Sign in to follow this  
Followers 0
soccer1127

Can't open anything

39 posts in this topic

Hey guys,

so my computer won't open any bascially any .exe files. The only files I can open however is like IE or the control panel. Can't open anything else, tried installing malwarebytes but it wouldn't let me. Please let me know if you have any idea whats wrong with my computer

Share this post


Link to post
Share on other sites

Hello soccer1127 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Share this post


Link to post
Share on other sites

I tried downloading both of them, however they never run. And every time I try to right click them(or most programs) windows explorer stops responding and has to restart.

Share this post


Link to post
Share on other sites

Do you have a USB flash drive on hand?

Share this post


Link to post
Share on other sites

Yes I do. I also tried using the chameleon feature of malwarebytes. I copied it over from another computer onto the infected one. The actual chameleon program was able to open up and I tested all 12 but none of them seemed to work.

Share this post


Link to post
Share on other sites

Don't worry.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Share this post


Link to post
Share on other sites

So I tried both the usb and cd but whenever I try to boot to it says something like media failure and goes to the regular boot. However I tried clicking the file through the cd and it opened up, should I just use it through windows?

Share this post


Link to post
Share on other sites

Heres the log

Scan result of Farbar Recovery Scan Tool Version: 28-06-2012 02

Ran by Marty at 30-06-2012 14:10:55

Running from C:\Users\Marty\Desktop

(X64) OS Language: English(US)

Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

============ One Month Created Files and Folders ==============

2012-06-30 17:58 - 2012-06-30 17:58 - 00025600 __ASH C:\BCD_BACKUP.LOG

2012-06-30 14:10 - 2012-06-29 18:59 - 01428039 ____A C:\Users\Marty\Desktop\FRST64.exe

2012-06-30 14:09 - 2012-06-30 14:09 - 00000000 ____D C:\70aa3f7f846933a956

2012-06-30 14:03 - 2012-06-30 14:03 - 00861303 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_43_0001a275.dmp

2012-06-30 14:03 - 2012-06-30 14:03 - 00853576 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_50_0001bd17.dmp

2012-06-30 14:02 - 2012-06-30 14:02 - 00853038 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_02_53_0000e08e.dmp

2012-06-29 18:22 - 2012-06-30 14:10 - 00000000 ____D C:\FRST

2012-06-28 19:49 - 2012-06-30 17:47 - 00000000 ____D C:\NBRT

2012-06-28 16:53 - 2012-06-28 16:58 - 00001209 ____A C:\Users\Marty\Desktop\cmd.exe.lnk

2012-06-28 16:40 - 2012-06-28 16:41 - 00294400 ____A C:\Users\Marty\Desktop\exeHelper.com

2012-06-28 15:09 - 2012-06-28 15:09 - 00000129 ____A C:\Windows\System32\MRT.INI

2012-06-28 15:02 - 2012-03-01 02:54 - 00022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys

2012-06-28 15:02 - 2012-03-01 02:45 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-06-28 15:02 - 2012-03-01 02:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll

2012-06-28 15:02 - 2012-03-01 02:35 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll

2012-06-28 15:02 - 2012-03-01 01:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-06-28 15:02 - 2012-03-01 01:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2012-06-28 15:02 - 2012-03-01 01:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

2012-06-28 14:38 - 2012-06-28 14:38 - 00000000 ____D C:\Users\Marty\Desktop\Chameleon

2012-06-28 14:35 - 2012-06-28 14:35 - 01012656 ____A C:\Users\Marty\Desktop\WiNlOgOn.exe

2012-06-28 14:23 - 2012-04-20 02:21 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-28 14:22 - 2012-05-14 23:56 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-28 14:22 - 2012-05-14 23:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-28 14:22 - 2012-05-14 23:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-28 14:22 - 2012-05-14 23:06 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-28 14:22 - 2012-05-02 01:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-06-28 14:22 - 2012-04-27 23:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-06-28 14:22 - 2012-04-20 02:25 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-28 14:22 - 2012-04-20 02:25 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-28 14:22 - 2012-04-20 02:23 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll

2012-06-28 14:22 - 2012-04-20 02:22 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-28 14:22 - 2012-04-20 02:22 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-06-28 14:22 - 2012-04-20 02:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-28 14:22 - 2012-04-20 02:22 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2012-06-28 14:22 - 2012-04-20 02:22 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2012-06-28 14:22 - 2012-04-20 02:21 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-28 14:22 - 2012-04-20 02:21 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2012-06-28 14:22 - 2012-04-20 02:21 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2012-06-28 14:22 - 2012-04-20 02:21 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-28 14:22 - 2012-04-20 02:18 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2012-06-28 14:22 - 2012-04-20 01:07 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-28 14:22 - 2012-04-20 01:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-28 14:22 - 2012-04-20 01:06 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-28 14:22 - 2012-04-20 01:06 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-06-28 14:22 - 2012-04-20 01:06 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll

2012-06-28 14:22 - 2012-04-20 01:06 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-28 14:22 - 2012-04-20 01:06 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2012-06-28 14:22 - 2012-04-20 01:05 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-28 14:22 - 2012-04-20 01:05 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-28 14:22 - 2012-04-20 01:05 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2012-06-28 14:22 - 2012-04-20 01:05 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2012-06-28 14:22 - 2012-04-20 01:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-28 14:22 - 2012-04-20 01:05 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2012-06-28 14:22 - 2012-04-20 01:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2012-06-28 14:22 - 2012-04-20 01:00 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2012-06-28 14:22 - 2012-04-20 00:15 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-28 14:22 - 2012-04-19 23:58 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2012-06-28 14:22 - 2012-04-19 23:24 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-28 14:22 - 2012-03-17 03:55 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

2012-06-28 14:21 - 2012-05-14 21:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-28 14:21 - 2012-04-26 01:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-06-28 14:21 - 2012-04-26 01:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-06-28 14:21 - 2012-04-26 01:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-06-28 14:21 - 2012-04-17 01:38 - 00851968 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-28 14:21 - 2012-04-17 00:45 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-28 14:21 - 2012-03-03 02:29 - 01837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2012-06-28 14:21 - 2012-03-03 02:29 - 01541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-06-28 14:21 - 2012-03-03 02:29 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2012-06-28 14:21 - 2012-03-03 02:29 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2012-06-28 14:21 - 2012-03-03 02:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2012-06-28 14:21 - 2012-03-03 01:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2012-06-28 14:21 - 2012-03-03 01:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2012-06-28 14:21 - 2012-03-03 01:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2012-06-28 14:21 - 2012-03-03 01:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2012-06-28 14:21 - 2012-03-03 01:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2012-06-28 14:17 - 2012-04-07 08:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll

2012-06-28 14:17 - 2012-04-07 07:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2012-06-28 14:16 - 2012-04-24 01:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-06-28 14:16 - 2012-04-24 01:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-06-28 14:16 - 2012-04-24 01:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-06-28 14:16 - 2012-04-24 00:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-06-28 14:16 - 2012-04-24 00:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-06-28 14:16 - 2012-04-24 00:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-06-28 14:15 - 2012-03-30 07:09 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-06-28 13:22 - 2012-06-28 13:27 - 00004058 ____A C:\Windows\IE9_main.log

2012-06-28 13:13 - 2012-06-02 18:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-28 13:13 - 2012-06-02 18:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-28 13:13 - 2012-06-02 18:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-28 13:13 - 2012-06-02 18:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-28 13:12 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-28 13:12 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-28 12:59 - 2012-06-28 12:59 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dd5.com

2012-06-28 12:56 - 2012-06-28 12:56 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dds.scr

2012-06-28 00:58 - 2012-06-28 00:58 - 00000000 ____D C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}

2012-06-28 00:40 - 2012-06-28 00:40 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Marty\Desktop\asde.exe

2012-06-28 00:38 - 2012-06-28 00:38 - 00270536 ____A C:\Windows\Minidump\062812-29889-01.dmp

============ 3 Months Modified Files and Folders =============

2012-06-30 17:58 - 2012-06-30 17:58 - 00028672 ____A C:\BCD_BACKUP

2012-06-30 17:58 - 2012-06-30 17:58 - 00025600 __ASH C:\BCD_BACKUP.LOG

2012-06-30 17:47 - 2012-06-28 19:49 - 00000000 ____D C:\NBRT

2012-06-30 17:21 - 2011-01-24 00:47 - 00000000 ____D C:\users\Mcx1-MARTY-PC

2012-06-30 17:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2012-06-30 17:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration

2012-06-30 17:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat

2012-06-30 14:10 - 2012-06-29 18:22 - 00000000 ____D C:\FRST

2012-06-30 14:09 - 2012-06-30 14:09 - 00000000 ____D C:\70aa3f7f846933a956

2012-06-30 14:08 - 2010-09-22 16:14 - 01743460 ____A C:\Windows\WindowsUpdate.log

2012-06-30 14:05 - 2010-09-22 15:20 - 00009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-06-30 14:05 - 2010-09-22 15:20 - 00009712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-06-30 14:03 - 2012-06-30 14:03 - 00861303 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_43_0001a275.dmp

2012-06-30 14:03 - 2012-06-30 14:03 - 00853576 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_03_50_0001bd17.dmp

2012-06-30 14:02 - 2012-06-30 14:02 - 00853038 ____A C:\Windows\SysWOW64\AAWService__2012_06_30_14_02_53_0000e08e.dmp

2012-06-30 14:02 - 2010-09-22 15:22 - 00000000 ____D C:\users\Marty

2012-06-30 14:02 - 2009-08-13 03:07 - 00136636 ____A C:\aaw7boot.log

2012-06-30 14:02 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-06-30 14:02 - 2009-07-14 00:51 - 03654223 ____A C:\Windows\setupact.log

2012-06-29 18:59 - 2012-06-30 14:10 - 01428039 ____A C:\Users\Marty\Desktop\FRST64.exe

2012-06-28 21:02 - 2009-07-14 01:13 - 00728058 ____A C:\Windows\System32\PerfStringBackup.INI

2012-06-28 16:58 - 2012-06-28 16:53 - 00001209 ____A C:\Users\Marty\Desktop\cmd.exe.lnk

2012-06-28 16:41 - 2012-06-28 16:40 - 00294400 ____A C:\Users\Marty\Desktop\exeHelper.com

2012-06-28 15:17 - 2009-07-14 00:45 - 00447760 ____A C:\Windows\System32\FNTCACHE.DAT

2012-06-28 15:09 - 2012-06-28 15:09 - 00000129 ____A C:\Windows\System32\MRT.INI

2012-06-28 15:01 - 2009-07-14 03:46 - 00000000 ____D C:\Program Files\Windows Journal

2012-06-28 14:38 - 2012-06-28 14:38 - 00000000 ____D C:\Users\Marty\Desktop\Chameleon

2012-06-28 14:35 - 2012-06-28 14:35 - 01012656 ____A C:\Users\Marty\Desktop\WiNlOgOn.exe

2012-06-28 13:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2012-06-28 13:27 - 2012-06-28 13:22 - 00004058 ____A C:\Windows\IE9_main.log

2012-06-28 12:59 - 2012-06-28 12:59 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dd5.com

2012-06-28 12:56 - 2012-06-28 12:56 - 00607260 ____A (Swearware) C:\Users\Marty\Desktop\dds.scr

2012-06-28 00:58 - 2012-06-28 00:58 - 00000000 ____D C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}

2012-06-28 00:40 - 2012-06-28 00:40 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Marty\Desktop\asde.exe

2012-06-28 00:38 - 2012-06-28 00:38 - 00270536 ____A C:\Windows\Minidump\062812-29889-01.dmp

2012-06-28 00:38 - 2010-10-01 21:08 - 00000000 ____D C:\Windows\Minidump

2012-06-28 00:37 - 2010-09-07 14:50 - 292176077 ____A C:\Windows\MEMORY.DMP

2012-06-03 23:28 - 2011-04-01 11:17 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-06-02 18:19 - 2012-06-28 13:13 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 18:19 - 2012-06-28 13:13 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 18:19 - 2012-06-28 13:13 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 18:15 - 2012-06-28 13:13 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 15:19 - 2012-06-28 13:12 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 15:15 - 2012-06-28 13:12 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-05-14 23:56 - 2012-06-28 14:22 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-05-14 23:52 - 2012-06-28 14:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-05-14 23:08 - 2012-06-28 14:22 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-05-14 23:06 - 2012-06-28 14:22 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-05-14 21:32 - 2012-06-28 14:21 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-05-02 01:32 - 2012-06-28 14:22 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-27 23:50 - 2012-06-28 14:22 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-26 01:34 - 2012-06-28 14:21 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-26 01:34 - 2012-06-28 14:21 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-26 01:28 - 2012-06-28 14:21 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-04-24 01:59 - 2012-06-28 14:16 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-24 01:59 - 2012-06-28 14:16 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-24 01:59 - 2012-06-28 14:16 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-24 00:47 - 2012-06-28 14:16 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-04-24 00:47 - 2012-06-28 14:16 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-04-24 00:47 - 2012-06-28 14:16 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-04-20 02:25 - 2012-06-28 14:22 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-04-20 02:25 - 2012-06-28 14:22 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-04-20 02:23 - 2012-06-28 14:22 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll

2012-04-20 02:22 - 2012-06-28 14:22 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-04-20 02:22 - 2012-06-28 14:22 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-04-20 02:22 - 2012-06-28 14:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-04-20 02:22 - 2012-06-28 14:22 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2012-04-20 02:22 - 2012-06-28 14:22 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2012-04-20 02:21 - 2012-06-28 14:23 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-04-20 02:21 - 2012-06-28 14:22 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-04-20 02:21 - 2012-06-28 14:22 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2012-04-20 02:21 - 2012-06-28 14:22 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2012-04-20 02:21 - 2012-06-28 14:22 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-04-20 02:18 - 2012-06-28 14:22 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2012-04-20 01:07 - 2012-06-28 14:22 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-04-20 01:07 - 2012-06-28 14:22 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-04-20 01:06 - 2012-06-28 14:22 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-04-20 01:06 - 2012-06-28 14:22 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-04-20 01:06 - 2012-06-28 14:22 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll

2012-04-20 01:06 - 2012-06-28 14:22 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-04-20 01:06 - 2012-06-28 14:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2012-04-20 01:05 - 2012-06-28 14:22 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-04-20 01:05 - 2012-06-28 14:22 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-04-20 01:05 - 2012-06-28 14:22 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2012-04-20 01:05 - 2012-06-28 14:22 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2012-04-20 01:05 - 2012-06-28 14:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-04-20 01:05 - 2012-06-28 14:22 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2012-04-20 01:03 - 2012-06-28 14:22 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2012-04-20 01:00 - 2012-06-28 14:22 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec

2012-04-20 00:15 - 2012-06-28 14:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-04-19 23:58 - 2012-06-28 14:22 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2012-04-19 23:24 - 2012-06-28 14:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-04-17 01:38 - 2012-06-28 14:21 - 00851968 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-04-17 00:45 - 2012-06-28 14:21 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-04-07 08:18 - 2012-06-28 14:17 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll

2012-04-07 07:34 - 2012-06-28 14:17 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 39%

Total physical RAM: 3998.96 MB

Available physical RAM: 2430.27 MB

Total Pagefile: 7996.06 MB

Available Pagefile: 6438.2 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:286.41 GB) (Free:109.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (RECOVERY) (Fixed) (Total:11.68 GB) (Free:1.9 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 2048 KB

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 286 GB 1024 KB

Partition 2 Primary 11 GB 286 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 286 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D RECOVERY NTFS Partition 11 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-28 21:20

======================= End Of Log ==========================

Share this post


Link to post
Share on other sites

I now see what you meant when you said run it throught system recovery, I guess I misread it. I see it says it will not work properly if its not in a recovery envrionment, so I'll do it from there and repost

Share this post


Link to post
Share on other sites

Your log files seems to be fine, but take a look at the header:

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

It's not useful on this way, so we should change the strategy.

  1. Download OTLPENet.exe to your desktop
  2. Ensure that you have a blank CD in the drive
  3. Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  4. Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  5. As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  6. Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  7. Double-click on the OTLPE icon.
  8. Select the Windows folder of the infected drive if it asks for a location
  9. When asked "Do you wish to load the remote registry", select Yes
  10. When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  11. Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  12. OTL should now start.
  13. Press Run QuickScan to start the scan.
  14. When finished, the file will be saved in drive C:\OTL.txt
  15. Copy this file to your USB drive if you do not have internet connection on this system.
  16. Right click the file and select send to : select the USB drive.
  17. Confirm that it has copied to the USB drive by selecting it
  18. You can backup any files that you wish from this OS
  19. Please post the contents of the C:\OTL.txt file in your reply.

Share this post


Link to post
Share on other sites

Ok here are the files. Also I noticed most of these scans are for the past 30 days, these virus is a lot older than that. Just letting you know, not sure if this information is important or not.

OTL logfile created on: 6/30/2012 4:56:33 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

64bit-Windows 7 Ultimate (Version = 6.1.7600) - Type = System

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.41 Gb Total Space | 111.05 Gb Free Space | 38.77% Space Free | Partition Type: NTFS

Drive E: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.28% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/01/28 09:15:24 | 000,290,304 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_27a7f4961a76cb4e\stacsv64.exe -- (STacSV)

SRV:64bit: - [2008/11/17 15:22:44 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_27a7f4961a76cb4e\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/08/26 10:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV - [2011/06/20 10:31:32 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe -- (NAV)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/09 10:07:22 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)

SRV - [2009/03/09 20:54:12 | 000,365,952 | ---- | M] () [Auto] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2009/02/24 18:04:52 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)

SRV - [2009/02/04 18:57:06 | 000,296,320 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)

SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\Drivers\NAVx64\1206000.01D\SYMNETS.SYS -- (SymNetS)

DRV:64bit: - [2011/06/20 10:31:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)

DRV:64bit: - [2011/05/09 23:32:13 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\NAVx64\1206000.01D\SRTSP64.SYS -- (SRTSP)

DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207000.00D\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NAVx64\1207000.00D\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NAVx64\1207000.00D\symds64.sys -- (SymDS)

DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207000.00D\Ironx64.SYS -- (SymIRON)

DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/10/09 09:50:50 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2009/06/24 10:16:22 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/02/25 09:53:26 | 000,137,056 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2009/01/28 09:16:06 | 000,473,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2008/12/30 08:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV:64bit: - [2008/12/03 09:21:52 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/11/21 13:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/06/04 13:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2012/01/16 04:01:46 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\EX64.SYS -- (NAVEX15)

DRV - [2012/01/16 04:01:46 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\ENG64.SYS -- (NAVENG)

DRV - [2011/12/15 19:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120128.002\IDSviA64.sys -- (IDSVia64)

DRV - [2011/11/30 22:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)

DRV - [2011/11/09 12:06:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/06/28 02:57:37 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb

IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://myub.buffalo.edu/myub/pw/template/myub.html

IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Mcx1-MARTY-PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_0_1.dll ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Marty\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/09/22 15:42:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/06/30 14:03:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/05 00:44:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 17:39:46 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Marty\AppData\Roaming\Move Networks [2010/09/22 15:55:37 | 000,000,000 | ---D | M]

[2010/10/12 11:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marty\AppData\Roaming\Mozilla\Extensions

[2010/10/12 11:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\ubmnghfz.default\extensions

[2011/11/15 17:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

File not found (No name found) --

[2012/06/30 14:03:27 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN

[2012/01/05 00:44:54 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/11/04 18:54:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/11/04 23:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/04 23:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)

O3 - HKU\Marty_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4 - HKU\LocalService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found

O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\Marty_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{49536b28-f84e-11e0-9aa7-00235aad2481}\Shell - "" = AutoRun

O33 - MountPoints2\{49536b28-f84e-11e0-9aa7-00235aad2481}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - File not found

64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found

64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 14:20:44 | 000,000,000 | ---D | C] -- C:\609e82835773b7b852

[2012/06/29 18:22:43 | 000,000,000 | ---D | C] -- C:\FRST

[2012/06/28 19:49:43 | 000,000,000 | ---D | C] -- C:\NBRT

[2012/06/28 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Chameleon

[2012/06/28 12:59:32 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Marty\Desktop\dd5.com

[2012/06/28 12:56:37 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Marty\Desktop\dds.scr

[2012/06/28 00:58:59 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}

[2012/06/28 00:40:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe

[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/30 17:58:30 | 000,028,672 | ---- | M] () -- C:\BCD_BACKUP

[2012/06/30 15:30:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/30 15:29:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works

[2012/06/30 15:25:59 | 000,625,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/30 15:25:59 | 000,107,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/30 14:19:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/06/30 14:11:01 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/30 14:11:01 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/30 14:03:50 | 000,853,576 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp

[2012/06/30 14:03:43 | 000,861,303 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp

[2012/06/30 14:02:56 | 000,853,038 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp

[2012/06/30 14:02:22 | 3144,904,704 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/29 18:59:32 | 001,428,039 | ---- | M] () -- C:\Users\Marty\Desktop\FRST64.exe

[2012/06/28 16:58:12 | 000,001,209 | ---- | M] () -- C:\Users\Marty\Desktop\cmd.exe.lnk

[2012/06/28 16:41:13 | 000,294,400 | ---- | M] () -- C:\Users\Marty\Desktop\exeHelper.com

[2012/06/28 15:17:54 | 000,447,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/06/28 15:09:24 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI

[2012/06/28 14:35:12 | 001,012,656 | ---- | M] () -- C:\Users\Marty\Desktop\WiNlOgOn.exe

[2012/06/28 12:59:37 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Marty\Desktop\dd5.com

[2012/06/28 12:56:42 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Marty\Desktop\dds.scr

[2012/06/28 00:40:33 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe

[2012/06/28 00:37:52 | 292,176,077 | ---- | M] () -- C:\Windows\MEMORY.DMP

[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/30 17:58:29 | 000,028,672 | ---- | C] () -- C:\BCD_BACKUP

[2012/06/30 14:10:37 | 001,428,039 | ---- | C] () -- C:\Users\Marty\Desktop\FRST64.exe

[2012/06/30 14:03:50 | 000,853,576 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp

[2012/06/30 14:03:43 | 000,861,303 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp

[2012/06/30 14:02:53 | 000,853,038 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp

[2012/06/28 16:53:37 | 000,001,209 | ---- | C] () -- C:\Users\Marty\Desktop\cmd.exe.lnk

[2012/06/28 16:40:51 | 000,294,400 | ---- | C] () -- C:\Users\Marty\Desktop\exeHelper.com

[2012/06/28 15:09:24 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2012/06/28 14:35:09 | 001,012,656 | ---- | C] () -- C:\Users\Marty\Desktop\WiNlOgOn.exe

[2011/10/14 12:11:28 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/10/14 12:03:29 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2011/06/28 02:57:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat

[2011/06/28 02:57:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

[2010/11/02 23:39:34 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/09/13 16:35:52 | 000,683,801 | ---- | C] () -- C:\Windows\unins000.exe

[2010/09/13 16:35:52 | 000,001,682 | ---- | C] () -- C:\Windows\unins000.dat

[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll

[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009/06/01 00:33:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009/04/06 17:51:44 | 000,001,776 | ---- | C] () -- C:\Windows\PCW170.ini

[2007/03/21 08:28:50 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.config

========== LOP Check ==========

[2010/09/22 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\acccore

[2011/08/29 01:10:12 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Barnes & Noble

[2011/09/06 02:09:22 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Bizarro DC++

[2011/09/05 22:35:30 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\DC++

[2011/10/14 12:11:23 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Peachtree

[2010/10/27 08:17:14 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Tific

[2011/10/14 12:08:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Aatrix Software

[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\acccore

[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AIM Toolbar

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2010/09/22 15:44:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ

[2010/11/29 17:06:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2011/01/01 17:08:42 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe

[2011/10/14 12:03:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Pervasive Software

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2009/09/04 17:58:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint

[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch

[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}

[2010/10/14 13:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2010/09/22 15:44:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}

[2012/01/24 18:14:31 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

Update: Things seem to be working now don't know why... I'm installing malwarebytes now

Share this post


Link to post
Share on other sites

Update: For some reason I can now install and run programs, I am installing malwarebytes now. One problem that still occurs however is if your right click a logo windows explorer freezes

Share this post


Link to post
Share on other sites

Please don't run anything or do anything without my instructions.

Start OTLPE as you did previously.

Copy the attached fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and dropfix.txtinto the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)

fix.txt

Share this post


Link to post
Share on other sites

OK heres the log

OTL logfile created on: 7/1/2012 4:31:02 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.41 Gb Total Space | 118.43 Gb Free Space | 41.35% Space Free | Partition Type: NTFS

Drive D: | 963.69 Mb Total Space | 962.28 Mb Free Space | 99.85% Space Free | Partition Type: FAT

Drive E: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.28% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/08/26 10:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] () [On_Demand] -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2011/06/20 10:31:32 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/09 10:07:22 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)

SRV - [2009/03/09 20:54:12 | 000,365,952 | ---- | M] () [Auto] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2009/02/24 18:04:52 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)

SRV - [2009/02/04 18:57:06 | 000,296,320 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)

SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/06/20 10:31:32 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)

DRV:64bit: - [2011/05/09 23:32:13 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS -- (SymNetS)

DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\Drivers\NAVx64\1207010.003\SRTSP64.SYS -- (SRTSP)

DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NAVx64\1207010.003\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NAVx64\1207010.003\symds64.sys -- (SymDS)

DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS -- (SymIRON)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/10/09 09:50:50 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2009/06/24 10:16:22 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/02/25 09:53:26 | 000,137,056 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2008/12/30 08:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV:64bit: - [2008/12/03 09:21:52 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/11/21 13:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2008/06/04 13:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2012/01/16 04:01:46 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\EX64.SYS -- (NAVEX15)

DRV - [2012/01/16 04:01:46 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20120130.021\ENG64.SYS -- (NAVENG)

DRV - [2011/12/15 19:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120128.002\IDSviA64.sys -- (IDSVia64)

DRV - [2011/11/30 22:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)

DRV - [2011/11/09 12:06:44 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/06/28 02:57:37 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cnnb

IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://myub.buffalo.edu/myub/pw/template/myub.html

IE - HKU\Marty_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Marty_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Mcx1-MARTY-PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_0_1.dll ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/09/22 15:42:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2012/06/30 22:12:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/05 00:44:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 17:39:46 | 000,000,000 | ---D | M]

[2011/11/15 17:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/01/05 00:44:54 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/11/04 18:54:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/11/04 23:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/04 23:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)

O3 - HKU\Marty_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKU\LocalService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] File not found

O4 - HKU\Marty_ON_C..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)

O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] File not found

O4 - Startup: Error locating startup folders.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\Marty_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - File not found

64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found

64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 14:45:23 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/06/30 22:04:34 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012/06/30 22:04:34 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012/06/30 21:27:18 | 000,000,000 | -HSD | C] -- C:\found.016

[2012/06/30 19:52:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview

[2012/06/30 19:52:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2012/06/30 17:50:20 | 000,000,000 | ---D | C] -- C:\Users\Marty\AppData\Roaming\Malwarebytes

[2012/06/30 17:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/30 17:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/30 17:50:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/06/30 17:50:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/06/30 14:20:44 | 000,000,000 | ---D | C] -- C:\609e82835773b7b852

[2012/06/29 18:22:43 | 000,000,000 | ---D | C] -- C:\FRST

[2012/06/28 19:49:43 | 000,000,000 | ---D | C] -- C:\NBRT

[2012/06/28 15:02:20 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys

[2012/06/28 15:02:19 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll

[2012/06/28 15:02:19 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll

[2012/06/28 15:02:19 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imagehlp.dll

[2012/06/28 15:02:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll

[2012/06/28 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Chameleon

[2012/06/28 14:22:51 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012/06/28 14:22:50 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2012/06/28 14:22:48 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/06/28 14:22:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/06/28 14:22:48 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/06/28 14:22:48 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/06/28 14:22:48 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll

[2012/06/28 14:22:48 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/06/28 14:22:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll

[2012/06/28 14:22:11 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll

[2012/06/28 14:22:11 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll

[2012/06/28 14:22:11 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys

[2012/06/28 14:22:10 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012/06/28 14:22:09 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/06/28 14:22:08 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/06/28 14:21:59 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012/06/28 14:21:59 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll

[2012/06/28 14:21:47 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2012/06/28 14:21:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/06/28 14:21:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll

[2012/06/28 14:21:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll

[2012/06/28 14:21:43 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe

[2012/06/28 14:17:44 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll

[2012/06/28 14:17:42 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msi.dll

[2012/06/28 14:16:13 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll

[2012/06/28 14:16:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll

[2012/06/28 13:13:18 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/06/28 13:13:18 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe

[2012/06/28 13:13:18 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/06/28 13:13:00 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/06/28 13:13:00 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/06/28 13:13:00 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/06/28 13:12:41 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/06/28 13:12:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/06/28 00:58:59 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\Windows 7 Tools.{ED7BA470-8E54-465E-825C-99712043E01C}

[2012/06/28 00:40:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe

[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/01 15:13:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/01 15:13:41 | 000,864,552 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_41_00012960.dmp

[2012/07/01 15:13:24 | 000,872,715 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_23_0000e520.dmp

[2012/07/01 15:13:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2012/07/01 15:13:07 | 3144,904,704 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/01 02:17:28 | 000,854,906 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_28_0000fc0a.dmp

[2012/07/01 02:17:22 | 000,857,349 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_22_0000e37b.dmp

[2012/07/01 02:16:56 | 000,867,429 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_16_55_00007ae9.dmp

[2012/07/01 01:36:53 | 001,955,557 | -H-- | M] () -- C:\Users\Marty\AppData\Local\IconCache.db

[2012/07/01 01:24:26 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/01 01:24:26 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/30 22:18:25 | 000,728,186 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2012/06/30 22:18:25 | 000,625,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/30 22:18:25 | 000,107,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/30 22:12:34 | 000,861,073 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_34_00012aa8.dmp

[2012/06/30 22:12:29 | 000,860,821 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_29_0001145a.dmp

[2012/06/30 22:12:11 | 000,859,932 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_11_0000cea3.dmp

[2012/06/30 22:09:19 | 002,009,432 | ---- | M] () -- C:\Windows\System32\drivers\NAVx64\1207010.003\Cat.DB

[2012/06/30 21:58:02 | 000,859,296 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_58_02_00016660.dmp

[2012/06/30 21:57:54 | 000,858,390 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_54_0001475b.dmp

[2012/06/30 21:57:34 | 000,853,746 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_31_0000f102.dmp

[2012/06/30 21:43:20 | 000,861,111 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_20_0001e0bd.dmp

[2012/06/30 21:43:14 | 000,858,358 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_14_0001c908.dmp

[2012/06/30 21:42:29 | 000,871,502 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_42_28_00011728.dmp

[2012/06/30 21:42:06 | 000,447,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/06/30 21:30:31 | 000,859,144 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_31_00018c66.dmp

[2012/06/30 21:30:26 | 000,855,984 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_25_000175cb.dmp

[2012/06/30 21:29:59 | 000,849,792 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_29_56_00010222.dmp

[2012/06/30 20:35:24 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/06/30 20:33:14 | 000,871,100 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_14_00021b3d.dmp

[2012/06/30 20:33:05 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus

[2012/06/30 20:33:02 | 000,872,810 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_01_0001e9e1.dmp

[2012/06/30 20:32:34 | 000,857,389 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_32_33_00017ba4.dmp

[2012/06/30 20:06:48 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll

[2012/06/30 20:06:48 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll

[2012/06/30 19:16:52 | 000,863,113 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_51_00014f66.dmp

[2012/06/30 19:16:45 | 000,854,116 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_45_000136d8.dmp

[2012/06/30 19:16:24 | 000,868,541 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_22_0000dcb7.dmp

[2012/06/30 18:41:40 | 000,858,419 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_40_00016151.dmp

[2012/06/30 18:41:30 | 000,863,648 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_30_0001386d.dmp

[2012/06/30 18:41:11 | 000,858,823 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_10_0000eb95.dmp

[2012/06/30 18:39:55 | 000,006,584 | ---- | M] () -- C:\bootsqm.dat

[2012/06/30 18:07:49 | 000,862,110 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_49_000102ec.dmp

[2012/06/30 18:07:40 | 000,866,266 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_40_0000e08e.dmp

[2012/06/30 18:07:20 | 000,870,083 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_19_00008ce3.dmp

[2012/06/30 17:59:27 | 000,853,236 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_26_00013429.dmp

[2012/06/30 17:59:21 | 000,855,669 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_21_00011ddc.dmp

[2012/06/30 17:58:50 | 000,857,918 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_58_48_00009c00.dmp

[2012/06/30 17:58:30 | 000,028,672 | ---- | M] () -- C:\BCD_BACKUP

[2012/06/30 17:50:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/30 17:36:04 | 000,863,697 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_36_04_00018fff.dmp

[2012/06/30 17:35:58 | 000,864,121 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_58_000177dd.dmp

[2012/06/30 17:35:39 | 000,853,803 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_37_00012654.dmp

[2012/06/30 15:29:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works

[2012/06/30 14:23:23 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini

[2012/06/30 14:19:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/06/30 14:03:50 | 000,853,576 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp

[2012/06/30 14:03:43 | 000,861,303 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp

[2012/06/30 14:02:56 | 000,853,038 | ---- | M] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp

[2012/06/29 18:59:32 | 001,428,039 | ---- | M] () -- C:\Users\Marty\Desktop\FRST64.exe

[2012/06/28 16:58:12 | 000,001,209 | ---- | M] () -- C:\Users\Marty\Desktop\cmd.exe.lnk

[2012/06/28 16:41:13 | 000,294,400 | ---- | M] () -- C:\Users\Marty\Desktop\exeHelper.com

[2012/06/28 15:09:24 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI

[2012/06/28 00:40:33 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marty\Desktop\asde.exe

[2012/06/28 00:37:52 | 292,176,077 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe

[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

[1 C:\Users\Marty\Documents\*.tmp files -> C:\Users\Marty\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/01 15:13:41 | 000,864,552 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_41_00012960.dmp

[2012/07/01 15:13:23 | 000,872,715 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_15_13_23_0000e520.dmp

[2012/07/01 02:17:28 | 000,854,906 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_28_0000fc0a.dmp

[2012/07/01 02:17:22 | 000,857,349 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_17_22_0000e37b.dmp

[2012/07/01 02:16:55 | 000,867,429 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_07_01_02_16_55_00007ae9.dmp

[2012/06/30 22:12:34 | 000,861,073 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_34_00012aa8.dmp

[2012/06/30 22:12:29 | 000,860,821 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_29_0001145a.dmp

[2012/06/30 22:12:11 | 000,859,932 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_22_12_11_0000cea3.dmp

[2012/06/30 21:58:02 | 000,859,296 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_58_02_00016660.dmp

[2012/06/30 21:57:54 | 000,858,390 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_54_0001475b.dmp

[2012/06/30 21:57:31 | 000,853,746 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_57_31_0000f102.dmp

[2012/06/30 21:43:20 | 000,861,111 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_20_0001e0bd.dmp

[2012/06/30 21:43:14 | 000,858,358 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_43_14_0001c908.dmp

[2012/06/30 21:42:28 | 000,871,502 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_42_28_00011728.dmp

[2012/06/30 21:30:31 | 000,859,144 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_31_00018c66.dmp

[2012/06/30 21:30:25 | 000,855,984 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_30_25_000175cb.dmp

[2012/06/30 21:29:56 | 000,849,792 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_21_29_56_00010222.dmp

[2012/06/30 20:33:14 | 000,871,100 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_14_00021b3d.dmp

[2012/06/30 20:33:01 | 000,872,810 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_33_01_0001e9e1.dmp

[2012/06/30 20:32:33 | 000,857,389 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_20_32_33_00017ba4.dmp

[2012/06/30 19:16:51 | 000,863,113 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_51_00014f66.dmp

[2012/06/30 19:16:45 | 000,854,116 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_45_000136d8.dmp

[2012/06/30 19:16:22 | 000,868,541 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_19_16_22_0000dcb7.dmp

[2012/06/30 18:41:40 | 000,858,419 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_40_00016151.dmp

[2012/06/30 18:41:30 | 000,863,648 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_30_0001386d.dmp

[2012/06/30 18:41:10 | 000,858,823 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_41_10_0000eb95.dmp

[2012/06/30 18:39:55 | 000,006,584 | ---- | C] () -- C:\bootsqm.dat

[2012/06/30 18:07:49 | 000,862,110 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_49_000102ec.dmp

[2012/06/30 18:07:40 | 000,866,266 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_40_0000e08e.dmp

[2012/06/30 18:07:19 | 000,870,083 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_18_07_19_00008ce3.dmp

[2012/06/30 17:59:26 | 000,853,236 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_26_00013429.dmp

[2012/06/30 17:59:21 | 000,855,669 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_59_21_00011ddc.dmp

[2012/06/30 17:58:48 | 000,857,918 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_58_48_00009c00.dmp

[2012/06/30 17:58:29 | 000,028,672 | ---- | C] () -- C:\BCD_BACKUP

[2012/06/30 17:36:04 | 000,863,697 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_36_04_00018fff.dmp

[2012/06/30 17:35:58 | 000,864,121 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_58_000177dd.dmp

[2012/06/30 17:35:37 | 000,853,803 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_17_35_37_00012654.dmp

[2012/06/30 14:10:37 | 001,428,039 | ---- | C] () -- C:\Users\Marty\Desktop\FRST64.exe

[2012/06/30 14:03:50 | 000,853,576 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_50_0001bd17.dmp

[2012/06/30 14:03:43 | 000,861,303 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_03_43_0001a275.dmp

[2012/06/30 14:02:53 | 000,853,038 | ---- | C] () -- C:\Windows\SysWow64\AAWService__2012_06_30_14_02_53_0000e08e.dmp

[2012/06/28 16:53:37 | 000,001,209 | ---- | C] () -- C:\Users\Marty\Desktop\cmd.exe.lnk

[2012/06/28 16:40:51 | 000,294,400 | ---- | C] () -- C:\Users\Marty\Desktop\exeHelper.com

[2012/06/28 15:09:24 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2012/06/28 13:20:43 | 001,955,557 | -H-- | C] () -- C:\Users\Marty\AppData\Local\IconCache.db

[2012/01/25 19:56:50 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll

[2011/10/14 12:11:28 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/10/14 12:03:29 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2011/07/07 02:28:22 | 001,193,320 | ---- | C] () -- C:\Windows\SysWow64\FM20.DLL

[2011/06/28 02:57:46 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat

[2011/06/28 02:57:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

[2010/11/02 23:39:34 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/09/22 20:25:56 | 000,122,720 | ---- | C] () -- C:\Users\Marty\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/09/13 16:35:52 | 000,683,801 | ---- | C] () -- C:\Windows\unins000.exe

[2010/09/13 16:35:52 | 000,001,682 | ---- | C] () -- C:\Windows\unins000.dat

[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 01:32:39 | 000,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

[2009/07/14 01:32:39 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/14 01:32:39 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/14 01:32:39 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 22:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini

[2009/07/13 22:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini

[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll

[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009/06/01 00:33:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009/04/06 17:51:44 | 000,001,776 | ---- | C] () -- C:\Windows\PCW170.ini

[2007/03/21 08:28:50 | 000,000,634 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.manifest

[2007/03/21 08:28:50 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.config

[2006/11/02 08:34:27 | 000,000,219 | ---- | C] () -- C:\Windows\win.ini

========== LOP Check ==========

[2010/09/22 15:55:16 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\acccore

[2011/08/29 01:10:12 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Barnes & Noble

[2011/09/06 02:09:22 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Bizarro DC++

[2011/09/05 22:35:30 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\DC++

[2011/10/14 12:11:23 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Peachtree

[2010/10/27 08:17:14 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Tific

[2011/10/14 12:08:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Aatrix Software

[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\acccore

[2010/09/22 15:43:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AIM Toolbar

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2010/09/22 15:44:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ

[2010/11/29 17:06:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2011/01/01 17:08:42 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe

[2011/10/14 12:03:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Pervasive Software

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2009/09/04 17:58:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint

[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch

[2010/09/22 15:44:28 | 000,000,000 | ---D | M] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}

[2010/10/14 13:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2010/09/22 15:44:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}

[2012/01/24 18:14:31 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Share this post


Link to post
Share on other sites

This is not the Fix log file, this is a new log file. For some reason your script was not activated. Are you sure that you follow the instructions strictly?

Share this post


Link to post
Share on other sites

Oh sorry do you mean this log

========== OTL ==========

Registry value HKEY_USERS\Marty_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.

HKEY_LOCAL_MACHINE\Software\Classes\.com\shell\open\command\\|"%1" %* /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.com\shell\open\command\\|"%1" %* /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!

HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Marty

->Temp folder emptied: 44960347 bytes

->Temporary Internet Files folder emptied: 6261109857 bytes

->FireFox cache emptied: 67882928 bytes

->Flash cache emptied: 11205123 bytes

User: Mcx1-MARTY-PC

->Temp folder emptied: 518 bytes

->Temporary Internet Files folder emptied: 304365 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1781081878 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36163745 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes

Total Files Cleaned = 7,823.00 mb

OTLPE by OldTimer - Version 3.1.48.0 log created on 07012012_144523

Share this post


Link to post
Share on other sites

That's correct! :)

Now boot in Normal mode and:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Share this post


Link to post
Share on other sites

So once I was able to install I ran MBAM, so I'll post that log(since it found sometihng) and the most recent. Here they are

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.30.07

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Marty :: MARTY-PC [administrator]

6/30/2012 5:51:01 PM

mbam-log-2012-06-30 (17-51-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 241337

Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Heres the most recent one

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.02.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Marty :: MARTY-PC [administrator]

7/2/2012 9:27:47 PM

mbam-log-2012-07-02 (21-27-47).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 237222

Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Good! We have some progress.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

Alright it found something heres the log,

ComboFix 12-07-02.01 - Marty 07/03/2012 19:46:27.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3999.2800 [GMT -4:00]

Running from: c:\users\Marty\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Marty\Documents\~WRL0003.tmp

c:\windows\security\Database\tmp.edb

.

Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))

.

.

2012-07-03 23:55 . 2012-07-03 23:55 -------- d-----w- c:\users\Mcx1-MARTY-PC\AppData\Local\temp

2012-07-03 23:55 . 2012-07-03 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-01 18:45 . 2012-07-01 18:45 -------- d-----w- C:\_OTL

2012-07-01 02:04 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-01 02:04 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-01 01:27 . 2012-07-01 01:27 -------- d-----w- C:\found.016

2012-07-01 00:02 . 2012-07-01 00:31 -------- d-----w- c:\windows\system32\drivers\NAVx64\1207010.003

2012-06-30 23:52 . 2012-06-30 23:52 -------- d-----w- c:\windows\system32\SPReview

2012-06-30 23:52 . 2012-06-30 23:52 -------- d-----w- c:\windows\system32\EventProviders

2012-06-30 21:50 . 2012-06-30 21:50 -------- d-----w- c:\users\Marty\AppData\Roaming\Malwarebytes

2012-06-30 21:50 . 2012-06-30 21:50 -------- d-----w- c:\programdata\Malwarebytes

2012-06-30 21:50 . 2012-06-30 21:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-30 21:50 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-30 18:20 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C93F422-9ED3-4CB6-B709-4A9BF1E633E5}\mpengine.dll

2012-06-30 18:20 . 2012-06-30 18:21 -------- d-----w- C:\609e82835773b7b852

2012-06-29 22:22 . 2012-06-30 18:11 -------- d-----w- C:\FRST

2012-06-28 23:49 . 2012-06-30 21:47 -------- d-----w- C:\NBRT

2012-06-28 19:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-06-28 19:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-06-28 19:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-06-28 19:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-06-28 19:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-06-28 19:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-06-28 19:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-06-28 18:21 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-06-28 18:21 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-06-28 18:21 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-28 18:21 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-28 18:21 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-28 18:21 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-28 18:17 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-28 18:17 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-28 18:16 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-28 18:16 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-28 18:16 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-28 18:16 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-28 18:16 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-28 18:16 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-28 18:15 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-06-28 18:15 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-06-28 18:15 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-06-28 18:15 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe

2012-06-28 18:15 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-06-28 18:15 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-06-28 18:15 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-06-28 17:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-28 17:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-28 17:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-28 17:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-28 17:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-28 17:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-28 17:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-28 17:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-28 17:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-01 00:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-07-01 00:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-06-20 2151128]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-05 222512]

R3 EraserUtilDrv11010;EraserUtilDrv11010;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [x]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-06-28 17152]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-23 1255736]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-06-20 69376]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS [2011-01-27 450680]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS [2011-03-15 912504]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-01 1157240]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20120128.002\IDSvia64.sys [2011-12-15 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS [2011-01-27 171128]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1207010.003\SYMNETS.SYS [2011-04-21 386168]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 23040]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe [2011-04-17 130008]

S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2009-04-07 435496]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2009-03-10 365952]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-02-04 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-02-24 116104]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-12-30 68608]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 129536]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-02-25 137056]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://myub.buffalo.edu/myub/pw/template/myub.html

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab

FF - ProfilePath - c:\users\Marty\AppData\Roaming\Mozilla\Firefox\Profiles\ubmnghfz.default\

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

.

**************************************************************************

.

Completion time: 2012-07-03 20:04:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-04 00:04

.

Pre-Run: 142,698,676,224 bytes free

Post-Run: 142,565,801,984 bytes free

.

- - End Of File - - 49155A1C95E320B4EE743CFAF0EC643B

Share this post


Link to post
Share on other sites

I also noticed that it said I had windows defender on in the logs.. Didn't even know that was active, should I re do the scan with it off?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.