountPoints2\{ce3e8405-4eca-11df-a13e-001b24739154}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{de2e7449-f218-11de-b632-001b24739154}\Shell - "" = AutoRun
O33 - MountPoints2\{de2e7449-f218-11de-b632-001b24739154}\Shell\AutoRun\command - "" = F:\MI.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 18:32:50 | 002,134,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2012/06/27 23:45:38 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2012/06/27 22:53:21 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\NPE
[2012/06/24 22:37:12 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Macromedia
[2012/06/24 21:02:27 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Tific
[2012/06/24 21:02:12 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Symantec
[2012/06/22 11:55:40 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/06/22 11:18:59 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/19 06:44:37 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/19 06:44:36 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/19 06:43:04 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/19 06:43:04 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/19 06:43:04 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/19 06:41:43 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/19 06:41:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/17 08:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/17 08:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/17 08:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/17 08:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/17 08:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/14 06:07:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 06:07:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 06:07:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 06:07:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 06:07:01 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 06:07:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 06:07:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 18:06:00 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 18:05:55 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/13 18:05:55 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/13 18:05:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/09 23:55:35 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\WinZip
[2012/06/09 23:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/06/09 23:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/06/05 17:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enigmatis - The Ghosts of Maple Creek Collector's Edition
[2012/06/05 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enigmatis - The Ghosts of Maple Creek Collector's Edition
[2012/06/05 17:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigmatis - The Ghosts of Maple Creek Collector's Edition
[2012/06/04 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Oberon Media
[2012/06/04 22:50:58 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Masque
[2012/06/04 22:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Games
[2012/06/04 22:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games
[2012/06/03 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Artifex Mundi
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/01 18:33:56 | 000,341,321 | ---- | M] () -- C:\Users\Dan\Desktop\FSS.exe
[2012/07/01 18:32:55 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\tdsskiller.exe
[2012/07/01 18:30:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 18:30:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 15:13:15 | 000,003,168 | ---- | M] () -- C:\{6A9956D7-6FDC-4A4A-B8B7-2A4215DCFB84}
[2012/06/28 06:53:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 06:53:03 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 00:27:41 | 1609,814,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 23:45:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe
[2012/06/27 23:10:09 | 000,003,168 | ---- | M] () -- C:\{A6CD24EB-448E-4385-A430-AF12015281D1}
[2012/06/27 22:51:26 | 000,003,192 | ---- | M] () -- C:\{396446A5-844D-43AB-9A44-30CA350C8DA5}
[2012/06/24 21:25:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/24 21:25:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/17 08:49:41 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/17 08:35:08 | 000,002,503 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/14 19:03:13 | 000,672,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 19:03:13 | 000,126,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/14 18:50:20 | 000,000,222 | ---- | M] () -- C:\Users\Dan\.swfinfo
[2012/06/14 06:42:28 | 000,386,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/10 20:29:49 | 340,065,094 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/09 23:46:29 | 000,007,680 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/05 17:46:25 | 000,002,328 | ---- | M] () -- C:\Users\Public\Desktop\Play Enigmatis - The Ghosts of Maple Creek Collector's Edition.lnk
[2012/06/05 17:46:25 | 000,001,320 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/01 18:39:03 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\800000cb.@
[2012/07/01 18:33:56 | 000,341,321 | ---- | C] () -- C:\Users\Dan\Desktop\FSS.exe
[2012/06/30 15:13:10 | 000,003,168 | ---- | C] () -- C:\{6A9956D7-6FDC-4A4A-B8B7-2A4215DCFB84}
[2012/06/30 14:57:43 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\80000000.@
[2012/06/30 14:57:42 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\00000001.@
[2012/06/27 23:10:09 | 000,003,168 | ---- | C] () -- C:\{A6CD24EB-448E-4385-A430-AF12015281D1}
[2012/06/27 22:51:23 | 000,003,192 | ---- | C] () -- C:\{396446A5-844D-43AB-9A44-30CA350C8DA5}
[2012/06/22 11:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 08:49:40 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/05 17:46:25 | 000,001,320 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/06/05 17:46:22 | 000,002,328 | ---- | C] () -- C:\Users\Public\Desktop\Play Enigmatis - The Ghosts of Maple Creek Collector's Edition.lnk
[2012/05/23 18:12:41 | 000,000,222 | ---- | C] () -- C:\Users\Dan\.swfinfo
[2012/04/25 22:35:37 | 000,000,031 | ---- | C] () -- C:\Users\Dan\.mjsync_en_US
[2012/02/19 17:27:23 | 000,000,194 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/21 18:50:56 | 000,000,218 | ---- | C] () -- C:\Users\Dan\.recently-used.xbel
[2012/01/13 15:18:04 | 000,007,605 | ---- | C] () -- C:\Users\Dan\AppData\Local\Resmon.ResmonCfg
[2012/01/11 12:32:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\@
[2012/01/11 12:32:13 | 000,002,048 | -HS- | C] () -- C:\Users\Dan\AppData\Local\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\@
[2011/10/25 11:29:15 | 000,000,668 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\wklnhst.dat
[2011/10/18 10:50:31 | 000,170,880 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/24 02:46:04 | 000,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2011/04/23 10:25:32 | 000,036,378 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/12/27 12:13:20 | 000,000,140 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/02 23:57:10 | 000,000,561 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\AutoGK.ini
[2010/12/02 00:33:40 | 000,007,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/27 01:13:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/24 13:51:17 | 001,486,848 | ---- | C] () -- C:\Windows\System32\HP1100SM.EXE
[2010/10/24 13:51:17 | 000,151,552 | ---- | C] () -- C:\Windows\System32\HP1100LM.DLL
[2010/10/24 13:50:47 | 000,284,160 | ---- | C] () -- C:\Windows\System32\mvhlewsi.dll
[2010/10/24 13:50:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2010/10/24 13:50:43 | 000,046,592 | ---- | C] () -- C:\Windows\System32\HP1100SMs.dll
[2010/06/01 18:22:36 | 000,000,091 | ---- | C] () -- C:\Users\Dan\AppData\Local\fusioncache.dat
[2010/04/02 23:41:00 | 000,008,956 | -HS- | C] () -- C:\Users\Dan\AppData\Local\Wv7V1mEL4UH
[2010/04/02 23:41:00 | 000,008,956 | -HS- | C] () -- C:\ProgramData\Wv7V1mEL4UH
[2010/04/01 07:58:38 | 000,011,322 | -HS- | C] () -- C:\Users\Dan\AppData\Local\8kUL5H5g
[2010/04/01 07:58:38 | 000,011,322 | -HS- | C] () -- C:\ProgramData\8kUL5H5g
[2010/03/14 21:47:50 | 000,009,486 | -HS- | C] () -- C:\Users\Dan\AppData\Local\5S3XHQw8vF
[2010/02/19 00:24:29 | 000,000,120 | ---- | C] () -- C:\Users\Dan\AppData\Local\Vxanikikodurexur.dat
[2010/02/19 00:24:29 | 000,000,000 | ---- | C] () -- C:\Users\Dan\AppData\Local\Cgakolop.bin
[2010/02/19 00:20:46 | 000,000,024 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\cqfyto.dat
[2009/12/23 22:07:17 | 000,086,757 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\nvModes.001
[2009/12/14 14:13:34 | 000,086,757 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\nvModes.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 255 bytes -> C:\ProgramData\TEMP:2B40A7DB
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:25D6137A
@Alternate Data Stream - 237 bytes -> C:\ProgramData\TEMP:774C075A
@Alternate Data Stream - 234 bytes -> C:\ProgramData\TEMP:D0757AAB
@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:5A7229F8
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:1B90AAB4
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:14B2E0BD
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:6F55EB66
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:0B90CB6E
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:1DD8718C
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:C5AE4E07
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:80FE037D
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:C66222F3
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:32EB03F7
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:B8791731
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:5C818B5D
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:13019F4B
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9EDB8010
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:48977386
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:24439EC4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F7A0076D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BECA50FF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E73E1C2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:BFE54417
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:5517FE79
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:16F4BC64
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B5910F53
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:417158A5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E3D8C69A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:7FB925BF
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F0A0EEBB
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8AA8199A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:703C37CD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:339F5966
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:203CAFEE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:ACE7A9BB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:12258D63
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:DDD1277F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CB299F13
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:AE75CCC8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:943971F5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:42D908E5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:283B4301
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A4560327
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6285760B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:20D4F98B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:15F6F939
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0F6AC518
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E6540C35
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4244811A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1CD5582E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F26F5952
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:71004506
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:90C320E1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5433DBEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F3029A65
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8164A00A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6A0A47E7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:ABADFC83
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DE813CDD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:98F6F85C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E37F131C
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9962F07B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8BE7A048
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7E0EFF7B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:13CDB0E0
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:B9AB561D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:FD2BFC89
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:064877B6
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:ABFEED8E

< End of report >

Please help me to fix the problems. I appreciate your help greatly.

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 AM

Posted 05 July 2012 - 02:31 PM

Hello DanTheMan6,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


2.
Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 DanTheMan6

DanTheMan6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 05 July 2012 - 06:21 PM

Thank you. Here's the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 19:09:48
-----------------------------
19:09:48.922 OS Version: Windows 6.1.7601 Service Pack 1
19:09:48.923 Number of processors: 2 586 0x6802
19:09:48.927 ComputerName: DAN-PC UserName: Dan
19:11:06.610 Initialize success
19:11:21.502 AVAST engine defs: 12070501
19:12:29.145 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
19:12:29.153 Disk 0 Vendor: FUJITSU_MHY2250BH 890B Size: 238475MB BusType: 3
19:12:29.179 Disk 0 MBR read successfully
19:12:29.188 Disk 0 MBR scan
19:12:29.226 Disk 0 Windows 7 default MBR code
19:12:29.242 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226165 MB offset 63
19:12:29.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12307 MB offset 463186080
19:12:29.340 Disk 0 scanning sectors +488392065
19:12:29.440 Disk 0 scanning C:\Windows\system32\drivers
19:13:25.436 Service scanning
19:16:23.504 Modules scanning
19:17:37.237 Disk 0 trace - called modules:
19:17:37.276 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys
19:17:37.649 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a63030]
19:17:37.668 3 CLASSPNP.SYS[8942259e] -> nt!IofCallDriver -> [0x855fb348]
19:17:37.687 5 ACPI.sys[88bb63d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x855f6908]
19:17:38.754 AVAST engine scan C:\
19:20:30.138 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
19:20:30.144 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBR log.txt"


Yes i do have a thumbdrive.

#4 DanTheMan6

DanTheMan6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 05 July 2012 - 07:22 PM

I apologize. Please disregard results in prior post. I will be re-running the full scan tonight in safe mode and will post upon completion. Thank you.

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 AM

Posted 05 July 2012 - 09:25 PM

Do you have a USB flash drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 DanTheMan6

DanTheMan6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 05 July 2012 - 09:28 PM

Do you have a USB flash drive you can use?


Yes i do have a uSB flash drive

#7 DanTheMan6

DanTheMan6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 06 July 2012 - 06:37 AM

Here's the full scan results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 22:42:03
-----------------------------
22:42:03.580 OS Version: Windows 6.1.7601 Service Pack 1
22:42:03.580 Number of processors: 2 586 0x6802
22:42:03.580 ComputerName: DAN-PC UserName: Dan
22:42:04.158 Initialize success
22:42:14.329 AVAST engine defs: 12070501
22:42:20.116 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
22:42:20.116 Disk 0 Vendor: FUJITSU_MHY2250BH 890B Size: 238475MB BusType: 3
22:42:20.148 Disk 0 MBR read successfully
22:42:20.163 Disk 0 MBR scan
22:42:20.163 Disk 0 Windows 7 default MBR code
22:42:20.163 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226165 MB offset 63
22:42:20.210 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12307 MB offset 463186080
22:42:20.210 Disk 0 scanning sectors +488392065
22:42:20.257 Disk 0 scanning C:\Windows\system32\drivers
22:42:32.191 Service scanning
22:42:56.636 Modules scanning
22:43:01.519 Disk 0 trace - called modules:
22:43:01.534 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
22:43:01.534 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e57908]
22:43:01.550 3 CLASSPNP.SYS[8880559e] -> nt!IofCallDriver -> [0x849e2620]
22:43:01.566 5 ACPI.sys[87f993d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84994030]
22:43:02.377 AVAST engine scan C:\
00:50:54.036 File: C:\Windows\Installer\{78ef3ef7-0dfb-437b-fc10-37ddf3781684}\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
02:11:56.524 Scan finished successfully
07:31:18.379 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Desktop\MBR.dat"
07:31:18.379 The log file has been saved successfully to "C:\Users\Dan\Desktop\aswMBR - full scan.txt"

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 AM

Posted 06 July 2012 - 04:57 PM

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 AM

Posted 09 July 2012 - 08:29 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:29 AM

Posted 12 July 2012 - 01:27 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users