Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups in lower left & right corners; occasional redirect


  • This topic is locked This topic is locked
7 replies to this topic

#1 DingleberrySalad

DingleberrySalad

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 27 November 2012 - 03:21 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_31
Run by Spencer at 14:05:23 on 2012-11-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.1559 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\msisear.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Spencer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Q:\140066.enu\Office14\OffSpon.EXE
C:\windows\splwow64.exe
C:\windows\system32\calc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [EPSON NX110 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIFBA.EXE /FU "C:\windows\TEMP\E_SB164.tmp" /EF "HKCU"
uRun: [Spotify] "C:\Users\Spencer\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Google Update] "C:\Users\Spencer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [Spotify Web Helper] "C:\Users\Spencer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [kmbnqcjctgtavmp] C:\ProgramData\kmbnqcjc.exe
uRun: [Facebook Update] "C:\Users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [stifolo] rundll32 "C:\Users\Spencer\AppData\Local\stifolo.dll",stifolo
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 134.193.83.4 134.193.159.52 134.193.1.2
TCP: Interfaces\{632C2F7A-FBE2-4133-8DDD-B9A36B62CC25} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{78867215-718F-4C6B-9939-F4ACD8340359} : DHCPNameServer = 134.193.83.4 134.193.159.52 134.193.1.2
TCP: Interfaces\{78867215-718F-4C6B-9939-F4ACD8340359}\058656E676723702E4564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{78867215-718F-4C6B-9939-F4ACD8340359}\05C6169716361627020516C6163656 : DHCPNameServer = 8.8.8.8 8.8.8.4
TCP: Interfaces\{78867215-718F-4C6B-9939-F4ACD8340359}\24572626C65637 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{78867215-718F-4C6B-9939-F4ACD8340359}\47D6F62696C656 : DHCPNameServer = 10.176.83.252 10.184.83.252
TCP: Interfaces\{78867215-718F-4C6B-9939-F4ACD8340359}\55D4B434C65676163697 : DHCPNameServer = 134.193.83.4 134.193.159.52 134.193.1.2
TCP: Interfaces\{78867215-718F-4C6B-9939-F4ACD8340359}\F4E6 : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 50.31.74.129 www.google-analytics.com.
Hosts: 50.31.74.129 ad-emea.doubleclick.net.
Hosts: 50.31.74.129 www.statcounter.com.
Hosts: 217.23.13.202 www.google-analytics.com.
Hosts: 217.23.13.202 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=114066&tt=3212_7&babsrc=HP_ss&mntrId=46931a6f000000000000001e64611dc5
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=114066&tt=3212_7&babsrc=KW_ss&mntrId=46931a6f000000000000001e64611dc5&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Spencer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Spencer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - 46931a6f000000000000001e64611dc5
FF - user.js: extensions.funmoods_i.instlDay - 15472
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:36:51
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114066&tt=3212_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 46931a6f000000000000001e64611dc5
FF - user.js: extensions.BabylonToolbar.instlDay - 15559
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.619:10:37
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2009-10-5 87600]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2010-5-3 13824]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/03 15:00:53];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2010-1-12 146928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-16 676936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2012-5-13 103440]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-2 2320920]
R2 W32Serv;Windows Search Scheduler;C:\Windows\msisear.exe [2012-11-20 307712]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-5-3 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-5-3 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-5-3 271872]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-8-16 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-3-17 7680512]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-4-5 39832]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2010-5-3 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-4 340240]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2012-11-20 09:00:04 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-11-20 08:58:19 307712 ----a-w- C:\windows\msisear.exe
2012-11-20 08:53:37 16896 ----a-w- C:\Users\Spencer\AppData\Local\stifolo.dll
2012-11-20 08:53:20 15360 ----a-w- C:\Users\Spencer\vzjyyrsofhfeewxk.exe
2012-11-20 08:53:17 366080 ----a-w- C:\Users\Spencer\htpopqywqtfvbcechuuptazfo.exe
2012-11-20 08:53:12 366080 ----a-w- C:\Users\Spencer\prhzfklokqlyd.exe
2012-11-17 05:47:16 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{40B4DE9B-5F56-495F-9AB3-172021E45F40}\mpengine.dll
2012-11-15 15:52:59 9728 ----a-w- C:\windows\System32\Wdfres.dll
2012-11-15 15:52:59 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2012-11-15 15:52:59 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2012-11-15 15:52:59 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 15:45:23 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2012-11-15 15:45:23 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2012-11-15 15:45:21 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2012-11-15 15:45:21 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2012-11-15 15:45:19 744448 ----a-w- C:\windows\System32\WUDFx.dll
2012-11-15 15:45:19 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2012-11-15 15:45:19 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2012-11-15 01:36:59 3147264 ----a-w- C:\windows\System32\win32k.sys
2012-11-15 01:36:53 95744 ----a-w- C:\windows\System32\synceng.dll
2012-11-15 01:36:52 78336 ----a-w- C:\windows\SysWow64\synceng.dll
2012-11-13 22:07:05 80024 ----a-w- C:\windows\SysWow64\PICSDK.dll
2012-11-13 22:07:05 51360 ----a-w- C:\windows\SysWow64\EpPicPrt.dll
2012-11-13 22:07:05 51360 ----a-w- C:\windows\SysWow64\EpPicMgr.dll
2012-11-13 22:07:05 501912 ----a-w- C:\windows\SysWow64\PICSDK2.dll
2012-11-13 22:07:05 108704 ----a-w- C:\windows\SysWow64\PICEntry.dll
2012-11-13 22:06:54 101376 ----a-w- C:\windows\System32\esxcwiad.dll
2012-11-13 22:06:54 -------- d-----w- C:\Program Files (x86)\epson
2012-11-04 07:20:50 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-11-04 07:20:21 -------- d-----w- C:\Program Files\iPod
2012-11-04 07:20:20 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-04 07:20:20 -------- d-----w- C:\Program Files\iTunes
2012-11-04 07:03:24 -------- d-----w- C:\Program Files (x86)\Notpod
.
==================== Find3M ====================
.
2012-10-25 09:12:26 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 09:12:26 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2012-10-09 11:54:47 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 11:54:47 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-09-30 00:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-14 19:23:40 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-08-31 18:02:20 1656688 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-30 18:11:29 5505904 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 14:06:51.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:16 PM

Posted 27 November 2012 - 06:06 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

I am currently working on instructions for you to complete. I should have something shortly for you.

-ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:16 PM

Posted 27 November 2012 - 06:49 PM

Hi,

Please run the following scan below for me:

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Edited by SweetTech, 27 November 2012 - 06:49 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 DingleberrySalad

DingleberrySalad
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 01 December 2012 - 11:49 PM

OTL logfile created on: 12/1/2012 5:52:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spencer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 55.12% Memory free
7.60 Gb Paging File | 5.35 Gb Available in Paging File | 70.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 52.26 Gb Free Space | 52.26% Space Free | Partition Type: NTFS
Drive D: | 350.66 Gb Total Space | 243.90 Gb Free Space | 69.55% Space Free | Partition Type: NTFS

Computer Name: SPENCER-PC | User Name: Spencer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Spencer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\msisear.exe ()
PRC - C:\Users\Spencer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Spencer\AppData\Local\stifolo.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (W32Serv) -- C:\Windows\msisear.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FastUserSwitchingCompatibility) -- C:\Windows\SysWOW64\FastUserSwitchingCompatibilityex.dll ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2950786308-227742302-1544317472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-2950786308-227742302-1544317472-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-2950786308-227742302-1544317472-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2950786308-227742302-1544317472-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2950786308-227742302-1544317472-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2950786308-227742302-1544317472-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=114066&tt=3212_7&babsrc=SP_ss&mntrId=46931a6f000000000000001e64611dc5
IE - HKU\S-1-5-21-2950786308-227742302-1544317472-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={0EADA9BA-2BF8-4BC1-9A6E-3663E41B45E7}&mid=e3cb70d4925947d08e92d16d12427522-04624457ef679d8ce231af5bd8a99feb656e0135&lang=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2950786308-227742302-1544317472-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2950786308-227742302-1544317472-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=114066&tt=3212_7&babsrc=HP_ss&mntrId=46931a6f000000000000001e64611dc5"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:4.15
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=114066&tt=3212_7&babsrc=KW_ss&mntrId=46931a6f000000000000001e64611dc5&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Spencer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/05/19 12:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/13 01:50:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/13 01:50:25 | 000,000,000 | ---D | M]

[2012/01/02 13:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Extensions
[2012/11/20 13:29:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions
[2012/05/13 02:01:26 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com
[2012/11/20 13:29:36 | 000,377,191 | ---- | M] () (No name found) -- C:\Users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012/04/23 17:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/23 17:55:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/03/11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/03/11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/03/11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2012/04/23 17:55:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/03/11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/05/12 10:03:10 | 000,003,739 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/06 18:10:35 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=114066&tt=3212_7&babsrc=HP_ss&mntrId=46931a6f000000000000001e64611dc5
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylon.com/?affID=114066&tt=3212_7&babsrc=HP_ss&mntrId=46931a6f000000000000001e64611dc5
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Relevant-Knowledge (Enabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins/rlcm.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - Extension: YouTube = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: StumbleUpon = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.10.11.1_0\
CHR - Extension: StumbleUpon = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.7.12.1_0\
CHR - Extension: Gmail = C:\Users\Spencer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/20 02:54:03 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 50.31.74.129 www.google-analytics.com.
O1 - Hosts: 50.31.74.129 ad-emea.doubleclick.net.
O1 - Hosts: 50.31.74.129 www.statcounter.com.
O1 - Hosts: 217.23.13.202 www.google-analytics.com.
O1 - Hosts: 217.23.13.202 ad-emea.doubleclick.net.
O1 - Hosts: 217.23.13.202 www.statcounter.com.
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2950786308-227742302-1544317472-1000..\Run: [EPSON NX110 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE /FU "C:\windows\TEMP\E_SB164.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2950786308-227742302-1544317472-1000..\Run: [Facebook Update] C:\Users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2950786308-227742302-1544317472-1000..\Run: [kmbnqcjctgtavmp] C:\ProgramData\kmbnqcjc.exe File not found
O4 - HKU\S-1-5-21-2950786308-227742302-1544317472-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2950786308-227742302-1544317472-1000..\Run: [Spotify] C:\Users\Spencer\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2950786308-227742302-1544317472-1000..\Run: [Spotify Web Helper] C:\Users\Spencer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2950786308-227742302-1544317472-1000..\Run: [stifolo] C:\Users\Spencer\AppData\Local\stifolo.dll ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{632C2F7A-FBE2-4133-8DDD-B9A36B62CC25}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78867215-718F-4C6B-9939-F4ACD8340359}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/16 17:18:34 | 000,000,051 | -H-- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2b4b27c7-58f3-11e1-8d7f-002454a69cd1}\Shell - "" = AutoRun
O33 - MountPoints2\{2b4b27c7-58f3-11e1-8d7f-002454a69cd1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/30 23:02:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe
[2012/11/29 15:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/29 15:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/29 15:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/29 15:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/20 03:00:04 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/11/15 09:52:59 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012/11/15 09:52:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/11/15 09:48:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/11/15 09:48:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/11/15 09:48:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/11/15 09:48:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/11/15 09:48:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/11/15 09:48:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/11/15 09:48:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/11/15 09:48:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/11/15 09:48:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/11/15 09:48:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/11/15 09:48:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/11/15 09:48:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/11/15 09:48:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/15 09:48:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/11/15 09:48:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/11/15 09:45:21 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/11/15 09:45:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/11/15 09:45:19 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012/11/15 09:45:19 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/11/14 19:36:53 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012/11/14 19:36:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[2012/11/13 16:07:05 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysWow64\PICSDK2.dll
[2012/11/13 16:07:05 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysWow64\PICEntry.dll
[2012/11/13 16:07:05 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysWow64\PICSDK.dll
[2012/11/13 16:07:05 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysWow64\EpPicPrt.dll
[2012/11/13 16:07:05 | 000,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\SysWow64\EpPicMgr.dll
[2012/11/13 16:07:04 | 000,000,000 | ---D | C] -- C:\Users\Spencer\AppData\Roaming\InstallShield
[2012/11/13 16:06:54 | 000,101,376 | ---- | C] (SEIKO EPSON CORP.) -- C:\windows\SysNative\esxcwiad.dll
[2012/11/13 16:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012/11/13 16:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012/11/13 01:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/13 01:46:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/11/04 01:20:50 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/11/04 01:16:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/04 01:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notpod
[2012/11/04 01:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notpod

========== Files - Modified Within 30 Days ==========

[2012/12/01 17:53:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/01 17:46:00 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/01 16:48:28 | 000,000,914 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2950786308-227742302-1544317472-1000Core.job
[2012/12/01 16:39:58 | 000,000,936 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2950786308-227742302-1544317472-1000UA.job
[2012/12/01 16:39:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/01 03:53:10 | 010,976,939 | ---- | M] () -- C:\Users\Spencer\Documents\Kill The Noise - My World.mp3
[2012/12/01 03:52:32 | 006,196,660 | ---- | M] () -- C:\Users\Spencer\Documents\Knife Party - Fire Hive (Krewella Remix) [Dubstep].mp3
[2012/12/01 03:52:18 | 007,382,449 | ---- | M] () -- C:\Users\Spencer\Documents\Soulero - Out There.mp3
[2012/12/01 03:51:02 | 023,358,807 | ---- | M] () -- C:\Users\Spencer\Documents\Kill The Noise - My World.flv
[2012/12/01 03:19:28 | 034,759,448 | ---- | M] () -- C:\Users\Spencer\Documents\Soulero - Out There.mp4
[2012/12/01 00:24:05 | 028,078,999 | ---- | M] () -- C:\Users\Spencer\Documents\Knife Party - Fire Hive (Krewella Remix) [Dubstep].mp4
[2012/11/30 23:02:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spencer\Desktop\OTL.exe
[2012/11/30 22:46:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/30 22:43:36 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 22:43:36 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 22:40:54 | 000,727,136 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/30 22:40:54 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/30 22:40:54 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/30 12:47:36 | 4081,627,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/29 15:11:46 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/26 01:52:53 | 014,189,239 | ---- | M] () -- C:\Users\Spencer\Documents\Adventure Club ft. Kai - Need Your Heart (Minnesota Remix) [Free].mp3
[2012/11/26 01:49:35 | 056,673,842 | ---- | M] () -- C:\Users\Spencer\Documents\Adventure Club ft. Kai - Need Your Heart (Minnesota Remix) [Free].mp4
[2012/11/20 02:58:22 | 000,307,712 | ---- | M] () -- C:\windows\msisear.exe
[2012/11/20 02:54:03 | 000,001,392 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/11/20 02:53:37 | 000,016,896 | ---- | M] () -- C:\Users\Spencer\AppData\Local\stifolo.dll
[2012/11/20 02:53:20 | 000,366,080 | ---- | M] () -- C:\Users\Spencer\htpopqywqtfvbcechuuptazfo.exe
[2012/11/20 02:53:20 | 000,015,360 | ---- | M] () -- C:\Users\Spencer\vzjyyrsofhfeewxk.exe
[2012/11/20 02:53:16 | 000,366,080 | ---- | M] () -- C:\Users\Spencer\prhzfklokqlyd.exe
[2012/11/16 21:27:32 | 000,278,944 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/11/13 16:06:54 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/11/02 11:46:31 | 007,206,574 | ---- | M] () -- C:\Users\Spencer\Documents\Diplo feat. Lazerdisk Party Sex - Set It Off [OFFICIAL HQ].mp3
[2012/11/02 11:46:13 | 007,665,324 | ---- | M] () -- C:\Users\Spencer\Documents\Cash Out - Cashing Out.mp3
[2012/11/02 11:46:09 | 011,483,821 | ---- | M] () -- C:\Users\Spencer\Documents\DJ Khaled - I Wish You Would _ Cold ft. Kanye West & Rick Ross (Official Video).mp3
[2012/11/02 11:38:33 | 005,655,217 | ---- | M] () -- C:\Users\Spencer\Documents\Ca$h Out - Big Booty (Lyric Video).mp3
[2012/11/02 11:18:07 | 032,485,396 | ---- | M] () -- C:\Users\Spencer\Documents\Ca$h Out - Big Booty (Lyric Video).mp4
[2012/11/02 11:13:12 | 009,917,868 | ---- | M] () -- C:\Users\Spencer\Documents\2 Chainz - Birthday Song Ft. Kanye West (Lyrics On Screen).mp3
[2012/11/02 01:13:11 | 012,937,459 | ---- | M] () -- C:\Users\Spencer\Documents\2 Chainz - Birthday Song Ft. Kanye West (Lyrics On Screen).flv

========== Files Created - No Company Name ==========

[2012/12/01 03:51:43 | 010,976,939 | ---- | C] () -- C:\Users\Spencer\Documents\Kill The Noise - My World.mp3
[2012/12/01 03:46:34 | 007,382,449 | ---- | C] () -- C:\Users\Spencer\Documents\Soulero - Out There.mp3
[2012/12/01 03:44:54 | 023,358,807 | ---- | C] () -- C:\Users\Spencer\Documents\Kill The Noise - My World.flv
[2012/12/01 03:18:07 | 034,759,448 | ---- | C] () -- C:\Users\Spencer\Documents\Soulero - Out There.mp4
[2012/12/01 01:31:54 | 006,196,660 | ---- | C] () -- C:\Users\Spencer\Documents\Knife Party - Fire Hive (Krewella Remix) [Dubstep].mp3
[2012/12/01 00:23:07 | 028,078,999 | ---- | C] () -- C:\Users\Spencer\Documents\Knife Party - Fire Hive (Krewella Remix) [Dubstep].mp4
[2012/11/29 15:11:46 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/26 01:50:22 | 014,189,239 | ---- | C] () -- C:\Users\Spencer\Documents\Adventure Club ft. Kai - Need Your Heart (Minnesota Remix) [Free].mp3
[2012/11/26 01:48:33 | 056,673,842 | ---- | C] () -- C:\Users\Spencer\Documents\Adventure Club ft. Kai - Need Your Heart (Minnesota Remix) [Free].mp4
[2012/11/20 02:58:19 | 000,307,712 | ---- | C] () -- C:\windows\msisear.exe
[2012/11/20 02:53:37 | 000,016,896 | ---- | C] () -- C:\Users\Spencer\AppData\Local\stifolo.dll
[2012/11/20 02:53:20 | 000,015,360 | ---- | C] () -- C:\Users\Spencer\vzjyyrsofhfeewxk.exe
[2012/11/20 02:53:17 | 000,366,080 | ---- | C] () -- C:\Users\Spencer\htpopqywqtfvbcechuuptazfo.exe
[2012/11/20 02:53:12 | 000,366,080 | ---- | C] () -- C:\Users\Spencer\prhzfklokqlyd.exe
[2012/11/15 09:53:00 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 09:45:19 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 16:07:05 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/11/13 16:07:05 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/11/13 16:07:05 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/11/13 16:07:05 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/11/13 16:07:05 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/11/13 16:07:05 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/11/13 16:07:05 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/11/13 16:07:05 | 000,012,669 | ---- | C] () -- C:\windows\SysWow64\EPPICLocal_EN.cfg
[2012/11/13 16:07:05 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/11/13 16:07:05 | 000,006,366 | ---- | C] () -- C:\windows\SysWow64\EPPICLocal_FR.cfg
[2012/11/13 16:07:05 | 000,006,366 | ---- | C] () -- C:\windows\SysWow64\EPPICLocal_CF.cfg
[2012/11/13 16:07:05 | 000,006,226 | ---- | C] () -- C:\windows\SysWow64\EPPICLocal_ES.cfg
[2012/11/13 16:07:05 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/11/13 16:07:05 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/11/13 16:07:05 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/11/13 16:07:05 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/11/13 16:07:05 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/11/13 16:07:05 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/11/13 16:07:05 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/11/13 16:07:05 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2012/11/13 16:07:04 | 000,006,478 | ---- | C] () -- C:\windows\SysWow64\EPPICLocal_PT.cfg
[2012/11/13 16:07:04 | 000,006,478 | ---- | C] () -- C:\windows\SysWow64\EPPICLocal_BP.cfg
[2012/11/13 16:06:54 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/11/02 11:21:45 | 005,655,217 | ---- | C] () -- C:\Users\Spencer\Documents\Ca$h Out - Big Booty (Lyric Video).mp3
[2012/11/02 11:15:29 | 032,485,396 | ---- | C] () -- C:\Users\Spencer\Documents\Ca$h Out - Big Booty (Lyric Video).mp4
[2012/11/02 10:59:38 | 009,917,868 | ---- | C] () -- C:\Users\Spencer\Documents\2 Chainz - Birthday Song Ft. Kanye West (Lyrics On Screen).mp3
[2012/11/02 01:07:48 | 012,937,459 | ---- | C] () -- C:\Users\Spencer\Documents\2 Chainz - Birthday Song Ft. Kanye West (Lyrics On Screen).flv
[2012/10/21 11:29:27 | 000,260,341 | -HS- | C] () -- C:\Users\Spencer\AppData\Roaming\rt1.png
[2012/09/22 23:30:04 | 000,097,640 | ---- | C] () -- C:\ProgramData\ajlolurhlozmjxi
[2012/08/16 08:16:23 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012/06/28 23:44:53 | 000,000,847 | ---- | C] () -- C:\Users\Spencer\.lmmsrc.xml
[2012/02/12 16:42:04 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/10 21:27:26 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2012/01/10 21:27:26 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2012/01/10 21:27:26 | 000,105,608 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2012/01/10 20:29:54 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/03/02 06:57:40 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011/03/02 06:57:40 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011/03/02 06:57:40 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011/03/02 06:57:40 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll

========== ZeroAccess Check ==========

[2012/11/20 02:53:39 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$8b29f98aca21910275e3c79a5aa0f795\@
[2012/11/20 09:23:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$8b29f98aca21910275e3c79a5aa0f795\L
[2012/11/25 22:58:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$8b29f98aca21910275e3c79a5aa0f795\U
[2012/11/20 02:54:37 | 000,000,804 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$8b29f98aca21910275e3c79a5aa0f795\L\00000004.@
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[2012/11/20 02:53:39 | 000,005,120 | -HS- | M] () -- C:\windows\assembly\GAC_32\Desktop.ini
[2012/11/20 02:53:39 | 000,006,144 | -HS- | M] () -- C:\windows\assembly\GAC_64\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2950786308-227742302-1544317472-1000\$8b29f98aca21910275e3c79a5aa0f795\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$8b29f98aca21910275e3c79a5aa0f795\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 19:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >







Extras:




OTL Extras logfile created on: 12/1/2012 5:52:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spencer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 55.12% Memory free
7.60 Gb Paging File | 5.35 Gb Available in Paging File | 70.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 52.26 Gb Free Space | 52.26% Space Free | Partition Type: NTFS
Drive D: | 350.66 Gb Total Space | 243.90 Gb Free Space | 69.55% Space Free | Partition Type: NTFS

Computer Name: SPENCER-PC | User Name: Spencer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel® PROSet/Wireless WiFi Software
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BF8D7372-5200-4EC7-9FB0-5398D108F81C}" = Intel® Wireless Display
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CCleaner" = CCleaner
"EPSON NX110 Series" = EPSON NX110 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749BDD29-D756-4B9B-8022-3E666A24C13F}" = Samsung Support Center
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}" = SAMSUNG USB Driver for Mobile Phones
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F8DDA54-E98B-4067-A0D8-FB37068964D8}" = Dj Mixer Studio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"EPSON Scanner" = EPSON Scan
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2950786308-227742302-1544317472-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/21/2012 3:10:56 AM | Computer Name = Spencer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 601680

Error - 11/21/2012 3:10:56 AM | Computer Name = Spencer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 601680

Error - 11/21/2012 3:10:57 AM | Computer Name = Spencer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/21/2012 3:10:57 AM | Computer Name = Spencer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 602694

Error - 11/21/2012 3:10:57 AM | Computer Name = Spencer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 602694

Error - 11/21/2012 3:10:58 AM | Computer Name = Spencer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/21/2012 3:10:58 AM | Computer Name = Spencer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 603692

Error - 11/21/2012 3:10:58 AM | Computer Name = Spencer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 603692

Error - 11/21/2012 3:10:59 AM | Computer Name = Spencer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/21/2012 11:12:19 AM | Computer Name = Spencer-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


[ System Events ]
Error - 11/30/2012 3:30:13 AM | Computer Name = Spencer-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/30/2012 3:30:14 AM | Computer Name = Spencer-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/30/2012 3:30:18 AM | Computer Name = Spencer-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/30/2012 3:30:19 AM | Computer Name = Spencer-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/30/2012 3:30:19 AM | Computer Name = Spencer-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/30/2012 2:47:53 PM | Computer Name = Spencer-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:43:28 AM on ?11/?30/?2012 was unexpected.

Error - 11/30/2012 2:47:55 PM | Computer Name = Spencer-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 11/30/2012 2:47:56 PM | Computer Name = Spencer-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 11/30/2012 2:47:57 PM | Computer Name = Spencer-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 11/30/2012 2:47:57 PM | Computer Name = Spencer-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.


< End of report >

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:16 PM

Posted 02 December 2012 - 02:49 PM

Hi!

You are infected with a nasty infection called ZeroAccess. Please read the information about this infection below.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:
Special thanks to quietman7 for providing the above information.



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?



NEXT:


Do you recognize the following file??

[2012/10/21 11:29:27 | 000,260,341 | -HS- | C] () -- C:\Users\Spencer\AppData\Roaming\rt1.png



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. ComboFix.txt log file.
3. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 DingleberrySalad

DingleberrySalad
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 04 December 2012 - 10:15 PM

Is my computer now fixed? Also, thank you for such quick and great help! I really appreciate it.

ComboFix 12-12-04.01 - Spencer 12/04/2012 20:45:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2268 [GMT -6:00]
Running from: c:\users\Spencer\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-2950786308-227742302-1544317472-1000\$8b29f98aca21910275e3c79a5aa0f795\@
c:\$recycle.bin\S-1-5-21-2950786308-227742302-1544317472-1000\$8b29f98aca21910275e3c79a5aa0f795\n
c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
c:\programdata\ism_0_llatsni.pad
c:\users\Spencer\AppData\Local\stifolo.dll
c:\users\Spencer\AppData\Local\TempDIR
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\content\uninsthk.js
c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\Spencer\AppData\Roaming\skype.ini
c:\users\Spencer\Documents\~WRL3290.tmp
c:\users\Spencer\htpopqywqtfvbcechuuptazfo.exe
c:\users\Spencer\prhzfklokqlyd.exe
c:\users\Spencer\vzjyyrsofhfeewxk.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\FastUserSwitchingCompatibilityex.dll
c:\windows\SysWow64\muzapp.exe
D:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))))
.
.
2012-12-05 02:51 . 2012-12-05 02:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 04:00 . 2012-12-04 04:00 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-12-02 20:24 . 2012-12-02 20:24 -------- d-----w- c:\programdata\Microsoft Help
2012-12-02 20:24 . 2012-12-02 20:24 -------- d-----w- c:\users\Spencer\AppData\Local\Microsoft Help
2012-11-29 21:11 . 2012-11-29 21:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-29 21:11 . 2012-11-29 21:11 -------- d-----w- c:\program files\iPod
2012-11-29 21:11 . 2012-11-29 21:11 -------- d-----w- c:\program files\iTunes
2012-11-20 09:00 . 2012-11-20 09:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-11-20 08:58 . 2012-11-20 08:58 307712 ----a-w- c:\windows\msisear.exe
2012-11-17 05:47 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40B4DE9B-5F56-495F-9AB3-172021E45F40}\mpengine.dll
2012-11-15 15:52 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 15:52 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 15:52 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 15:52 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 15:45 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 15:45 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 15:45 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 15:45 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 15:45 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 15:45 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 15:45 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 01:36 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 01:36 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 01:36 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-13 22:07 . 2006-10-31 06:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2012-11-13 22:07 . 2006-10-31 06:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2012-11-13 22:07 . 2006-10-20 06:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2012-11-13 22:07 . 2006-10-20 06:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2012-11-13 22:07 . 2006-10-20 06:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2012-11-13 22:07 . 2012-11-13 22:07 -------- d-----w- c:\users\Spencer\AppData\Roaming\InstallShield
2012-11-13 22:06 . 2012-11-13 22:06 -------- d-----w- c:\program files (x86)\epson
2012-11-13 22:06 . 2007-03-27 06:00 101376 ----a-w- c:\windows\system32\esxcwiad.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 15:46 . 2012-05-23 08:09 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-09 11:54 . 2012-05-12 15:33 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 11:54 . 2012-01-02 20:49 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2012-08-16 14:40 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 16:32 . 2012-09-28 16:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 16:32 . 2012-09-28 16:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-28 01:50 . 2012-09-28 01:50 58704 ----a-r- c:\users\Spencer\AppData\Roaming\Microsoft\Installer\{8FA53ACE-B718-4FAE-B7BF-95B0FCB320C8}\ARPPRODUCTICON.exe
2012-09-14 19:23 . 2012-10-10 15:06 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:30 . 2012-10-10 15:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Spencer\AppData\Roaming\Spotify\Spotify.exe" [2012-10-21 7901144]
"Spotify Web Helper"="c:\users\Spencer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-21 1199576]
"Facebook Update"="c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-10 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-01-13 75048]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-01-11 210216]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-11-13 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-8-29 16032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-14 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/03 15:00];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2010-01-12 14:08 146928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 W32Serv;Windows Search Scheduler;c:\windows\msisear.exe [2012-11-20 307712]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-17 7680512]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-05 39832]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 11:54]
.
2012-12-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2950786308-227742302-1544317472-1000Core.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-10 15:28]
.
2012-12-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2950786308-227742302-1544317472-1000UA.job
- c:\users\Spencer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-10 15:28]
.
2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-31 17:07]
.
2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-31 17:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=114066&tt=3212_7&babsrc=HP_ss&mntrId=46931a6f000000000000001e64611dc5
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=114066&tt=3212_7&babsrc=KW_ss&mntrId=46931a6f000000000000001e64611dc5&q=
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - 46931a6f000000000000001e64611dc5
FF - user.js: extensions.funmoods_i.instlDay - 15472
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:36
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114066&tt=3212_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 46931a6f000000000000001e64611dc5
FF - user.js: extensions.BabylonToolbar.instlDay - 15559
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.619:10
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-kmbnqcjctgtavmp - c:\programdata\kmbnqcjc.exe
Wow6432Node-HKCU-Run-stifolo - c:\users\Spencer\AppData\Local\stifolo.dll
Wow6432Node-HKLM-Run-UpdateLBPShortCut - c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdateP2GoShortCut - c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdatePDRShortCut - c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UpdatePPShortCut - c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe
Wow6432Node-HKLM-Run-UCam_Menu - c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2012-12-04 21:00:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-05 03:00
.
Pre-Run: 55,792,402,432 bytes free
Post-Run: 56,045,289,472 bytes free
.
- - End Of File - - 51DE05829EBDBCF208749792AF351F57


my computer is running a lot faster and doesn't have the pop-ups in the corner of the screen anymore.

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:16 PM

Posted 05 December 2012 - 12:16 PM

Hi!

Is my computer now fixed? Also, thank you for such quick and great help! I really appreciate it.

We still have some work to do.

This infection can be quite nasty.


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
DirLook::
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
c:\windows\SysWow64\%APPDATA%
FireFox::
FF - ProfilePath - c:\users\Spencer\AppData\Roaming\Mozilla\Firefox\Profiles\7ue4h1vr.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=114066&tt=3212_7&babsrc=HP_ss&mntrId=46931a6f000000000000001e64611dc5
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=114066&tt=3212_7&babsrc=KW_ss&mntrId=46931a6f000000000000001e64611dc5&q=
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
FF - user.js: extensions.funmoods_i.id - 46931a6f000000000000001e64611dc5
FF - user.js: extensions.funmoods_i.instlDay - 15472
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1616:36
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef - 
FF - user.js: extensions.funmoods_i.dfltLng - 
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114066&tt=3212_7
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 46931a6f000000000000001e64611dc5
FF - user.js: extensions.BabylonToolbar.instlDay - 15559
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.619:10
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. MalwareBytes' Anti-Malware log file.
3. ESET Online Virus Scan log file.
4. SecurityCheck log file.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:16 PM

Posted 29 December 2012 - 03:17 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users