Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm infected by Win32/Sirefef.EZ and can't get rid with ESET


  • This topic is locked This topic is locked
44 replies to this topic

#1 atcmonke

atcmonke

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 13 July 2012 - 12:42 PM

Computer was acting up and so I used ESET to scan and it found this trojan, it removed the 3 out of 4 threats found but the 4th is "Operating in memory." I tried running ESET in Safe Mode and same thing. I can't get rid of it. Please help as this is a work computer and I am not sure, or slightly not sure, of where the trojan came from. Thank you in advance.

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 PM

Posted 13 July 2012 - 05:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
And

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#3 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 13 July 2012 - 07:18 PM

Just a heads up m0le, work day is done and I won't be back in the office on the infected computer until Monday. I hope that is alright. Thank you for assisting me with this issue.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 PM

Posted 13 July 2012 - 07:19 PM

No problem, atcmonke :)
Posted Image
m0le is a proud member of UNITE

#5 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 16 July 2012 - 01:36 PM

OTL logfile created on: 7/16/2012 11:30:32 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Cquence\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 72.52% Memory free
7.74 Gb Paging File | 6.56 Gb Available in Paging File | 84.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 616.45 Gb Free Space | 88.24% Space Free | Partition Type: NTFS

Computer Name: CQUENCE2-PC | User Name: Cquence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Cquence\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\Cquence\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\TalkSwitch\UDPLogger\UDPLogger.exe ()
PRC - C:\Program Files (x86)\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\AMT\UNS.exe (Intel)
PRC - C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel)


========== Modules (No Company Name) ==========

MOD - C:\Users\Cquence\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TSUDPLogger) -- C:\Program Files (x86)\TalkSwitch\UDPLogger\UDPLogger.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Realtek8185) -- C:\Program Files (x86)\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (atchksrv) Intel® -- C:\Program Files (x86)\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\AMT\UNS.exe (Intel)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (PTUMWVsp) -- C:\Windows\SysNative\drivers\PTUMWVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (PTUMWNSP) -- C:\Windows\SysNative\drivers\PTUMWNSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (PTUMWNET) -- C:\Windows\SysNative\drivers\PTUMWNET.sys (DEVGURU Co., LTD.)
DRV:64bit: - (PTUMWMdm) -- C:\Windows\SysNative\drivers\PTUMWMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (PTUMWFLT) -- C:\Windows\SysNative\drivers\PTUMWFLT.sys (DEVGURU Co., LTD.)
DRV:64bit: - (PTUMWCSP) -- C:\Windows\SysNative\drivers\PTUMWCSP.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (PTUMWCDF) -- C:\Windows\SysNative\drivers\PTUMWCDF.sys (DEVGURU Co., LTD.)
DRV:64bit: - (PTUMWBus) -- C:\Windows\SysNative\drivers\PTUMWBus.sys (DEVGURU Co., LTD.)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BrSerIb) Brother MFC Serial Interface Driver(WDM) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (BrUsbSIb) Brother MFC Serial USB Driver(WDM) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV:64bit: - (e1express) Intel® -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SMSIVZAM5X64) -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys (Smith Micro Inc.)
DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 41 89 07 1E F1 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{199F2572-67FC-4C3A-A7AD-E6A38307C1F8}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {563e4790-7e70-11da-a72b-0800200c9a66}:0.9c
FF - prefs.js..extensions.enabledItems: DragUrLink@mozilla.org:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1e0fd655-5aea-4b4c-a583-f76ef1e3af9c}:0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cquence\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cquence\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 07:46:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/16 09:37:48 | 000,000,000 | ---D | M]

[2010/06/10 09:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cquence\AppData\Roaming\Mozilla\Extensions
[2010/06/10 09:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cquence\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/07/12 07:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cquence\AppData\Roaming\Mozilla\Firefox\Profiles\rokbkx1b.default\extensions
[2012/05/30 07:59:17 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Cquence\AppData\Roaming\Mozilla\Firefox\Profiles\rokbkx1b.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/05/30 07:42:35 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Cquence\AppData\Roaming\Mozilla\Firefox\Profiles\rokbkx1b.default\extensions\ALone-live@ya.ru
[2011/01/10 09:39:54 | 000,000,000 | ---D | M] (Drag Ur Link) -- C:\Users\Cquence\AppData\Roaming\Mozilla\Firefox\Profiles\rokbkx1b.default\extensions\DragUrLink@mozilla.org
[2011/05/03 12:18:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Cquence\AppData\Roaming\Mozilla\Firefox\Profiles\rokbkx1b.default\extensions\engine@conduit.com
[2012/07/13 14:03:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cquence\AppData\Roaming\Mozilla\Firefox\Profiles\w3sk1x2x.default2\extensions
[2011/01/20 10:07:26 | 000,000,000 | ---D | M] (Easy DragToGo) -- C:\Users\Cquence\AppData\Roaming\Mozilla\Firefox\Profiles\w3sk1x2x.default2\extensions\{21cfaec0-dbb3-11dc-95ff-0800200c9a66}
[2012/05/30 07:44:03 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Cquence\AppData\Roaming\Mozilla\Firefox\Profiles\w3sk1x2x.default2\extensions\ALone-live@ya.ru
[2012/03/09 09:24:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/19 07:46:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/01 07:53:17 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\CQUENCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ROKBKX1B.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2011/12/21 09:43:18 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\CQUENCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ROKBKX1B.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012/07/12 07:49:39 | 000,525,390 | ---- | M] () (No name found) -- C:\USERS\CQUENCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ROKBKX1B.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/05/21 07:49:02 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\CQUENCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ROKBKX1B.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[1832/11/28 21:44:26 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\CQUENCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ROKBKX1B.DEFAULT\EXTENSIONS\AQXUEHVTQL@AQXUEHVTQL.ORG.XPI
[2012/03/22 08:20:50 | 000,032,381 | ---- | M] () (No name found) -- C:\USERS\CQUENCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ROKBKX1B.DEFAULT\EXTENSIONS\QUICKDRAG@MOZILLA.KTECHCOMPUTING.COM.XPI
[2011/09/15 08:50:47 | 000,035,641 | ---- | M] () (No name found) -- C:\USERS\CQUENCE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ROKBKX1B.DEFAULT\EXTENSIONS\TINYURL.ADDON@FAST-CHAT.CO.UK.XPI
[2012/06/19 07:46:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/02 11:54:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/26 08:41:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/09/08 08:48:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/09/08 08:48:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/09/08 08:48:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/09/08 08:48:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/09/08 08:48:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/09/08 08:48:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/09/08 08:48:07 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2012/03/09 09:24:08 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2011/03/23 09:45:27 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2012/03/09 09:24:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/03/23 09:45:27 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2012/03/09 09:24:08 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2012/04/25 10:52:27 | 000,003,413 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/03/09 09:24:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/03/09 09:24:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2012/03/09 09:24:08 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cquence\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Cquence\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cquence\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Cquence\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/26 09:47:55 | 000,000,969 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 102.112.2o7.net #paypal
O1 - Hosts: 72.21.211.174 clymb.s3.amazonaws.com #theclymb
O1 - Hosts: 93.158.110.153 fbcdn-sphotos-a.akamaihd.net #facebook
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Apps] C:\Users\Cquence\AppData\Local\Downloaded Installations\Apps\tvzjqlnhf.dll (Microsoft Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Cquence\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - Startup: C:\Users\Cquence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk = C:\Program Files (x86)\ShortKeys2\shklite.exe (Insight Software Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C36472D-4671-43B0-B231-E143A84A01B8}: DhcpNameServer = 208.57.0.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6ECC9D9-228E-4B0C-A91F-29FC1B097621}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1aa79f4e-362b-11e1-b793-002170465213}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa79f4e-362b-11e1-b793-002170465213}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{45aa7d28-dacd-11df-a741-002170465213}\Shell - "" = AutoRun
O33 - MountPoints2\{45aa7d28-dacd-11df-a741-002170465213}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{45aa7d33-dacd-11df-a741-002170465213}\Shell - "" = AutoRun
O33 - MountPoints2\{45aa7d33-dacd-11df-a741-002170465213}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{45aa7d68-dacd-11df-a741-002170465213}\Shell - "" = AutoRun
O33 - MountPoints2\{45aa7d68-dacd-11df-a741-002170465213}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/13 10:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/07/13 10:03:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/07/13 09:49:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/13 09:49:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/13 09:32:42 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/07/12 13:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/07/12 13:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/07/11 14:16:08 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

========== Files - Modified Within 30 Days ==========

[2012/07/16 11:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/16 11:30:14 | 4195,427,327 | ---- | M] () -- C:\Users\Cquence\Documents\Outlook.pst
[2012/07/16 11:29:48 | 011,141,120 | ---- | M] () -- C:\Users\Cquence\Documents\Motorsports.mdb
[2012/07/16 10:42:47 | 000,000,150 | ---- | M] () -- C:\Users\Cquence\Desktop\12911.csv
[2012/07/16 10:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3760198039-1548763481-595784584-1000UA.job
[2012/07/16 09:43:56 | 000,001,932 | ---- | M] () -- C:\Users\Cquence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShortKeys 2.lnk
[2012/07/16 07:47:04 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 07:47:04 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 07:44:00 | 000,765,812 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/16 07:44:00 | 000,650,782 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/16 07:44:00 | 000,118,456 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/16 07:39:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/16 07:39:39 | 3118,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/13 10:03:03 | 247,338,460 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/13 07:33:37 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3760198039-1548763481-595784584-1000Core.job
[2012/07/11 14:33:47 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 14:33:47 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/10 13:29:47 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
[2012/07/10 10:17:08 | 112,869,376 | ---- | M] () -- C:\Users\Cquence\Desktop\frontandrearlistings_advance.tdb
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/02 13:25:07 | 000,189,853 | ---- | M] () -- C:\Users\Cquence\Desktop\ChCjJ.jpg
[2012/06/19 07:51:04 | 005,462,830 | ---- | M] () -- C:\Users\Cquence\Desktop\08-Waiting-For-The-End.mp3

========== Files Created - No Company Name ==========

[2012/07/13 10:03:03 | 247,338,460 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/13 09:56:18 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\00000008.@
[2012/07/13 09:56:16 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\80000032.@
[2012/07/13 09:56:16 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\80000064.@
[2012/07/13 09:56:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\80000000.@
[2012/07/13 09:55:57 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\00000004.@
[2012/07/13 09:55:57 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\000000cb.@
[2012/07/13 09:55:57 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L\00000004.@
[2012/07/10 10:17:08 | 112,869,376 | ---- | C] () -- C:\Users\Cquence\Desktop\frontandrearlistings_advance.tdb
[2012/07/02 13:25:06 | 000,189,853 | ---- | C] () -- C:\Users\Cquence\Desktop\ChCjJ.jpg
[2012/06/19 07:50:23 | 005,462,830 | ---- | C] () -- C:\Users\Cquence\Desktop\08-Waiting-For-The-End.mp3
[2012/04/26 08:49:07 | 000,004,096 | -H-- | C] () -- C:\Users\Cquence\AppData\Local\keyfile3.drm
[2012/04/25 11:19:02 | 000,756,504 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/22 16:09:58 | 000,000,218 | ---- | C] () -- C:\Users\Cquence\.recently-used.xbel
[2011/10/26 09:26:11 | 000,001,601 | ---- | C] () -- C:\Users\Cquence\Profiles - Shortcut.lnk
[2011/01/03 09:57:30 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2009/07/13 16:22:13 | 000,002,048 | -HS- | C] () -- C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\@

========== LOP Check ==========

[2010/08/07 11:57:04 | 000,000,000 | ---D | M] -- C:\Users\Cquence\AppData\Roaming\.minecraft
[2012/07/13 15:33:46 | 000,000,000 | ---D | M] -- C:\Users\Cquence\AppData\Roaming\.purple
[2011/06/10 13:28:26 | 000,000,000 | ---D | M] -- C:\Users\Cquence\AppData\Roaming\ASUS
[2011/06/10 13:28:54 | 000,000,000 | ---D | M] -- C:\Users\Cquence\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
[2010/09/21 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\Cquence\AppData\Roaming\enchant
[2012/03/22 09:52:51 | 000,000,000 | ---D | M] -- C:\Users\Cquence\AppData\Roaming\gtk-2.0
[2011/06/10 13:28:56 | 000,000,000 | ---D | M] -- C:\Users\Cquence\AppData\Roaming\Outlook
[2012/07/13 15:29:02 | 000,000,000 | ---D | M] -- C:\Users\Cquence\AppData\Roaming\Spotify
[2012/06/27 10:58:19 | 000,000,000 | ---D | M] -- C:\Users\Cquence\AppData\Roaming\uTorrent
[2011/11/07 09:32:08 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 7/16/2012 11:30:32 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Cquence\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 72.52% Memory free
7.74 Gb Paging File | 6.56 Gb Available in Paging File | 84.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 616.45 Gb Free Space | 88.24% Space Free | Partition Type: NTFS

Computer Name: CQUENCE2-PC | User Name: Cquence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1C336D20-A089-4818-9C56-96AD81BF5A11}" = PANTECH USB Modem V2
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9D2795DC-59E3-4E75-B59D-D23A6A18CE9C}" = ASUS Android USB Drivers
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"CutePDF Writer Installation" = CutePDF Writer 2.8
"HECI" = Intel® Management Engine Interface
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.0.0
"MESOL" = Intel® Active Management Technology
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2AE0B374-90DA-416C-9AF9-436585FD34DD}" = ASUS Sync
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM Beta2
"{66332652-9C28-58B1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL.Policy (x86) WinSXS MSM Beta2
"{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM Beta2
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{7A35242F-5DA2-4933-A8B5-ADC32A7EEEC1}" = Talking Pictures Automotive Catalog
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM Beta2
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM Beta2
"{99E460C7-5FE4-44d3-82D5-BD7F7AF04C59}" = TalkSwitch 6.12
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM Beta2
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.18.0001
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBC8295F-BFB4-4DFB-9248-9A8804C1DC48}" = VZAccess Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF72E0A5-57E8-471F-837E-82BB19771363}" = REALTEK RTL8185 Wireless LAN Software
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Cisco Connect" = Cisco Connect
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"hon" = Heroes of Newerth
"InstallShield_{7A35242F-5DA2-4933-A8B5-ADC32A7EEEC1}" = Talking Pictures Automotive Catalog
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pidgin" = Pidgin
"Postal 2_is1" = Portal 2
"ShortKeys Lite" = ShortKeys Lite
"Spotify" = Spotify
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.1.4
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2012 1:07:22 PM | Computer Name = Cquence2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Cquence\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 7/13/2012 1:07:36 PM | Computer Name = Cquence2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Cquence\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 7/13/2012 1:09:22 PM | Computer Name = Cquence2-PC | Source = MSSQL$TALKPIC | ID = 19011
Description =

Error - 7/13/2012 1:12:38 PM | Computer Name = Cquence2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Cquence\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 7/13/2012 2:30:25 PM | Computer Name = Cquence2-PC | Source = Application Hang | ID = 1002
Description = The program Tl.exe version 9.9.102.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: bbc Start Time:
01cd6122ca06bb20 Termination Time: 32 Application Path: C:\Program Files (x86)\eBay\Turbo
Lister2\Tl.exe Report Id: ccc98683-cd18-11e1-8115-002170465213

Error - 7/13/2012 2:55:37 PM | Computer Name = Cquence2-PC | Source = Application Hang | ID = 1002
Description = The program Tl.exe version 9.9.102.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: e1c Start Time:
01cd612593303990 Termination Time: 37 Application Path: C:\Program Files (x86)\eBay\Turbo
Lister2\Tl.exe Report Id: 541a68ab-cd1c-11e1-8115-002170465213

Error - 7/13/2012 3:15:06 PM | Computer Name = Cquence2-PC | Source = Application Hang | ID = 1002
Description = The program Tl.exe version 9.9.102.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 12e0 Start Time:
01cd61291c009565 Termination Time: 58 Application Path: C:\Program Files (x86)\eBay\Turbo
Lister2\Tl.exe Report Id: 0cbd9e89-cd1f-11e1-8115-002170465213

Error - 7/13/2012 4:01:00 PM | Computer Name = Cquence2-PC | Source = Application Hang | ID = 1002
Description = The program Tl.exe version 9.9.102.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 3cc Start Time:
01cd612bd2ea7c0d Termination Time: 33 Application Path: C:\Program Files (x86)\eBay\Turbo
Lister2\Tl.exe Report Id: 76566b09-cd25-11e1-8115-002170465213

Error - 7/13/2012 6:15:22 PM | Computer Name = Cquence2-PC | Source = Application Hang | ID = 1002
Description = The program Tl.exe version 9.9.102.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: c18 Start Time:
01cd6133f0b6e511 Termination Time: 31 Application Path: C:\Program Files (x86)\eBay\Turbo
Lister2\Tl.exe Report Id: 3bab635f-cd38-11e1-8115-002170465213

Error - 7/16/2012 10:39:54 AM | Computer Name = Cquence2-PC | Source = MSSQL$TALKPIC | ID = 19011
Description =

[ OSession Events ]
Error - 12/23/2010 3:57:11 PM | Computer Name = Cquence2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12947
seconds with 2400 seconds of active time. This session ended with a crash.

Error - 1/17/2011 2:08:28 PM | Computer Name = Cquence2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7081
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 2/2/2011 7:54:22 PM | Computer Name = Cquence2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5060
seconds with 480 seconds of active time. This session ended with a crash.

Error - 2/16/2011 2:55:30 PM | Computer Name = Cquence2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8158
seconds with 720 seconds of active time. This session ended with a crash.

Error - 3/30/2011 9:04:58 PM | Computer Name = Cquence2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27732
seconds with 240 seconds of active time. This session ended with a crash.

Error - 5/25/2011 12:46:19 PM | Computer Name = Cquence2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4749
seconds with 780 seconds of active time. This session ended with a crash.

Error - 8/11/2011 8:20:29 PM | Computer Name = Cquence2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30977
seconds with 3600 seconds of active time. This session ended with a crash.

Error - 11/21/2011 3:17:33 PM | Computer Name = Cquence2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10571
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 12/9/2011 5:20:09 PM | Computer Name = Cquence2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16282
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 1/16/2012 12:38:48 PM | Computer Name = Cquence2-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 831
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/1/2011 4:47:10 PM | Computer Name = Cquence2-PC | Source = bowser | ID = 8003
Description =

Error - 6/1/2011 5:23:08 PM | Computer Name = Cquence2-PC | Source = bowser | ID = 8003
Description =

Error - 6/1/2011 5:59:10 PM | Computer Name = Cquence2-PC | Source = bowser | ID = 8003
Description =

Error - 6/1/2011 6:23:10 PM | Computer Name = Cquence2-PC | Source = bowser | ID = 8003
Description =

Error - 6/1/2011 6:59:12 PM | Computer Name = Cquence2-PC | Source = bowser | ID = 8003
Description =

Error - 6/1/2011 7:35:15 PM | Computer Name = Cquence2-PC | Source = bowser | ID = 8003
Description =

Error - 6/2/2011 6:30:08 AM | Computer Name = Cquence2-PC | Source = Serial | ID = 393261
Description = The serial driver detected a hardware failure on device \Device\Serial0
and will disable this device.

Error - 6/3/2011 11:18:56 AM | Computer Name = Cquence2-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 5.236.180.112. The computer with the IP address 5.236.14.122 did
not allow the name to be claimed by this computer.

Error - 6/6/2011 9:21:31 PM | Computer Name = Cquence2-PC | Source = bowser | ID = 8003
Description =

Error - 6/7/2011 6:51:57 AM | Computer Name = Cquence2-PC | Source = Serial | ID = 393261
Description = The serial driver detected a hardware failure on device \Device\Serial0
and will disable this device.


< End of report >

#6 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 16 July 2012 - 02:12 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 11:37:16
-----------------------------
11:37:16.840 OS Version: Windows x64 6.1.7600
11:37:16.840 Number of processors: 2 586 0x1706
11:37:16.841 ComputerName: CQUENCE2-PC UserName: Cquence
11:37:18.869 Initialize success
11:46:30.411 AVAST engine defs: 12071600
11:47:37.417 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
11:47:37.420 Disk 0 Vendor: ST3750640AS 3.AAE Size: 715404MB BusType: 11
11:47:37.427 Disk 0 MBR read successfully
11:47:37.429 Disk 0 MBR scan
11:47:37.443 Disk 0 Windows 7 default MBR code
11:47:37.456 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 2048
11:47:37.473 Disk 0 scanning C:\Windows\system32\drivers
11:47:43.472 Service scanning
11:47:57.363 Modules scanning
11:47:57.367 Disk 0 trace - called modules:
11:47:57.378 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:47:57.380 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800479a360]
11:47:57.383 3 CLASSPNP.SYS[fffff8800187c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004216680]
11:47:59.561 AVAST engine scan C:\Windows
11:48:01.552 AVAST engine scan C:\Windows\system32
11:49:11.156 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:49:12.241 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:49:37.561 AVAST engine scan C:\Windows\system32\drivers
11:49:45.150 AVAST engine scan C:\Users\Cquence
11:54:07.668 Disk 0 MBR has been saved successfully to "C:\Users\Cquence\Desktop\MBR.dat"
11:54:07.669 The log file has been saved successfully to "C:\Users\Cquence\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 11:54:23
-----------------------------
11:54:23.037 OS Version: Windows x64 6.1.7600
11:54:23.038 Number of processors: 2 586 0x1706
11:54:23.038 ComputerName: CQUENCE2-PC UserName: Cquence
11:54:24.288 Initialize success
11:54:27.715 AVAST engine defs: 12071600
11:54:59.871 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
11:54:59.873 Disk 0 Vendor: ST3750640AS 3.AAE Size: 715404MB BusType: 11
11:54:59.905 Disk 0 MBR read successfully
11:54:59.907 Disk 0 MBR scan
11:54:59.909 Disk 0 Windows 7 default MBR code
11:54:59.917 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 2048
11:54:59.952 Disk 0 scanning C:\Windows\system32\drivers
11:55:10.997 Service scanning
11:55:25.004 Modules scanning
11:55:25.008 Disk 0 trace - called modules:
11:55:25.019 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:55:25.021 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800479a360]
11:55:25.024 3 CLASSPNP.SYS[fffff8800187c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004216680]
11:55:26.628 AVAST engine scan C:\Windows
11:55:31.726 AVAST engine scan C:\Windows\system32
11:56:48.685 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:56:49.895 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:57:18.072 AVAST engine scan C:\Windows\system32\drivers
11:57:25.602 AVAST engine scan C:\Users\Cquence
12:07:32.214 AVAST engine scan C:\ProgramData
12:08:30.526 Scan finished successfully
12:09:51.324 Disk 0 MBR has been saved successfully to "C:\Users\Cquence\Desktop\MBR.dat"
12:09:51.324 The log file has been saved successfully to "C:\Users\Cquence\Desktop\aswMBR.txt"

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 PM

Posted 16 July 2012 - 05:49 PM

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#8 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 18 July 2012 - 04:08 PM

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 18-07-2012 14:03:32
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Cquence\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Cquence\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [x]
HKU\Cquence\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17425584 2012-06-14] (Skype Technologies S.A.)
HKU\Cquence\...\Run: [Spotify Web Helper] "C:\Users\Cquence\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1192664 2012-06-28] ()
HKU\Cquence\...\Run: [Apps] rundll32.exe "C:\Users\Cquence\AppData\Local\Downloaded Installations\Apps\tvzjqlnhf.dll",CreateInstance [566784 2012-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico ()
Startup: C:\Users\Cquence\Start Menu\Programs\Startup\ShortKeys 2.lnk
ShortcutTarget: ShortKeys 2.lnk -> C:\Program Files (x86)\ShortKeys2\shklite.exe (Insight Software Solutions)

==================== Services (Whitelisted) ======

2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 MSSQL$TALKPIC; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$TALKPIC\Binn\sqlservr.exe -sTALKPIC [7520337 2002-12-17] (Microsoft Corporation)
3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
2 Realtek8185; C:\Program Files (x86)\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek)
3 SQLAgent$TALKPIC; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$TALKPIC\Binn\sqlagent.EXE -i TALKPIC [311872 2002-12-17] (Microsoft Corporation)
2 TSUDPLogger; "C:\Program Files (x86)\TalkSwitch\UDPLogger\UDPLogger.exe" [193808 2010-10-01] ()
2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel)

========================== Drivers (Whitelisted) =============

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 PTUMWBus; C:\Windows\System32\Drivers\PTUMWBus.sys [71056 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWCDF; C:\Windows\System32\Drivers\PTUMWCDF.sys [24976 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWCSP; C:\Windows\System32\Drivers\PTUMWCSP.sys [173456 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMWFLT; C:\Windows\System32\Drivers\PTUMWFLT.sys [12688 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWMdm; C:\Windows\System32\Drivers\PTUMWMdm.sys [173456 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMWNET; C:\Windows\System32\Drivers\PTUMWNET.sys [144912 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWNSP; C:\Windows\System32\Drivers\PTUMWNSP.sys [173456 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMWVsp; C:\Windows\System32\Drivers\PTUMWVsp.sys [173456 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 SMSIVZAM5X64; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-18 14:03 - 2012-07-18 14:03 - 00000000 ____D C:\FRST
2012-07-17 06:59 - 2012-07-17 07:00 - 01437107 ____A (Farbar) C:\Users\Cquence\Downloads\FRST64.exe
2012-07-16 10:54 - 2012-07-16 11:09 - 00003774 ____A C:\Users\Cquence\Desktop\aswMBR.txt
2012-07-16 10:54 - 2012-07-16 11:09 - 00000512 ____A C:\Users\Cquence\Desktop\MBR.dat
2012-07-16 10:34 - 2012-07-16 10:34 - 00051478 ____A C:\Users\Cquence\Downloads\Extras.Txt
2012-07-16 10:33 - 2012-07-16 10:33 - 00106080 ____A C:\Users\Cquence\Downloads\OTL.Txt
2012-07-16 07:19 - 2012-07-16 07:19 - 04731392 ____A (AVAST Software) C:\Users\Cquence\Downloads\aswMBR.exe
2012-07-16 07:18 - 2012-07-16 07:19 - 00596480 ____A (OldTimer Tools) C:\Users\Cquence\Downloads\OTL.exe
2012-07-13 09:12 - 2012-07-13 09:13 - 00000000 ____D C:\Users\All Users\SUPERSetup
2012-07-13 09:03 - 2012-07-13 09:03 - 247338460 ____A C:\Windows\MEMORY.DMP
2012-07-13 09:03 - 2012-07-13 09:03 - 00271840 ____A C:\Windows\Minidump\071312-19359-01.dmp
2012-07-13 09:03 - 2012-07-13 09:03 - 00000000 ____D C:\Windows\Minidump
2012-07-13 08:49 - 2012-07-13 08:54 - 00000000 ____D C:\Qoobox
2012-07-13 08:49 - 2012-07-13 08:49 - 00000000 ____D C:\Windows\erdnt
2012-07-13 08:32 - 2012-07-13 08:54 - 00000000 ___SD C:\32788R22FWJFW
2012-07-13 08:31 - 2012-07-13 08:32 - 00004151 ____A C:\Users\Cquence\Downloads\FSS.txt
2012-07-12 12:04 - 2012-07-12 12:04 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-07-11 13:16 - 2012-07-11 13:16 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-10 12:18 - 2012-07-10 12:25 - 33283536 ____A (eBay Inc. ) C:\Users\Cquence\Downloads\setupUS.exe
2012-07-10 09:17 - 2012-07-10 09:17 - 112869376 ____A C:\Users\Cquence\Desktop\frontandrearlistings_advance.tdb
2012-06-27 08:52 - 2012-06-27 10:24 - 00000000 ____D C:\Users\Cquence\Downloads\Linkin Park - LIVING THINGS

============ 3 Months Modified Files ========================

2012-07-18 13:00 - 2012-04-21 14:12 - 00016160 ____A C:\Users\All Users\UDPLogger.log
2012-07-18 13:00 - 2010-05-10 21:11 - 01489589 ____A C:\Windows\WindowsUpdate.log
2012-07-18 12:59 - 2011-02-21 09:16 - 11141120 ____A C:\Users\Cquence\Documents\Motorsports.mdb
2012-07-18 12:45 - 2010-05-11 07:36 - 4195427328 ____A C:\Users\Cquence\Documents\Outlook.pst
2012-07-18 12:42 - 2011-09-26 10:12 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3760198039-1548763481-595784584-1000UA.job
2012-07-18 12:31 - 2012-06-12 06:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 06:38 - 2009-07-13 20:51 - 00099678 ____A C:\Windows\setupact.log
2012-07-17 19:55 - 2011-09-26 10:12 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3760198039-1548763481-595784584-1000Core.job
2012-07-17 10:04 - 2012-05-09 08:26 - 00216064 ____A C:\Users\Cquence\Desktop\MM List CQuence File 5-2012.xls
2012-07-17 07:00 - 2012-07-17 06:59 - 01437107 ____A (Farbar) C:\Users\Cquence\Downloads\FRST64.exe
2012-07-17 06:47 - 2009-07-13 21:13 - 00765812 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-16 11:21 - 2009-07-13 20:45 - 00020720 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-16 11:21 - 2009-07-13 20:45 - 00020720 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-16 11:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-16 11:09 - 2012-07-16 10:54 - 00003774 ____A C:\Users\Cquence\Desktop\aswMBR.txt
2012-07-16 11:09 - 2012-07-16 10:54 - 00000512 ____A C:\Users\Cquence\Desktop\MBR.dat
2012-07-16 10:34 - 2012-07-16 10:34 - 00051478 ____A C:\Users\Cquence\Downloads\Extras.Txt
2012-07-16 10:33 - 2012-07-16 10:33 - 00106080 ____A C:\Users\Cquence\Downloads\OTL.Txt
2012-07-16 09:42 - 2011-12-09 10:25 - 00000150 ____A C:\Users\Cquence\Desktop\12911.csv
2012-07-16 07:19 - 2012-07-16 07:19 - 04731392 ____A (AVAST Software) C:\Users\Cquence\Downloads\aswMBR.exe
2012-07-16 07:19 - 2012-07-16 07:18 - 00596480 ____A (OldTimer Tools) C:\Users\Cquence\Downloads\OTL.exe
2012-07-13 09:03 - 2012-07-13 09:03 - 247338460 ____A C:\Windows\MEMORY.DMP
2012-07-13 09:03 - 2012-07-13 09:03 - 00271840 ____A C:\Windows\Minidump\071312-19359-01.dmp
2012-07-13 08:32 - 2012-07-13 08:31 - 00004151 ____A C:\Users\Cquence\Downloads\FSS.txt
2012-07-12 12:02 - 2010-05-26 08:46 - 00009252 ____A C:\Windows\PFRO.log
2012-07-11 13:33 - 2012-04-02 07:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 13:33 - 2011-05-17 07:43 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-10 12:30 - 2010-08-18 14:29 - 00002243 ____A C:\InstallHelper.log
2012-07-10 12:29 - 2010-08-18 15:59 - 00002045 ____A C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
2012-07-10 12:25 - 2012-07-10 12:18 - 33283536 ____A (eBay Inc. ) C:\Users\Cquence\Downloads\setupUS.exe
2012-07-10 09:17 - 2012-07-10 09:17 - 112869376 ____A C:\Users\Cquence\Desktop\frontandrearlistings_advance.tdb
2012-07-03 12:46 - 2010-07-20 10:21 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-19 08:34 - 2012-05-08 13:48 - 00012365 ____A C:\Users\Cquence\Desktop\Stock Rotors 5-8.xlsx
2012-06-13 13:46 - 2012-06-13 13:47 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-13 13:46 - 2012-06-13 13:47 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-13 13:46 - 2012-06-13 13:47 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-13 13:46 - 2012-06-13 13:47 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-13 13:46 - 2011-03-02 13:30 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-13 13:03 - 2012-06-13 13:00 - 21869488 ____A (Oracle Corporation) C:\Users\Cquence\Downloads\jre-7u5-windows-x64.exe
2012-05-14 10:06 - 2010-05-12 10:45 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-05-02 07:56 - 2012-04-25 10:19 - 00756504 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-02 07:56 - 2012-04-25 10:18 - 00020480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cliconfg.728
2012-05-02 07:56 - 2012-04-25 10:18 - 00019311 ____A C:\Windows\dasetup.log
2012-05-02 07:56 - 2012-04-25 10:18 - 00000916 ____A C:\Windows\dahotfix.log
2012-05-01 10:44 - 2012-05-01 10:44 - 00016361 ____A C:\Users\Cquence\Documents\hs_err_pid3656.log
2012-04-26 07:49 - 2012-04-26 07:49 - 00004096 ___AH C:\Users\Cquence\AppData\Local\keyfile3.drm
2012-04-25 11:44 - 2012-04-25 11:44 - 00214016 ____A C:\Users\Cquence\Desktop\Friction Product File 5-2011Doc.xls
2012-04-21 14:09 - 2012-04-21 13:55 - 40614640 ____A (TalkSwitch) C:\Users\Cquence\Downloads\TSM612089_US.exe

ZeroAccess:
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L\00000004.@
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\00000004.@
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\000000cb.@
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\80000064.@

ZeroAccess:
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\@
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3965.61 MB
Available physical RAM: 3393.96 MB
Total Pagefile: 3963.76 MB
Available Pagefile: 3379.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:698.63 GB) (Free:615.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 698 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 3818 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-09 15:06

======================= End Of Log ==========================

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 PM

Posted 18 July 2012 - 05:31 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L\00000004.@
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\00000004.@
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\000000cb.@
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\80000064.@
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\@
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press the Fix button just once and wait.
[*]The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.[/list]
Please also run FRST again and post the new log.
Posted Image
m0le is a proud member of UNITE

#10 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 20 July 2012 - 03:49 PM

I got a BSOD after the restart, so I used windows repair to repair startup. Hmmmm....


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-20 13:40:12 Run:1
Running from E:\

==============================================

C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa} moved successfully.
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L not found.
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U not found.
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L\00000004.@ not found.
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\00000004.@ not found.
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\000000cb.@ not found.
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\80000064.@ not found.
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa} moved successfully.
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\@ not found.
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L not found.
C:\Users\Cquence\AppData\Local\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. not found.
C:\Windows\System32\services.exe moved successfully.

==== End of Fixlog ====

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 PM

Posted 20 July 2012 - 08:01 PM

I got a BSOD after the restart, so I used windows repair to repair startup. Hmmmm....


That BSOD often happens when we remove those group of ZeroAccess files. If the startup is now okay after the repair please run FRST again and post the log. Let's see if anything remains.
Posted Image
m0le is a proud member of UNITE

#12 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 23 July 2012 - 05:37 PM

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 23-07-2012 15:29:31
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Cquence\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Cquence\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [x]
HKU\Cquence\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17425584 2012-06-14] (Skype Technologies S.A.)
HKU\Cquence\...\Run: [Spotify Web Helper] "C:\Users\Cquence\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-07-23] ()
HKU\Cquence\...\Run: [Apps] rundll32.exe "C:\Users\Cquence\AppData\Local\Downloaded Installations\Apps\tvzjqlnhf.dll",CreateInstance [566784 2012-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico ()
Startup: C:\Users\Cquence\Start Menu\Programs\Startup\ShortKeys 2.lnk
ShortcutTarget: ShortKeys 2.lnk -> C:\Program Files (x86)\ShortKeys2\shklite.exe (Insight Software Solutions)

==================== Services (Whitelisted) ======

2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 MSSQL$TALKPIC; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$TALKPIC\Binn\sqlservr.exe -sTALKPIC [7520337 2002-12-17] (Microsoft Corporation)
3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
2 Realtek8185; C:\Program Files (x86)\REALTEK\RTL8185 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek)
3 SQLAgent$TALKPIC; C:\Program Files (x86)\Microsoft SQL Server\MSSQL$TALKPIC\Binn\sqlagent.EXE -i TALKPIC [311872 2002-12-17] (Microsoft Corporation)
2 TSUDPLogger; "C:\Program Files (x86)\TalkSwitch\UDPLogger\UDPLogger.exe" [193808 2010-10-01] ()
2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel)

========================== Drivers (Whitelisted) =============

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 PTUMWBus; C:\Windows\System32\Drivers\PTUMWBus.sys [71056 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWCDF; C:\Windows\System32\Drivers\PTUMWCDF.sys [24976 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWCSP; C:\Windows\System32\Drivers\PTUMWCSP.sys [173456 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMWFLT; C:\Windows\System32\Drivers\PTUMWFLT.sys [12688 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWMdm; C:\Windows\System32\Drivers\PTUMWMdm.sys [173456 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMWNET; C:\Windows\System32\Drivers\PTUMWNET.sys [144912 2009-10-26] (DEVGURU Co., LTD.)
3 PTUMWNSP; C:\Windows\System32\Drivers\PTUMWNSP.sys [173456 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMWVsp; C:\Windows\System32\Drivers\PTUMWVsp.sys [173456 2009-10-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 SMSIVZAM5X64; \??\C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-23 14:25 - 2012-07-18 13:04 - 00015389 ____A C:\Users\Cquence\Desktop\FRST.txt
2012-07-23 06:57 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-18 14:03 - 2012-07-18 14:03 - 00000000 ____D C:\FRST
2012-07-17 06:59 - 2012-07-17 07:00 - 01437107 ____A (Farbar) C:\Users\Cquence\Downloads\FRST64.exe
2012-07-16 10:54 - 2012-07-16 11:09 - 00003774 ____A C:\Users\Cquence\Desktop\aswMBR.txt
2012-07-16 10:54 - 2012-07-16 11:09 - 00000512 ____A C:\Users\Cquence\Desktop\MBR.dat
2012-07-16 10:34 - 2012-07-16 10:34 - 00051478 ____A C:\Users\Cquence\Downloads\Extras.Txt
2012-07-16 10:33 - 2012-07-16 10:33 - 00106080 ____A C:\Users\Cquence\Downloads\OTL.Txt
2012-07-16 07:19 - 2012-07-16 07:19 - 04731392 ____A (AVAST Software) C:\Users\Cquence\Downloads\aswMBR.exe
2012-07-16 07:18 - 2012-07-16 07:19 - 00596480 ____A (OldTimer Tools) C:\Users\Cquence\Downloads\OTL.exe
2012-07-13 09:12 - 2012-07-13 09:13 - 00000000 ____D C:\Users\All Users\SUPERSetup
2012-07-13 09:03 - 2012-07-13 09:03 - 247338460 ____A C:\Windows\MEMORY.DMP
2012-07-13 09:03 - 2012-07-13 09:03 - 00271840 ____A C:\Windows\Minidump\071312-19359-01.dmp
2012-07-13 09:03 - 2012-07-13 09:03 - 00000000 ____D C:\Windows\Minidump
2012-07-13 08:49 - 2012-07-13 08:54 - 00000000 ____D C:\Qoobox
2012-07-13 08:49 - 2012-07-13 08:49 - 00000000 ____D C:\Windows\erdnt
2012-07-13 08:32 - 2012-07-13 08:54 - 00000000 ___SD C:\32788R22FWJFW
2012-07-13 08:31 - 2012-07-13 08:32 - 00004151 ____A C:\Users\Cquence\Downloads\FSS.txt
2012-07-12 12:04 - 2012-07-12 12:04 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-07-11 13:16 - 2012-07-11 13:16 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-10 12:18 - 2012-07-10 12:25 - 33283536 ____A (eBay Inc. ) C:\Users\Cquence\Downloads\setupUS.exe
2012-07-10 09:17 - 2012-07-10 09:17 - 112869376 ____A C:\Users\Cquence\Desktop\frontandrearlistings_advance.tdb
2012-06-27 08:52 - 2012-06-27 10:24 - 00000000 ____D C:\Users\Cquence\Downloads\Linkin Park - LIVING THINGS

============ 3 Months Modified Files ========================

2012-07-23 14:27 - 2012-04-21 14:12 - 00019027 ____A C:\Users\All Users\UDPLogger.log
2012-07-23 14:27 - 2010-05-10 21:11 - 01499932 ____A C:\Windows\WindowsUpdate.log
2012-07-23 14:24 - 2010-05-11 07:36 - 4226409472 ____A C:\Users\Cquence\Documents\Outlook.pst
2012-07-23 14:15 - 2011-02-21 09:16 - 11141120 ____A C:\Users\Cquence\Documents\Motorsports.mdb
2012-07-23 13:42 - 2011-09-26 10:12 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3760198039-1548763481-595784584-1000UA.job
2012-07-23 13:31 - 2012-06-12 06:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-23 07:09 - 2009-07-13 20:45 - 00020720 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-23 07:09 - 2009-07-13 20:45 - 00020720 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-23 07:02 - 2009-07-13 21:13 - 00765812 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-23 06:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-23 06:56 - 2009-07-13 20:51 - 00099734 ____A C:\Windows\setupact.log
2012-07-23 06:55 - 2010-05-26 08:46 - 00009584 ____A C:\Windows\PFRO.log
2012-07-20 12:46 - 2011-09-26 10:12 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3760198039-1548763481-595784584-1000Core.job
2012-07-18 13:04 - 2012-07-23 14:25 - 00015389 ____A C:\Users\Cquence\Desktop\FRST.txt
2012-07-17 10:04 - 2012-05-09 08:26 - 00216064 ____A C:\Users\Cquence\Desktop\MM List CQuence File 5-2012.xls
2012-07-17 07:00 - 2012-07-17 06:59 - 01437107 ____A (Farbar) C:\Users\Cquence\Downloads\FRST64.exe
2012-07-16 11:09 - 2012-07-16 10:54 - 00003774 ____A C:\Users\Cquence\Desktop\aswMBR.txt
2012-07-16 11:09 - 2012-07-16 10:54 - 00000512 ____A C:\Users\Cquence\Desktop\MBR.dat
2012-07-16 10:34 - 2012-07-16 10:34 - 00051478 ____A C:\Users\Cquence\Downloads\Extras.Txt
2012-07-16 10:33 - 2012-07-16 10:33 - 00106080 ____A C:\Users\Cquence\Downloads\OTL.Txt
2012-07-16 09:42 - 2011-12-09 10:25 - 00000150 ____A C:\Users\Cquence\Desktop\12911.csv
2012-07-16 07:19 - 2012-07-16 07:19 - 04731392 ____A (AVAST Software) C:\Users\Cquence\Downloads\aswMBR.exe
2012-07-16 07:19 - 2012-07-16 07:18 - 00596480 ____A (OldTimer Tools) C:\Users\Cquence\Downloads\OTL.exe
2012-07-13 09:03 - 2012-07-13 09:03 - 247338460 ____A C:\Windows\MEMORY.DMP
2012-07-13 09:03 - 2012-07-13 09:03 - 00271840 ____A C:\Windows\Minidump\071312-19359-01.dmp
2012-07-13 08:32 - 2012-07-13 08:31 - 00004151 ____A C:\Users\Cquence\Downloads\FSS.txt
2012-07-11 13:33 - 2012-04-02 07:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 13:33 - 2011-05-17 07:43 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-10 12:30 - 2010-08-18 14:29 - 00002243 ____A C:\InstallHelper.log
2012-07-10 12:29 - 2010-08-18 15:59 - 00002045 ____A C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk
2012-07-10 12:25 - 2012-07-10 12:18 - 33283536 ____A (eBay Inc. ) C:\Users\Cquence\Downloads\setupUS.exe
2012-07-10 09:17 - 2012-07-10 09:17 - 112869376 ____A C:\Users\Cquence\Desktop\frontandrearlistings_advance.tdb
2012-07-03 12:46 - 2010-07-20 10:21 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-19 08:34 - 2012-05-08 13:48 - 00012365 ____A C:\Users\Cquence\Desktop\Stock Rotors 5-8.xlsx
2012-06-13 13:46 - 2012-06-13 13:47 - 00955840 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-13 13:46 - 2012-06-13 13:47 - 00268720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-13 13:46 - 2012-06-13 13:47 - 00189360 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-13 13:46 - 2012-06-13 13:47 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-13 13:46 - 2011-03-02 13:30 - 00839096 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-13 13:03 - 2012-06-13 13:00 - 21869488 ____A (Oracle Corporation) C:\Users\Cquence\Downloads\jre-7u5-windows-x64.exe
2012-05-14 10:06 - 2010-05-12 10:45 - 00000426 ____A C:\Windows\BRWMARK.INI
2012-05-02 07:56 - 2012-04-25 10:19 - 00756504 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-02 07:56 - 2012-04-25 10:18 - 00020480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cliconfg.728
2012-05-02 07:56 - 2012-04-25 10:18 - 00019311 ____A C:\Windows\dasetup.log
2012-05-02 07:56 - 2012-04-25 10:18 - 00000916 ____A C:\Windows\dahotfix.log
2012-05-01 10:44 - 2012-05-01 10:44 - 00016361 ____A C:\Users\Cquence\Documents\hs_err_pid3656.log
2012-04-26 07:49 - 2012-04-26 07:49 - 00004096 ___AH C:\Users\Cquence\AppData\Local\keyfile3.drm
2012-04-25 11:44 - 2012-04-25 11:44 - 00214016 ____A C:\Users\Cquence\Desktop\Friction Product File 5-2011Doc.xls

ZeroAccess:
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L\00000004.@
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\00000004.@
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\000000cb.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Possible MBR infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3965.59 MB
Available physical RAM: 3393.9 MB
Total Pagefile: 3963.74 MB
Available Pagefile: 3380.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:698.63 GB) (Free:613.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 698 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 3818 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-09 15:06

======================= End Of Log ==========================

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 PM

Posted 23 July 2012 - 06:13 PM

Let's replace the infected file instead of deleting it.

Plug the flashdrive with FRST on it into the infected PC.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L\00000004.@
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\00000004.@
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\000000cb.@
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it in your reply.
Posted Image
m0le is a proud member of UNITE

#14 atcmonke

atcmonke
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 24 July 2012 - 05:45 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-24 15:40:55 Run:2
Running from E:\

==============================================

C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa} moved successfully.
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L not found.
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U not found.
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\L\00000004.@ not found.
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\00000004.@ not found.
C:\Windows\Installer\{c103860d-dc85-e0b0-6c60-a7655e3744fa}\U\000000cb.@ not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

oh and no BSOD this time.

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:46 PM

Posted 24 July 2012 - 07:26 PM

Good. Please run MBAM now

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users