Jump to content


Photo
- - - - -

Can't open anything


  • This topic is locked This topic is locked
38 replies to this topic

#1 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 28 June 2012 - 12:41 AM

Hey guys,

so my computer won't open any bascially any .exe files. The only files I can open however is like IE or the control panel. Can't open anything else, tried installing malwarebytes but it wouldn't let me. Please let me know if you have any idea whats wrong with my computer

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 28 June 2012 - 08:21 AM

Hello soccer1127 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here and post the log files in your next reply:
http://forums.malwar...?showtopic=9573
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 28 June 2012 - 12:42 PM

I tried downloading both of them, however they never run. And every time I try to right click them(or most programs) windows explorer stops responding and has to restart.

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 29 June 2012 - 11:41 AM

Do you have a USB flash drive on hand?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 29 June 2012 - 01:18 PM

Yes I do. I also tried using the chameleon feature of malwarebytes. I copied it over from another computer onto the infected one. The actual chameleon program was able to open up and I tested all 12 but none of them seemed to work.

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 29 June 2012 - 04:53 PM

Don't worry.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 29 June 2012 - 05:33 PM

So I tried both the usb and cd but whenever I try to boot to it says something like media failure and goes to the regular boot. However I tried clicking the file through the cd and it opened up, should I just use it through windows?

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 30 June 2012 - 04:56 AM

Yes, please proceed.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 30 June 2012 - 01:13 PM

Heres the log

Scan result of Farbar Recovery Scan Tool Version: 28-06-2012 02
Ran by Marty at 30-06-2012 14:10:55
Running from C:\Users\Marty\Desktop
(X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

============ One Month Created Files and Folders ==============
2012-06-30 17:58 - 2012-06-30 17:58 - 00025600 __ASH C:\BCD_BACKUP.LOG
2012-06-30 14:10 - 2012-06-29 18:59 - 01428039 ____A C:\Users\Marty\Desktop\FRST64.exe
2012-06-30 14:09 - 2012-06-30 14:09 - 00000000 ____D C:\70aa3f7f846933a956
2012-06-30 14:03 - 2012-06-30 14:03 - 00861303 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_43_0001a275.dmp
2012-06-30 14:03 - 2012-06-30 14:03 - 00853576 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
2012-06-30 14:02 - 2012-06-30 14:02 - 00853038 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
2012-06-29 18:22 - 2012-06-30 14:10 - 00000000 ____D C:\FRST
2012-06-28 19:49 - 2012-06-30 17:47 - 00000000 ____D C:\NBRT
2012-06-28 16:53 - 2012-06-28 16:58 - 00001209 ____A C:\Users\Marty\Desktop\cmd.exe.lnk
2012-06-28 16:40 - 2012-06-28 16:41 - 00294400 ____A C:\Users\Marty\Desktop\exeHelper.com
2012-06-28 15:09 - 2012-06-28 15:09 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-06-28 15:02 - 2012-03-01 02:54 - 00022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-06-28 15:02 - 2012-03-01 02:45 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-06-28 15:02 - 2012-03-01 02:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-06-28 15:02 - 2012-03-01 02:35 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-06-28 15:02 - 2012-03-01 01:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-06-28 15:02 - 2012-03-01 01:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-06-28 15:02 - 2012-03-01 01:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-06-28 14:38 - 2012-06-28 14:38 - 00000000 ____D C:\Users\Marty\Desktop\Chameleon
2012-06-28 14:35 - 2012-06-28 14:35 - 01012656 ____A C:\Users\Marty\Desktop\WiNlOgOn.exe
2012-06-28 14:23 - 2012-04-20 02:21 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 14:22 - 2012-05-14 23:56 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 14:22 - 2012-05-14 23:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 14:22 - 2012-05-14 23:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 14:22 - 2012-05-14 23:06 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 14:22 - 2012-05-02 01:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-28 14:22 - 2012-04-27 23:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-28 14:22 - 2012-04-20 02:25 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 14:22 - 2012-04-20 02:25 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 14:22 - 2012-04-20 02:23 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-06-28 14:22 - 2012-04-20 02:22 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 14:22 - 2012-04-20 02:22 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-28 14:22 - 2012-04-20 02:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 14:22 - 2012-04-20 02:22 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-28 14:22 - 2012-04-20 02:22 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-28 14:22 - 2012-04-20 02:21 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 14:22 - 2012-04-20 02:21 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-28 14:22 - 2012-04-20 02:21 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-28 14:22 - 2012-04-20 02:21 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 14:22 - 2012-04-20 02:18 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-28 14:22 - 2012-04-20 01:07 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 14:22 - 2012-04-20 01:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 14:22 - 2012-04-20 01:06 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 14:22 - 2012-04-20 01:06 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-28 14:22 - 2012-04-20 01:06 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-06-28 14:22 - 2012-04-20 01:06 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 14:22 - 2012-04-20 01:06 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-28 14:22 - 2012-04-20 01:05 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-06-28 14:22 - 2012-04-20 01:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-06-28 14:22 - 2012-04-20 01:00 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-28 14:22 - 2012-04-20 00:15 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 14:22 - 2012-04-19 23:58 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-06-28 14:22 - 2012-04-19 23:24 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 14:22 - 2012-03-17 03:55 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-28 14:21 - 2012-05-14 21:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-28 14:21 - 2012-04-26 01:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-28 14:21 - 2012-04-26 01:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-28 14:21 - 2012-04-26 01:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-28 14:21 - 2012-04-17 01:38 - 00851968 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 14:21 - 2012-04-17 00:45 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 14:21 - 2012-03-03 02:29 - 01837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-06-28 14:21 - 2012-03-03 02:29 - 01541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-28 14:21 - 2012-03-03 02:29 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-06-28 14:21 - 2012-03-03 02:29 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-06-28 14:21 - 2012-03-03 02:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-06-28 14:21 - 2012-03-03 01:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-06-28 14:21 - 2012-03-03 01:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-06-28 14:21 - 2012-03-03 01:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-06-28 14:21 - 2012-03-03 01:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-06-28 14:21 - 2012-03-03 01:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-06-28 14:17 - 2012-04-07 08:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-28 14:17 - 2012-04-07 07:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-28 14:16 - 2012-04-24 01:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-28 14:16 - 2012-04-24 01:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-28 14:16 - 2012-04-24 01:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-28 14:16 - 2012-04-24 00:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-28 14:16 - 2012-04-24 00:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-28 14:16 - 2012-04-24 00:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-28 14:15 - 2012-03-30 07:09 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-28 13:22 - 2012-06-28 13:27 - 00004058 ____A C:\Windows\IE9_main.log
2012-06-28 13:13 - 2012-06-02 18:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-28 13:13 - 2012-06-02 18:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-28 13:13 - 2012-06-02 18:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-28 13:13 - 2012-06-02 18:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-28 13:12 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-28 13:12 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-28 12:59 - 2012-06-28 12:59 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dd5.com
2012-06-28 12:56 - 2012-06-28 12:56 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dds.scr
2012-06-28 00:58 - 2012-06-28 00:58 - 00000000 ____D C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}
2012-06-28 00:40 - 2012-06-28 00:40 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Marty\Desktop\asde.exe
2012-06-28 00:38 - 2012-06-28 00:38 - 00270536 ____A C:\Windows\Minidump\062812-29889-01.dmp

============ 3 Months Modified Files and Folders =============
2012-06-30 17:58 - 2012-06-30 17:58 - 00028672 ____A C:\BCD_BACKUP
2012-06-30 17:58 - 2012-06-30 17:58 - 00025600 __ASH C:\BCD_BACKUP.LOG
2012-06-30 17:47 - 2012-06-28 19:49 - 00000000 ____D C:\NBRT
2012-06-30 17:21 - 2011-01-24 00:47 - 00000000 ____D C:\users\Mcx1-MARTY-PC
2012-06-30 17:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2012-06-30 17:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2012-06-30 17:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-30 14:10 - 2012-06-29 18:22 - 00000000 ____D C:\FRST
2012-06-30 14:09 - 2012-06-30 14:09 - 00000000 ____D C:\70aa3f7f846933a956
2012-06-30 14:08 - 2010-09-22 16:14 - 01743460 ____A C:\Windows\WindowsUpdate.log
2012-06-30 14:05 - 2010-09-22 15:20 - 00009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-30 14:05 - 2010-09-22 15:20 - 00009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-30 14:03 - 2012-06-30 14:03 - 00861303 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_43_0001a275.dmp
2012-06-30 14:03 - 2012-06-30 14:03 - 00853576 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
2012-06-30 14:02 - 2012-06-30 14:02 - 00853038 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
2012-06-30 14:02 - 2010-09-22 15:22 - 00000000 ____D C:\users\Marty
2012-06-30 14:02 - 2009-08-13 03:07 - 00136636 ____A C:\aaw7boot.log
2012-06-30 14:02 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-30 14:02 - 2009-07-14 00:51 - 03654223 ____A C:\Windows\setupact.log
2012-06-29 18:59 - 2012-06-30 14:10 - 01428039 ____A C:\Users\Marty\Desktop\FRST64.exe
2012-06-28 21:02 - 2009-07-14 01:13 - 00728058 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-28 16:58 - 2012-06-28 16:53 - 00001209 ____A C:\Users\Marty\Desktop\cmd.exe.lnk
2012-06-28 16:41 - 2012-06-28 16:40 - 00294400 ____A C:\Users\Marty\Desktop\exeHelper.com
2012-06-28 15:17 - 2009-07-14 00:45 - 00447760 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-28 15:09 - 2012-06-28 15:09 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-06-28 15:01 - 2009-07-14 03:46 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-28 14:38 - 2012-06-28 14:38 - 00000000 ____D C:\Users\Marty\Desktop\Chameleon
2012-06-28 14:35 - 2012-06-28 14:35 - 01012656 ____A C:\Users\Marty\Desktop\WiNlOgOn.exe
2012-06-28 13:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-06-28 13:27 - 2012-06-28 13:22 - 00004058 ____A C:\Windows\IE9_main.log
2012-06-28 12:59 - 2012-06-28 12:59 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dd5.com
2012-06-28 12:56 - 2012-06-28 12:56 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dds.scr
2012-06-28 00:58 - 2012-06-28 00:58 - 00000000 ____D C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}
2012-06-28 00:40 - 2012-06-28 00:40 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Marty\Desktop\asde.exe
2012-06-28 00:38 - 2012-06-28 00:38 - 00270536 ____A C:\Windows\Minidump\062812-29889-01.dmp
2012-06-28 00:38 - 2010-10-01 21:08 - 00000000 ____D C:\Windows\Minidump
2012-06-28 00:37 - 2010-09-07 14:50 - 292176077 ____A C:\Windows\MEMORY.DMP
2012-06-03 23:28 - 2011-04-01 11:17 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 18:19 - 2012-06-28 13:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 18:19 - 2012-06-28 13:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 18:19 - 2012-06-28 13:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 18:15 - 2012-06-28 13:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 15:19 - 2012-06-28 13:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-28 13:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-14 23:56 - 2012-06-28 14:22 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 23:52 - 2012-06-28 14:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 23:08 - 2012-06-28 14:22 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 23:06 - 2012-06-28 14:22 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 21:32 - 2012-06-28 14:21 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-02 01:32 - 2012-06-28 14:22 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 23:50 - 2012-06-28 14:22 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 01:34 - 2012-06-28 14:21 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 01:34 - 2012-06-28 14:21 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 01:28 - 2012-06-28 14:21 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 01:59 - 2012-06-28 14:16 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 01:59 - 2012-06-28 14:16 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 01:59 - 2012-06-28 14:16 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-24 00:47 - 2012-06-28 14:16 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-24 00:47 - 2012-06-28 14:16 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-24 00:47 - 2012-06-28 14:16 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-20 02:25 - 2012-06-28 14:22 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-20 02:25 - 2012-06-28 14:22 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-20 02:23 - 2012-06-28 14:22 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-20 02:22 - 2012-06-28 14:22 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-20 02:22 - 2012-06-28 14:22 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-20 02:22 - 2012-06-28 14:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-20 02:22 - 2012-06-28 14:22 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-20 02:22 - 2012-06-28 14:22 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-20 02:21 - 2012-06-28 14:23 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-20 02:21 - 2012-06-28 14:22 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-20 02:21 - 2012-06-28 14:22 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-20 02:21 - 2012-06-28 14:22 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-20 02:21 - 2012-06-28 14:22 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-20 02:18 - 2012-06-28 14:22 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-20 01:07 - 2012-06-28 14:22 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-20 01:07 - 2012-06-28 14:22 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-20 01:06 - 2012-06-28 14:22 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-20 01:06 - 2012-06-28 14:22 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-20 01:06 - 2012-06-28 14:22 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-04-20 01:06 - 2012-06-28 14:22 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-20 01:06 - 2012-06-28 14:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-20 01:05 - 2012-06-28 14:22 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-20 01:03 - 2012-06-28 14:22 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-20 01:00 - 2012-06-28 14:22 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-20 00:15 - 2012-06-28 14:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 23:58 - 2012-06-28 14:22 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-19 23:24 - 2012-06-28 14:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-17 01:38 - 2012-06-28 14:21 - 00851968 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-17 00:45 - 2012-06-28 14:21 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-07 08:18 - 2012-06-28 14:17 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 07:34 - 2012-06-28 14:17 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 39%
Total physical RAM: 3998.96 MB
Available physical RAM: 2430.27 MB
Total Pagefile: 7996.06 MB
Available Pagefile: 6438.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:286.41 GB) (Free:109.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.9 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 2048 KB
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 286 GB 1024 KB
Partition 2 Primary 11 GB 286 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 286 GB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 11 GB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-28 21:20
======================= End Of Log ==========================

#10 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 30 June 2012 - 01:16 PM

I now see what you meant when you said run it throught system recovery, I guess I misread it. I see it says it will not work properly if its not in a recovery envrionment, so I'll do it from there and repost

#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 30 June 2012 - 01:19 PM

Your log files seems to be fine, but take a look at the header:

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


It's not useful on this way, so we should change the strategy.

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run QuickScan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 30 June 2012 - 03:00 PM

Ok here are the files. Also I noticed most of these scans are for the past 30 days, these virus is a lot older than that. Just letting you know, not sure if this information is important or not.


OTL logfile created on: 6/30/2012 4:56:33 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.41 Gb Total Space | 111.05 Gb Free Space | 38.77% Space Free | Partition Type: NTFS
Drive E: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.28% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/01/28 09:15:24 | 000,290,304 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_27a7f4961a76cb4e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2008/11/17 15:22:44 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_27a7f4961a76cb4e\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/08/26 10:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/06/20 10:31:32 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe -- (NAV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/09 10:07:22 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2009/03/09 20:54:12 | 000,365,952 | ---- | M] () [Auto] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2009/02/24 18:04:52 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/02/04 18:57:06 | 000,296,320 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS -- (SymNetS)
DRV:64bit: - [2011/06/20 10:31:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/05/09 23:32:13 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\NAVx64\1206000.01D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207000.00D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NAVx64\1207000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NAVx64\1207000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207000.00D\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/09 09:50:50 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/06/24 10:16:22 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/02/25 09:53:26 | 000,137,056 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/01/28 09:16:06 | 000,473,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/30 08:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2008/12/03 09:21:52 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/21 13:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/06/04 13:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2012/01/16 04:01:46 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\EX64.SYS -- (NAVEX15)
DRV - [2012/01/16 04:01:46 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\ENG64.SYS -- (NAVENG)
DRV - [2011/12/15 19:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120128.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 22:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 12:06:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/06/28 02:57:37 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://myub.buffalo...plate/myub.html
IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Mcx1-MARTY-PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_0_1.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Marty\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/09/22 15:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/06/30 14:03:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/05 00:44:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 17:39:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Marty\AppData\Roaming\Move Networks [2010/09/22 15:55:37 | 000,000,000 | ---D | M]

[2010/10/12 11:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marty\AppData\Roaming\Mozilla\Extensions
[2010/10/12 11:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\ubmnghfz.default\extensions
[2011/11/15 17:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2012/06/30 14:03:27 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2012/01/05 00:44:54 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/04 18:54:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 23:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 23:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\Marty_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Marty_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bit...qsax/qsax64.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{49536b28-f84e-11e0-9aa7-00235aad2481}\Shell - "" = AutoRun
O33 - MountPoints2\{49536b28-f84e-11e0-9aa7-00235aad2481}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 14:20:44 | 000,000,000 | ---D | C] -- C:\609e82835773b7b852
[2012/06/29 18:22:43 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/28 19:49:43 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/06/28 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Chameleon
[2012/06/28 12:59:32 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Marty\Desktop\dd5.com
[2012/06/28 12:56:37 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Marty\Desktop\dds.scr
[2012/06/28 00:58:59 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012/06/28 00:40:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/30 17:58:30 | 000,028,672 | ---- | M] () -- C:\BCD_BACKUP
[2012/06/30 15:30:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 15:29:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/06/30 15:25:59 | 000,625,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/30 15:25:59 | 000,107,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/30 14:19:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/30 14:11:01 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 14:11:01 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 14:03:50 | 000,853,576 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
[2012/06/30 14:03:43 | 000,861,303 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp
[2012/06/30 14:02:56 | 000,853,038 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
[2012/06/30 14:02:22 | 3144,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 18:59:32 | 001,428,039 | ---- | M] () -- C:\Users\Marty\Desktop\FRST64.exe
[2012/06/28 16:58:12 | 000,001,209 | ---- | M] () -- C:\Users\Marty\Desktop\cmd.exe.lnk
[2012/06/28 16:41:13 | 000,294,400 | ---- | M] () -- C:\Users\Marty\Desktop\exeHelper.com
[2012/06/28 15:17:54 | 000,447,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/28 15:09:24 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/06/28 14:35:12 | 001,012,656 | ---- | M] () -- C:\Users\Marty\Desktop\WiNlOgOn.exe
[2012/06/28 12:59:37 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Marty\Desktop\dd5.com
[2012/06/28 12:56:42 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Marty\Desktop\dds.scr
[2012/06/28 00:40:33 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe
[2012/06/28 00:37:52 | 292,176,077 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/30 17:58:29 | 000,028,672 | ---- | C] () -- C:\BCD_BACKUP
[2012/06/30 14:10:37 | 001,428,039 | ---- | C] () -- C:\Users\Marty\Desktop\FRST64.exe
[2012/06/30 14:03:50 | 000,853,576 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
[2012/06/30 14:03:43 | 000,861,303 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp
[2012/06/30 14:02:53 | 000,853,038 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
[2012/06/28 16:53:37 | 000,001,209 | ---- | C] () -- C:\Users\Marty\Desktop\cmd.exe.lnk
[2012/06/28 16:40:51 | 000,294,400 | ---- | C] () -- C:\Users\Marty\Desktop\exeHelper.com
[2012/06/28 15:09:24 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/06/28 14:35:09 | 001,012,656 | ---- | C] () -- C:\Users\Marty\Desktop\WiNlOgOn.exe
[2011/10/14 12:11:28 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/14 12:03:29 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/06/28 02:57:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/28 02:57:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/11/02 23:39:34 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/13 16:35:52 | 000,683,801 | ---- | C] () -- C:\Windows\unins000.exe
[2010/09/13 16:35:52 | 000,001,682 | ---- | C] () -- C:\Windows\unins000.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/01 00:33:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/04/06 17:51:44 | 000,001,776 | ---- | C] () -- C:\Windows\PCW170.ini
[2007/03/21 08:28:50 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.config

========== LOP Check ==========

[2010/09/22 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\acccore
[2011/08/29 01:10:12 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Barnes & Noble
[2011/09/06 02:09:22 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Bizarro DC++
[2011/09/05 22:35:30 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\DC++
[2011/10/14 12:11:23 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Peachtree
[2010/10/27 08:17:14 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Tific
[2011/10/14 12:08:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Aatrix Software
[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\acccore
[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AIM Toolbar
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/09/22 15:44:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/11/29 17:06:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/01 17:08:42 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/10/14 12:03:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Pervasive Software
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/09/04 17:58:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/10/14 13:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/09/22 15:44:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2012/01/24 18:14:31 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

#13 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 30 June 2012 - 03:52 PM

Update: Things seem to be working now don't know why... I'm installing malwarebytes now

#14 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 30 June 2012 - 03:53 PM

Update: For some reason I can now install and run programs, I am installing malwarebytes now. One problem that still occurs however is if your right click a logo windows explorer freezes

#15 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 01 July 2012 - 06:41 AM

Please don't run anything or do anything without my instructions.

Start OTLPE as you did previously.
Copy the attached fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and dropfix.txtinto the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)

Attached Files

  • Attached File  fix.txt   453bytes   14 downloads

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#16 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 01 July 2012 - 01:38 PM

OK heres the log

OTL logfile created on: 7/1/2012 4:31:02 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.41 Gb Total Space | 118.43 Gb Free Space | 41.35% Space Free | Partition Type: NTFS
Drive D: | 963.69 Mb Total Space | 962.28 Mb Free Space | 99.85% Space Free | Partition Type: FAT
Drive E: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.28% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/08/26 10:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] () [On_Demand] -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/06/20 10:31:32 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/09 10:07:22 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2009/03/09 20:54:12 | 000,365,952 | ---- | M] () [Auto] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2009/02/24 18:04:52 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/02/04 18:57:06 | 000,296,320 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/20 10:31:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/05/09 23:32:13 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS -- (SymNetS)
DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NAVx64\1207010.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NAVx64\1207010.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/09 09:50:50 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/06/24 10:16:22 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/02/25 09:53:26 | 000,137,056 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/12/30 08:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2008/12/03 09:21:52 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/21 13:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/06/04 13:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2012/01/16 04:01:46 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\EX64.SYS -- (NAVEX15)
DRV - [2012/01/16 04:01:46 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\ENG64.SYS -- (NAVENG)
DRV - [2011/12/15 19:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120128.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 22:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/11/09 12:06:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/06/28 02:57:37 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://myub.buffalo...plate/myub.html
IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Mcx1-MARTY-PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_0_1.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/09/22 15:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/06/30 22:12:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/05 00:44:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 17:39:46 | 000,000,000 | ---D | M]

[2011/11/15 17:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/05 00:44:54 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/04 18:54:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/04 23:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 23:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\Marty_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found
O4 - HKU\Marty_ON_C..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Marty_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bit...qsax/qsax64.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 14:45:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/30 22:04:34 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/30 22:04:34 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/06/30 21:27:18 | 000,000,000 | -HSD | C] -- C:\found.016
[2012/06/30 19:52:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/06/30 19:52:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/06/30 17:50:20 | 000,000,000 | ---D | C] -- C:\Users\Marty\AppData\Roaming\Malwarebytes
[2012/06/30 17:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/30 17:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/30 17:50:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/30 17:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/30 14:20:44 | 000,000,000 | ---D | C] -- C:\609e82835773b7b852
[2012/06/29 18:22:43 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/28 19:49:43 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/06/28 15:02:20 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2012/06/28 15:02:19 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
[2012/06/28 15:02:19 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2012/06/28 15:02:19 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imagehlp.dll
[2012/06/28 15:02:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2012/06/28 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Chameleon
[2012/06/28 14:22:51 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/06/28 14:22:50 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2012/06/28 14:22:48 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/28 14:22:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/28 14:22:48 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/28 14:22:48 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/28 14:22:48 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2012/06/28 14:22:48 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/28 14:22:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2012/06/28 14:22:11 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/06/28 14:22:11 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012/06/28 14:22:11 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012/06/28 14:22:10 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/06/28 14:22:09 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/28 14:22:08 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/28 14:21:59 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/06/28 14:21:59 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2012/06/28 14:21:47 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/06/28 14:21:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/28 14:21:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/28 14:21:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/28 14:21:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/28 14:17:44 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2012/06/28 14:17:42 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msi.dll
[2012/06/28 14:16:13 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2012/06/28 14:16:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
[2012/06/28 13:13:18 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/28 13:13:18 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2012/06/28 13:13:18 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/28 13:13:00 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/28 13:13:00 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/28 13:13:00 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/28 13:12:41 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/28 13:12:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/28 00:58:59 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}
[2012/06/28 00:40:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/01 15:13:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 15:13:41 | 000,864,552 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_41_00012960.dmp
[2012/07/01 15:13:24 | 000,872,715 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_23_0000e520.dmp
[2012/07/01 15:13:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/07/01 15:13:07 | 3144,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 02:17:28 | 000,854,906 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_28_0000fc0a.dmp
[2012/07/01 02:17:22 | 000,857,349 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_22_0000e37b.dmp
[2012/07/01 02:16:56 | 000,867,429 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_16_55_00007ae9.dmp
[2012/07/01 01:36:53 | 001,955,557 | -H-- | M] () -- C:\Users\Marty\AppData\Local\IconCache.db
[2012/07/01 01:24:26 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 01:24:26 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 22:18:25 | 000,728,186 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012/06/30 22:18:25 | 000,625,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/30 22:18:25 | 000,107,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/30 22:12:34 | 000,861,073 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_34_00012aa8.dmp
[2012/06/30 22:12:29 | 000,860,821 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_29_0001145a.dmp
[2012/06/30 22:12:11 | 000,859,932 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_11_0000cea3.dmp
[2012/06/30 22:09:19 | 002,009,432 | ---- | M] () -- C:\Windows\System32\drivers\NAVx64\1207010.003\Cat.DB
[2012/06/30 21:58:02 | 000,859,296 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_58_02_00016660.dmp
[2012/06/30 21:57:54 | 000,858,390 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_54_0001475b.dmp
[2012/06/30 21:57:34 | 000,853,746 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_31_0000f102.dmp
[2012/06/30 21:43:20 | 000,861,111 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_20_0001e0bd.dmp
[2012/06/30 21:43:14 | 000,858,358 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_14_0001c908.dmp
[2012/06/30 21:42:29 | 000,871,502 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_42_28_00011728.dmp
[2012/06/30 21:42:06 | 000,447,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/30 21:30:31 | 000,859,144 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_31_00018c66.dmp
[2012/06/30 21:30:26 | 000,855,984 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_25_000175cb.dmp
[2012/06/30 21:29:59 | 000,849,792 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_29_56_00010222.dmp
[2012/06/30 20:35:24 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/30 20:33:14 | 000,871,100 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_14_00021b3d.dmp
[2012/06/30 20:33:05 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2012/06/30 20:33:02 | 000,872,810 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_01_0001e9e1.dmp
[2012/06/30 20:32:34 | 000,857,389 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_32_33_00017ba4.dmp
[2012/06/30 20:06:48 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2012/06/30 20:06:48 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012/06/30 19:16:52 | 000,863,113 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_51_00014f66.dmp
[2012/06/30 19:16:45 | 000,854,116 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_45_000136d8.dmp
[2012/06/30 19:16:24 | 000,868,541 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_22_0000dcb7.dmp
[2012/06/30 18:41:40 | 000,858,419 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_40_00016151.dmp
[2012/06/30 18:41:30 | 000,863,648 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_30_0001386d.dmp
[2012/06/30 18:41:11 | 000,858,823 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_10_0000eb95.dmp
[2012/06/30 18:39:55 | 000,006,584 | ---- | M] () -- C:\bootsqm.dat
[2012/06/30 18:07:49 | 000,862,110 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_49_000102ec.dmp
[2012/06/30 18:07:40 | 000,866,266 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_40_0000e08e.dmp
[2012/06/30 18:07:20 | 000,870,083 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_19_00008ce3.dmp
[2012/06/30 17:59:27 | 000,853,236 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_26_00013429.dmp
[2012/06/30 17:59:21 | 000,855,669 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_21_00011ddc.dmp
[2012/06/30 17:58:50 | 000,857,918 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_58_48_00009c00.dmp
[2012/06/30 17:58:30 | 000,028,672 | ---- | M] () -- C:\BCD_BACKUP
[2012/06/30 17:50:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/30 17:36:04 | 000,863,697 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_36_04_00018fff.dmp
[2012/06/30 17:35:58 | 000,864,121 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_58_000177dd.dmp
[2012/06/30 17:35:39 | 000,853,803 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_37_00012654.dmp
[2012/06/30 15:29:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2012/06/30 14:23:23 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2012/06/30 14:19:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/30 14:03:50 | 000,853,576 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
[2012/06/30 14:03:43 | 000,861,303 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp
[2012/06/30 14:02:56 | 000,853,038 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
[2012/06/29 18:59:32 | 001,428,039 | ---- | M] () -- C:\Users\Marty\Desktop\FRST64.exe
[2012/06/28 16:58:12 | 000,001,209 | ---- | M] () -- C:\Users\Marty\Desktop\cmd.exe.lnk
[2012/06/28 16:41:13 | 000,294,400 | ---- | M] () -- C:\Users\Marty\Desktop\exeHelper.com
[2012/06/28 15:09:24 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/06/28 00:40:33 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe
[2012/06/28 00:37:52 | 292,176,077 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]
[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/01 15:13:41 | 000,864,552 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_41_00012960.dmp
[2012/07/01 15:13:23 | 000,872,715 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_23_0000e520.dmp
[2012/07/01 02:17:28 | 000,854,906 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_28_0000fc0a.dmp
[2012/07/01 02:17:22 | 000,857,349 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_22_0000e37b.dmp
[2012/07/01 02:16:55 | 000,867,429 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_16_55_00007ae9.dmp
[2012/06/30 22:12:34 | 000,861,073 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_34_00012aa8.dmp
[2012/06/30 22:12:29 | 000,860,821 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_29_0001145a.dmp
[2012/06/30 22:12:11 | 000,859,932 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_11_0000cea3.dmp
[2012/06/30 21:58:02 | 000,859,296 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_58_02_00016660.dmp
[2012/06/30 21:57:54 | 000,858,390 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_54_0001475b.dmp
[2012/06/30 21:57:31 | 000,853,746 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_31_0000f102.dmp
[2012/06/30 21:43:20 | 000,861,111 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_20_0001e0bd.dmp
[2012/06/30 21:43:14 | 000,858,358 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_14_0001c908.dmp
[2012/06/30 21:42:28 | 000,871,502 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_42_28_00011728.dmp
[2012/06/30 21:30:31 | 000,859,144 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_31_00018c66.dmp
[2012/06/30 21:30:25 | 000,855,984 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_25_000175cb.dmp
[2012/06/30 21:29:56 | 000,849,792 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_29_56_00010222.dmp
[2012/06/30 20:33:14 | 000,871,100 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_14_00021b3d.dmp
[2012/06/30 20:33:01 | 000,872,810 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_01_0001e9e1.dmp
[2012/06/30 20:32:33 | 000,857,389 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_32_33_00017ba4.dmp
[2012/06/30 19:16:51 | 000,863,113 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_51_00014f66.dmp
[2012/06/30 19:16:45 | 000,854,116 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_45_000136d8.dmp
[2012/06/30 19:16:22 | 000,868,541 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_22_0000dcb7.dmp
[2012/06/30 18:41:40 | 000,858,419 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_40_00016151.dmp
[2012/06/30 18:41:30 | 000,863,648 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_30_0001386d.dmp
[2012/06/30 18:41:10 | 000,858,823 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_10_0000eb95.dmp
[2012/06/30 18:39:55 | 000,006,584 | ---- | C] () -- C:\bootsqm.dat
[2012/06/30 18:07:49 | 000,862,110 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_49_000102ec.dmp
[2012/06/30 18:07:40 | 000,866,266 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_40_0000e08e.dmp
[2012/06/30 18:07:19 | 000,870,083 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_19_00008ce3.dmp
[2012/06/30 17:59:26 | 000,853,236 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_26_00013429.dmp
[2012/06/30 17:59:21 | 000,855,669 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_21_00011ddc.dmp
[2012/06/30 17:58:48 | 000,857,918 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_58_48_00009c00.dmp
[2012/06/30 17:58:29 | 000,028,672 | ---- | C] () -- C:\BCD_BACKUP
[2012/06/30 17:36:04 | 000,863,697 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_36_04_00018fff.dmp
[2012/06/30 17:35:58 | 000,864,121 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_58_000177dd.dmp
[2012/06/30 17:35:37 | 000,853,803 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_37_00012654.dmp
[2012/06/30 14:10:37 | 001,428,039 | ---- | C] () -- C:\Users\Marty\Desktop\FRST64.exe
[2012/06/30 14:03:50 | 000,853,576 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp
[2012/06/30 14:03:43 | 000,861,303 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp
[2012/06/30 14:02:53 | 000,853,038 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp
[2012/06/28 16:53:37 | 000,001,209 | ---- | C] () -- C:\Users\Marty\Desktop\cmd.exe.lnk
[2012/06/28 16:40:51 | 000,294,400 | ---- | C] () -- C:\Users\Marty\Desktop\exeHelper.com
[2012/06/28 15:09:24 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012/06/28 13:20:43 | 001,955,557 | -H-- | C] () -- C:\Users\Marty\AppData\Local\IconCache.db
[2012/01/25 19:56:50 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/10/14 12:11:28 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/14 12:03:29 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/07/07 02:28:22 | 001,193,320 | ---- | C] () -- C:\Windows\SysWow64\FM20.DLL
[2011/06/28 02:57:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/06/28 02:57:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/11/02 23:39:34 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/22 20:25:56 | 000,122,720 | ---- | C] () -- C:\Users\Marty\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/13 16:35:52 | 000,683,801 | ---- | C] () -- C:\Windows\unins000.exe
[2010/09/13 16:35:52 | 000,001,682 | ---- | C] () -- C:\Windows\unins000.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 01:32:39 | 000,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 01:32:39 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009/07/13 22:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/01 00:33:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/04/06 17:51:44 | 000,001,776 | ---- | C] () -- C:\Windows\PCW170.ini
[2007/03/21 08:28:50 | 000,000,634 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.manifest
[2007/03/21 08:28:50 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.config
[2006/11/02 08:34:27 | 000,000,219 | ---- | C] () -- C:\Windows\win.ini

========== LOP Check ==========

[2010/09/22 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\acccore
[2011/08/29 01:10:12 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Barnes & Noble
[2011/09/06 02:09:22 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Bizarro DC++
[2011/09/05 22:35:30 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\DC++
[2011/10/14 12:11:23 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Peachtree
[2010/10/27 08:17:14 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Tific
[2011/10/14 12:08:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Aatrix Software
[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\acccore
[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AIM Toolbar
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/09/22 15:44:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2010/11/29 17:06:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/01 17:08:42 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/10/14 12:03:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Pervasive Software
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/09/04 17:58:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/10/14 13:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/09/22 15:44:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2012/01/24 18:14:31 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

#17 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 01 July 2012 - 05:00 PM

This is not the Fix log file, this is a new log file. For some reason your script was not activated. Are you sure that you follow the instructions strictly?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#18 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 01 July 2012 - 07:30 PM

Oh sorry do you mean this log


========== OTL ==========
Registry value HKEY_USERS\Marty_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.com\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marty
->Temp folder emptied: 44960347 bytes
->Temporary Internet Files folder emptied: 6261109857 bytes
->FireFox cache emptied: 67882928 bytes
->Flash cache emptied: 11205123 bytes

User: Mcx1-MARTY-PC
->Temp folder emptied: 518 bytes
->Temporary Internet Files folder emptied: 304365 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1781081878 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36163745 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes

Total Files Cleaned = 7,823.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 07012012_144523

#19 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 02 July 2012 - 05:41 AM

That's correct! :)

Now boot in Normal mode and:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#20 soccer1127

soccer1127

    New Member

  • Members
  • Pip
  • 22 posts

Posted 02 July 2012 - 06:42 PM

So once I was able to install I ran MBAM, so I'll post that log(since it found sometihng) and the most recent. Here they are

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.30.07
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Marty :: MARTY-PC [administrator]
6/30/2012 5:51:01 PM
mbam-log-2012-06-30 (17-51-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241337
Time elapsed: 4 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users