Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Possible Virus - Delta Search, Babylon.Toolbar

  1. #1
    Member
    Join Date
    Mar 2012
    Posts
    46

    Default Possible Virus - Delta Search, Babylon.Toolbar

    Hi there,

    I'm posting this on behalf of my Dad since his PC (which was my old one) appears to be infected.

    Last night, a toolbar called delta-search appeared on his computer in both Internet Explorer and Firefox. It changed both browser's home page's to delta-search and WOT flagged it as unsafe. I won't post the link unless you want me to. Don't want anyone clicking on it and getting infected.

    Today, I updated both Spybot S&D2 and Malwarebytes. I then immunized with Spybot and ran a scan. The scan in Spybot showed 'Babylon.Toolbar' at lvl5 as well as 17 or so other results. I clicked fix, re-scanned, and 5 more results showed but I'm not sure if they were nasties or not. After that, I ran a full scan in Malwarebytes. That showed 3 results but they were my Dad's game cheat things. I know he's risking infection by downloading those stupid cheats but I'll just get my head bitten off if I tell him not to do it.

    ----------

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
    Run by lauren at 14:35:55 on 2013-05-13
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.2047.867 [GMT 10:00]
    .
    AV: BitDefender Antivirus *Disabled/Outdated* {5988F8C3-A12C-B8DD-7291-D5248C8353F8}
    SP: BitDefender Antispyware *Disabled/Outdated* {E2E91927-8716-B753-4821-EE56F7041945}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    FW: BitDefender Firewall *Enabled* {61B379E6-EB43-B985-59CE-7C1172501483}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\TeamViewer\Version8\TeamViewer.exe
    C:\Program Files\TeamViewer\Version8\tv_w32.exe
    C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ipstar.com.au/nbn/
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: BitDefender Toolbar: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [BlazeServoTool] "c:\program files\blazevideo\blazedvd 5 professional\MediaDetector.exe"
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
    mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAC0ATgBHAFUATgBSAC0AVgBWAEwAUQBVAC0ANAA5AEQAMABBAC0AMwBDAEIAMwBDAC0AOQA0AFkANABWAA"&"inst=NwA2AC0AMQAwADEAMQA2ADUAMAA3ADEANwAtAFgATwAzADYAKwAxAC0ARABEAFQAKwAwAC0AUAA5ADAAVABCACsAMgAtAE4AMQBEACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0AUABMACsAOQAtAFAAOQAwAE0AMQAyAEMAKwAxAC0AVQA5ADUAKwAxAC0AVABCACsAMQA"&"prod=94"&"ver=9.0.914
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{305EE8BF-5C5A-4252-A9EB-0BF282A6E190} : DHCPNameServer = 192.168.2.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\lauren\appdata\roaming\mozilla\firefox\profiles\7v4sz15g.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5e31e552-b1ca-4ee0-bf68-b57acaa94126%7D&mid=53ec061cf0c73e93f535ca82e6ed2b77-b1cb44c9957b677d6d9565446c14d635b3dd8bff&ds=AVG&v=9.0.0.18.1&lang=us&pr=&d=2011-12-30%2018%3A41%3A32&sap=ku&q=
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\programdata\avg secure search\9.0.0.18\components\toolbarhomewmp.dll
    FF - component: c:\users\lauren\appdata\roaming\mozilla\firefox\profiles\7v4sz15g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
    FF - component: c:\users\lauren\appdata\roaming\mozilla\firefox\profiles\7v4sz15g.default\extensions\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}\components\PriceGongFF.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\battlelog web plugins\1.104.0\npesnlaunch.dll
    FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
    FF - ExtSQL: 2013-03-22 15:20; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\lauren\appdata\roaming\mozilla\firefox\profiles\7v4sz15g.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - ExtSQL: 2013-04-01 16:53; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 72200]
    R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2009-10-19 79368]
    R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-9-22 83208]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-3-21 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-3-21 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-3-21 168384]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
    R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-3-23 3574624]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
    R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-11-10 152456]
    R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
    S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-14 265088]
    S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-14 11904]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-24 14848]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-24 49664]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-18 1343400]
    .
    =============== Created Last 30 ================
    .
    2013-05-12 09:44:25 -------- d-----w- c:\programdata\BrowserProtect
    2013-05-12 09:41:09 -------- d-----w- c:\programdata\Tarma Installer
    2013-05-12 09:40:25 -------- d-----w- c:\program files\TornTV.com
    2013-05-11 11:07:50 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{60dea222-2119-475c-9550-11c04847871e}\offreg.dll
    2013-05-10 10:01:54 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{60dea222-2119-475c-9550-11c04847871e}\mpengine.dll
    2013-05-03 03:30:13 -------- d-----w- c:\users\lauren\appdata\local\DDMSettings
    2013-04-25 09:04:35 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2013-04-25 09:04:35 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2013-04-25 09:04:34 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2013-04-23 23:24:41 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-23 01:40:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-04-22 05:44:12 163504 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10144.bin
    2013-04-17 03:59:35 -------- d-----w- C:\Nexon
    2013-04-17 03:59:34 -------- d-----w- c:\programdata\NexonUS
    .
    ==================== Find3M ====================
    .
    2013-05-06 23:49:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-05-06 23:49:37 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-01 16:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-04 04:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-22 08:48:46 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-03-21 00:37:36 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-03-21 00:37:36 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
    2013-03-01 03:09:59 2347008 ----a-w- c:\windows\system32\win32k.sys
    2013-02-25 13:22:36 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll
    2013-02-25 13:22:36 1017120 ----a-w- c:\windows\system32\nvdispco32.dll
    2013-02-25 13:22:34 6262608 ----a-w- c:\windows\system32\nvopencl.dll
    2013-02-25 13:22:32 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
    2013-02-25 13:22:32 2505144 ----a-w- c:\windows\system32\nvapi.dll
    2013-02-25 13:22:32 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll
    2013-02-25 13:22:30 15129960 ----a-w- c:\windows\system32\nvd3dum.dll
    2013-02-25 13:22:26 7932256 ----a-w- c:\windows\system32\nvcuda.dll
    2013-02-25 13:22:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
    2013-02-25 13:22:08 20449056 ----a-w- c:\windows\system32\nvoglv32.dll
    2013-02-25 13:22:06 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2013-02-25 13:22:06 2720544 ----a-w- c:\windows\system32\nvcuvid.dll
    2013-02-21 10:30:16 1766912 ----a-w- c:\windows\system32\wininet.dll
    2013-02-21 10:29:39 2877440 ----a-w- c:\windows\system32\jscript9.dll
    2013-02-21 10:29:37 61440 ----a-w- c:\windows\system32\iesetup.dll
    2013-02-21 10:29:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2013-02-19 12:01:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-02-19 11:10:53 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    .
    ============= FINISH: 14:36:28.68 ===============


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-05-13 14:42:43
    -----------------------------
    14:42:43.976 OS Version: Windows 6.1.7601 Service Pack 1
    14:42:43.976 Number of processors: 4 586 0x1707
    14:42:43.976 ComputerName: LAUREN-PC UserName: lauren
    14:42:48.281 Initialize success
    14:44:05.501 AVAST engine download error: 0
    14:45:10.881 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    14:45:10.881 Disk 0 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
    14:45:10.974 Disk 0 MBR read successfully
    14:45:10.974 Disk 0 MBR scan
    14:45:10.974 Disk 0 Windows 7 default MBR code
    14:45:10.990 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    14:45:11.021 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
    14:45:11.021 Disk 0 scanning sectors +976771072
    14:45:11.099 Disk 0 scanning C:\Windows\system32\drivers
    14:45:17.386 Service scanning
    14:45:31.504 Modules scanning
    14:45:37.681 Disk 0 trace - called modules:
    14:45:37.697 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
    14:45:38.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b01890]
    14:45:38.212 3 CLASSPNP.SYS[8320459e] -> nt!IofCallDriver -> [0x859c7918]
    14:45:38.212 5 ACPI.sys[88acc3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x859c5908]
    14:45:38.227 Scan finished successfully
    14:46:05.481 Disk 0 MBR has been saved successfully to "C:\Users\lauren\Desktop\MBR.dat"
    14:46:05.481 The log file has been saved successfully to "C:\Users\lauren\Desktop\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Luney Loz,

    Thanks for being so patient.

    1. Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    =========================

    2. AdwCleaner

    Download AdwCleaner to your desktop.

    Right click and select "Run as Administrator".
    • Run AdwCleaner and select Delete
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply

    =========================

    3. OTL

    • Download OTL to your desktop.
    • Make sure all other windows are closed and to let it run uninterrupted.

      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.

    =========================

    In your next post please provide the following:
    • checkup.txt
    • AdwCleaner.txt
    • OTL.txt
    • Extras.txt
    • Describe any symptoms you are experiencing.
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  3. #3
    Member
    Join Date
    Mar 2012
    Posts
    46

    Default

    Results of screen317's Security Check version 0.99.63
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    BitDefender Antivirus
    Antivirus out of date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 21
    Adobe Flash Player 11.7.700.202
    Adobe Reader XI
    Mozilla Firefox (21.0)
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    Common Files BitDefender BitDefender Update Service livesrv.exe
    BitDefender BitDefender 2010 vsserv.exe
    BitDefender BitDefender 2010 bdagent.exe
    BitDefender BitDefender 2010 seccenter.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    ---------

    OTL logfile created on: 21/05/2013 9:27:26 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lauren\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.91% Memory free
    4.00 Gb Paging File | 2.99 Gb Available in Paging File | 74.74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.66 Gb Total Space | 334.82 Gb Free Space | 71.90% Space Free | Partition Type: NTFS
    Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: LAUREN-PC | User Name: lauren | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Lauren\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
    PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
    PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
    PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
    PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
    PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
    PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
    PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
    PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
    PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Lauren\AppData\Local\Temp\CmdLineExt03.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
    MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
    MOD - C:\Program Files\WinRAR\RarExt.dll ()
    MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
    MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
    MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
    MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
    MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
    MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
    MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files\BitDefender\BitDefender 2010\framework.dll ()
    MOD - C:\Windows\System32\txmlutil.dll ()


    ========== Services (SafeList) ==========

    SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
    SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
    SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
    SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
    SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
    SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
    DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
    DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
    DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
    DRV - (cusbohcn) -- C:\Users\Lauren\AppData\Local\Temp\cusbohcn.sys ()
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
    DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
    DRV - (BDFM) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
    DRV - (bdfwfpf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
    DRV - (BdfNdisf) -- C:\Windows\System32\drivers\BdfNdisf6.sys (BitDefender LLC)
    DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
    DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
    DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
    DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
    DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
    DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
    DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
    DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
    DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
    DRV - (RT61) -- C:\Windows\System32\drivers\rt61.sys (Ralink Technology Corp.)
    DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ipstar.com.au/nbn/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 67 70 F8 11 DA CA 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=726
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{800AD787-4E99-402F-AB8A-3C9F0B8BF537}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.order.2: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111253,17023,0,16,0"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com"
    FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
    FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.1
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
    FF - prefs.js..extensions.enabledItems: clickclean@hotcleaner.com:3.6.5.0
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
    FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.18.1
    FF - prefs.js..extensions.enabledItems: addon@defaulttab.com:1.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.2.20111006100951
    FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.0
    FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={101A0EC6-CB3D-495A-B32F-16F906F795F9}&Version=3.6.5&Vintage=20111253&Defaultbrowserid=16&Productid=2723&Vendorid=6384&Offerid=17029&searchterm="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/06/06 18:51:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/04/01 15:53:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/19 19:24:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/19 19:24:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/19 19:24:30 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/19 19:24:25 | 000,000,000 | ---D | M]

    [2012/04/20 20:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions
    [2012/04/20 20:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2013/05/21 21:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions
    [2013/05/17 08:07:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2013/03/28 16:28:44 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions\clickclean@hotcleaner.com
    [2013/05/09 21:01:13 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/05/19 19:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/05/19 19:24:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/04/01 15:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

    O1 HOSTS File: ([2013/05/13 12:47:01 | 000,447,225 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15354 more lines...
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
    O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
    O4 - HKCU..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe" File not found
    O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O13 - gopher Prefix: missing
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{305EE8BF-5C5A-4252-A9EB-0BF282A6E190}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/09/05 00:37:47 | 001,064,960 | R--- | M] (Codemasters Software Co.) - D:\Autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2009/09/17 23:10:53 | 000,000,067 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{097c7de7-4204-11df-b3c8-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{097c7de7-4204-11df-b3c8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/09/05 00:37:47 | 001,064,960 | R--- | M] (Codemasters Software Co.)
    O33 - MountPoints2\{56cde57c-72c7-11df-8715-002215977ef7}\Shell - "" = AutoRun
    O33 - MountPoints2\{56cde57c-72c7-11df-8715-002215977ef7}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{fffa45f9-6365-11e1-bb8d-002215977ef7}\Shell - "" = AutoRun
    O33 - MountPoints2\{fffa45f9-6365-11e1-bb8d-002215977ef7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/05/21 21:08:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\lauren\Desktop\OTL.exe
    [2013/05/19 19:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/05/18 16:55:00 | 000,000,000 | ---D | C] -- C:\Users\lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2013/05/15 21:14:18 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/05/15 21:14:17 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/05/15 21:14:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2013/05/15 21:14:17 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/05/15 21:14:16 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/05/15 21:14:16 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/05/15 21:14:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2013/05/15 21:14:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2013/05/15 21:14:16 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2013/05/15 21:14:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2013/05/15 17:22:42 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/05/15 17:22:41 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
    [2013/05/15 17:22:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2013/05/15 17:22:29 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
    [2013/05/13 14:55:42 | 000,000,000 | ---D | C] -- C:\Users\lauren\Desktop\Spybot Forums
    [2013/05/03 13:30:13 | 000,000,000 | ---D | C] -- C:\Users\lauren\AppData\Local\DDMSettings
    [2013/04/25 19:04:35 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
    [2013/04/25 19:04:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
    [2013/04/25 19:04:34 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
    [2013/04/23 11:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2013/04/23 11:40:58 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2013/04/23 11:40:58 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2013/04/23 11:40:58 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2013/04/23 11:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/05/21 21:27:07 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/05/21 21:27:07 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/05/21 21:26:56 | 000,636,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/05/21 21:26:56 | 000,114,234 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/05/21 21:19:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/05/21 21:19:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/05/21 21:19:46 | 1609,867,264 | -HS- | M] () -- C:\hiberfil.sys
    [2013/05/21 21:17:46 | 000,000,106 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/05/21 21:08:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lauren\Desktop\OTL.exe
    [2013/05/21 21:08:15 | 000,632,031 | ---- | M] () -- C:\Users\lauren\Desktop\AdwCleaner.exe
    [2013/05/21 21:06:21 | 000,890,825 | ---- | M] () -- C:\Users\lauren\Desktop\SecurityCheck.exe
    [2013/05/21 20:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/05/21 20:39:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/05/18 16:54:53 | 000,000,551 | ---- | M] () -- C:\Windows\eReg.dat
    [2013/05/17 22:54:15 | 000,000,024 | ---- | M] () -- C:\Users\lauren\random.dat
    [2013/05/17 20:13:20 | 000,000,024 | ---- | M] () -- C:\Users\lauren\jagexappletviewer.preferences
    [2013/05/17 17:51:09 | 000,000,032 | ---- | M] () -- C:\Users\lauren\jagex_cl_runescape_LIVE.dat
    [2013/05/16 21:39:43 | 000,000,132 | ---- | M] () -- C:\Windows\System32\rezumatenoi.dat
    [2013/05/16 16:54:50 | 000,310,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/05/15 18:50:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/05/15 18:50:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/05/13 14:46:05 | 000,000,512 | ---- | M] () -- C:\Users\lauren\Desktop\MBR.dat
    [2013/05/13 12:47:01 | 000,447,225 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/05/13 12:34:44 | 000,447,225 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130513-124701.backup
    [2013/05/10 20:18:40 | 000,001,457 | ---- | M] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising v1.0 + 4 Trainer - Shortcut.lnk
    [2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2013/04/29 19:20:43 | 000,000,250 | ---- | M] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising.lnk
    [2013/04/28 16:48:17 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
    [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/05/21 21:17:42 | 000,000,106 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/05/21 21:08:09 | 000,632,031 | ---- | C] () -- C:\Users\lauren\Desktop\AdwCleaner.exe
    [2013/05/21 21:06:16 | 000,890,825 | ---- | C] () -- C:\Users\lauren\Desktop\SecurityCheck.exe
    [2013/05/18 16:54:53 | 000,000,551 | ---- | C] () -- C:\Windows\eReg.dat
    [2013/05/13 14:46:05 | 000,000,512 | ---- | C] () -- C:\Users\lauren\Desktop\MBR.dat
    [2013/05/10 20:18:40 | 000,001,457 | ---- | C] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising v1.0 + 4 Trainer - Shortcut.lnk
    [2013/04/29 19:20:43 | 000,000,250 | ---- | C] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising.lnk
    [2013/04/07 11:41:10 | 000,000,045 | ---- | C] () -- C:\Users\lauren\jagex_cl_oldschool_LIVE.dat
    [2013/04/07 11:41:10 | 000,000,024 | ---- | C] () -- C:\Users\lauren\random.dat
    [2013/03/23 20:42:08 | 000,000,032 | ---- | C] () -- C:\Users\lauren\jagex_cl_runescape_LIVE.dat
    [2013/03/23 20:41:07 | 000,000,024 | ---- | C] () -- C:\Users\lauren\jagexappletviewer.preferences
    [2012/04/27 17:21:30 | 000,000,057 | ---- | C] () -- C:\Users\lauren\AppData\Roaming\mbam.context.scan
    [2012/01/05 06:59:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2012/01/05 06:57:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2012/01/04 15:45:43 | 000,022,328 | ---- | C] () -- C:\Users\lauren\AppData\Roaming\PnkBstrK.sys
    [2012/01/04 15:45:21 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2012/01/01 12:53:24 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2010/05/31 21:47:27 | 000,000,025 | ---- | C] () -- C:\Users\lauren\AppData\Roaming\bdfvconp.ini
    [2010/04/27 20:43:08 | 000,000,000 | ---- | C] () -- C:\Users\lauren\AppData\Local\prvlcl.dat
    [2010/04/19 19:38:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\6AC54BA7A2.sys
    [2010/04/19 19:38:41 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2010/04/12 23:33:09 | 000,000,087 | ---- | C] () -- C:\Users\lauren\jagex_runescape_preferences2.dat
    [2010/04/12 23:33:09 | 000,000,000 | ---- | C] () -- C:\Users\lauren\jagex__preferences3.dat
    [2010/04/12 23:29:28 | 000,000,042 | ---- | C] () -- C:\Users\lauren\jagex_runescape_preferences.dat
    [2010/04/07 18:00:49 | 000,007,597 | ---- | C] () -- C:\Users\lauren\AppData\Local\Resmon.ResmonCfg

    ========== ZeroAccess Check ==========

    [2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 14:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/05/30 13:33:52 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\BitDefender
    [2013/05/13 12:09:02 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\Mumble
    [2012/01/04 15:21:31 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\Origin
    [2013/03/27 15:20:19 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\raidcall
    [2013/05/02 14:02:43 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\Screaming Bee
    [2013/03/23 21:11:07 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\TeamViewer
    [2012/04/20 20:54:17 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\TomTom
    [2012/02/13 18:03:32 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\Windows Live Writer
    [2012/10/09 18:12:10 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\XRay Engine

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2009/08/03 15:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2009/08/03 15:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009/10/31 16:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
    [2012/11/13 13:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
    [2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/10/28 16:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2009/10/28 15:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < %systemroot%\*. /rp /s >

    < %systemdrive%\$Recycle.Bin|@;true;true;true >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    ========== Base Services ==========
    SRV - [2009/07/14 11:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
    SRV - [2013/02/27 14:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
    SRV - [2009/07/14 11:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
    SRV - [2010/11/20 22:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
    SRV - [2010/11/20 22:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
    SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
    SRV - [2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
    SRV - [2012/07/05 07:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
    SRV - [2012/06/02 14:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
    SRV - [2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
    SRV - [2010/11/20 22:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2011/03/03 15:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
    SRV - [2009/07/14 11:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
    SRV - [2009/07/14 11:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
    SRV - [2009/07/14 11:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
    SRV - [2010/11/20 22:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV - [2009/07/14 11:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
    SRV - [2009/07/14 11:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
    SRV - [2009/07/14 11:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
    SRV - [2009/07/14 11:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
    SRV - [2012/10/04 02:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
    SRV - [2009/07/14 11:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
    SRV - [2011/05/24 20:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
    SRV - [2012/02/11 15:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
    SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV - [2009/07/14 11:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
    SRV - [2010/11/20 22:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
    SRV - [2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
    SRV - [2009/07/14 11:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
    SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
    SRV - [2009/07/14 11:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
    SRV - [2010/11/20 22:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
    SRV - [2010/11/20 22:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV - [2010/11/20 22:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
    SRV - [2010/11/20 22:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
    SRV - [2009/07/14 11:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2012/05/01 14:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
    SRV - [2010/11/20 22:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
    SRV - [2010/11/20 22:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
    SRV - [2010/11/20 22:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
    SRV - [2010/11/20 22:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
    SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/11/20 22:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
    SRV - [2010/11/20 22:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
    SRV - [2010/11/20 22:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
    SRV - [2010/11/20 22:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
    SRV - [2009/07/14 11:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
    SRV - [2012/06/03 08:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
    SRV - [2010/11/20 22:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
    SRV - [2009/07/14 11:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
    SRV - [2010/11/20 22:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: ST3500320AS ATA Device
    Partitions: 2
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 466.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    ========== Files - Unicode (All) ==========
    [2013/02/24 17:41:17 | 000,000,072 | ---- | M] ()(C:\Windows\System32\?I) -- C:\Windows\System32\纈Ī
    [2013/02/24 17:41:17 | 000,000,072 | ---- | C] ()(C:\Windows\System32\?I) -- C:\Windows\System32\纈Ī
    [2013/02/09 19:32:24 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?H) -- C:\Windows\System32\簘Ħ
    [2013/02/09 19:32:24 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?H) -- C:\Windows\System32\簘Ħ
    [2012/12/29 21:50:04 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?I) -- C:\Windows\System32\䚰Ĭ
    [2012/12/29 21:50:04 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?I) -- C:\Windows\System32\䚰Ĭ
    [2012/09/23 20:57:10 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?g) -- C:\Windows\System32\풰ġ
    [2012/09/23 20:57:10 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?g) -- C:\Windows\System32\풰ġ
    [2012/09/13 20:57:40 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\쩸Ĝ
    [2012/09/13 20:57:40 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\쩸Ĝ

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

    < End of report >
    Attached Files Attached Files

  4. #4
    Member
    Join Date
    Mar 2012
    Posts
    46

    Default

    OTL Extras logfile created on: 21/05/2013 9:27:26 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lauren\Desktop
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.91% Memory free
    4.00 Gb Paging File | 2.99 Gb Available in Paging File | 74.74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.66 Gb Total Space | 334.82 Gb Free Space | 71.90% Space Free | Partition Type: NTFS
    Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: LAUREN-PC | User Name: lauren | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0E606969-E1CC-4A2D-9E2F-49170ACBC1D8}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{21756A25-EA3D-4AC8-B063-92A199F76FBF}" = lport=445 | protocol=6 | dir=in | app=system |
    "{298106AE-C77F-4733-BCAE-E6D1708BFFE8}" = rport=137 | protocol=17 | dir=out | app=system |
    "{2D09F248-9D51-4BE4-9EA1-545C9EB6D587}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{399A9F84-060F-4F51-B089-C0E56B490827}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{3DA94FD9-24FB-4CC6-A80F-A43866020CD1}" = rport=138 | protocol=17 | dir=out | app=system |
    "{442312D5-1CA0-4B06-A13A-DA028A108C97}" = rport=445 | protocol=6 | dir=out | app=system |
    "{46847DF4-E89D-418D-B627-267F7CFFCB27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{51BF0C56-F390-44AE-8F17-7F00E5AFE36C}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{5DF3DD92-812D-438A-8975-0D634D681AF0}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6656E849-BC0C-470C-8C8F-3971A61A96D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{73991B9E-8EC9-40A6-895E-A547A6EC9DE7}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{76A3814B-5F1C-4EAF-8A61-071163182309}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{86395880-DE28-46D4-A972-9970787365E0}" = lport=137 | protocol=17 | dir=in | app=system |
    "{87410725-2271-4C84-9316-C5E83E9906C2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A87712D3-9794-4ED1-9D17-06F5AF5CAEC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{ADCFFF60-C112-4633-922C-D492CD51246B}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{BFA25B84-5B77-4F18-96A7-D6267F5A9112}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C9A783BD-9656-41DD-A3E5-98ADC6568183}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D62963EA-85EE-4316-A305-872A955F2990}" = lport=139 | protocol=6 | dir=in | app=system |
    "{E0E160C1-7241-4B30-8DF8-D5A14551401D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E11315B2-40F2-4D22-8193-F71903A9DF66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E5E7E405-1C94-43A5-8025-12DD28053651}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{F59C2ED0-4E77-46E9-BD2E-C3A8A18BA696}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FC607087-5A64-4D52-AB46-C3641C83BA78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0104E217-5E3F-4229-BEB5-53E24E2D3E8E}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
    "{11D1C08D-E2CE-4603-8F5C-17E84C0CB620}" = protocol=17 | dir=in | app=c:\program files\eidos\conflict denied ops\conflictdeniedops.exe |
    "{15ECC05C-A96E-45A8-8DFE-A2DA5EEE3AD6}" = protocol=6 | dir=in | app=c:\program files\origin games\mass effect 3\binaries\win32\masseffect3.exe |
    "{20FF0BF5-1A80-4752-B157-5307C55A1E8A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
    "{2B7CDBF3-37B1-4800-9064-38BE01BDD59A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{30AE41E5-5542-4A60-8AD4-9EEB6326B38B}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
    "{334249EE-E12D-4A71-B985-00A690896105}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
    "{36B29F21-5C0E-46BF-8A02-5D6AD0C9356A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
    "{36CBBB92-02D8-4AAE-A86A-AE063C010AFD}" = protocol=6 | dir=out | app=system |
    "{37E8AC92-6395-4C77-97E3-1270B5E1AB47}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
    "{38048607-CE93-4884-9325-8EE4C01BE917}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3868502F-401A-4091-8120-9E1851B39F0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{3C5821EB-CB52-466A-B64D-4F77CB472570}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
    "{3EAB5866-F715-42CC-BCCF-0E69603FC205}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
    "{3ED78880-17D5-4506-ADD7-C6D09E712632}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
    "{3F73544D-A8DC-46E2-A83B-2914EB63D1F7}" = protocol=6 | dir=in | app=c:\program files\eidos\conflict denied ops\conflictdeniedops.exe |
    "{43E6FD97-8FB3-4201-86E6-D2117049DD8B}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{474F8DCF-3576-4858-9786-750772B066FB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{4A227D2D-8B6A-4EE0-BEB8-5AF925A18F3E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
    "{548419B7-9E90-48CF-8C2B-2A2DDFE470E3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{55661940-7998-4EF7-AE8E-925D3AA76DCF}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
    "{5B7B10EE-BFE9-46F9-918F-24E6AF7D3DCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5C8BB8D8-3509-43BF-AFB3-0C91FAAC1C45}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
    "{5D245139-6A22-49B3-9EB6-49F235E50FAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5E3782AC-A6E4-463C-80D8-636E7E875D92}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
    "{5F92A36E-4746-41F2-B31A-7CBD9B235A5A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{65AD746E-125C-4B0B-BD38-634118DB3D36}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{66798C17-5E86-4310-947B-87A35F9E4442}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{69391A9A-9E75-4628-9573-C6AF9CAEE5B4}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{6AEEAEF6-D2FC-4CF4-871B-50CCA05F4C6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{6B81DE87-F58D-4C01-9830-AEC5CAE71B04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{6C703A00-303A-4845-A7DD-CFB943EF9160}" = protocol=6 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
    "{70C1D016-DC2A-4600-9F1F-48097307AC3A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{79DDB1C2-BC75-4840-8954-947C4E343450}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7E296DE0-E7DB-4574-9D1B-AEEC05FFC2BF}" = protocol=17 | dir=in | app=c:\program files\origin games\mass effect 3\binaries\win32\masseffect3.exe |
    "{7F74874A-A98D-40F2-85E6-163E05CE5D74}" = protocol=17 | dir=in | app=c:\program files\codemasters\turning point - fall of liberty\binaries\ltcg-tpgame.exe |
    "{8E456A0D-E06C-40D3-9F2B-68D42C385DCA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
    "{92D645ED-572B-4BCA-A6B0-E05AD627D087}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{96AD0E2D-9A30-4E62-ADBE-6F0918861C85}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
    "{985EB132-1BDE-44FD-A348-32F74817E2FA}" = protocol=6 | dir=in | app=c:\program files\codemasters\turning point - fall of liberty\binaries\ltcg-tpgame.exe |
    "{A09CCE0A-2520-499A-81F9-B1921651A481}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
    "{A7D96BFC-9CA4-473B-8501-156629332842}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{ADFD78BF-00C7-4C89-9756-AA42A9B8F9F5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{B8AB21DF-1E1C-450A-8215-82578AACF9BD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{B8AE1E7A-0946-4900-A4E2-A0BCD7169EDF}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{B9F0A396-9150-4D07-8538-A85952A46B49}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
    "{BB04EA74-EA10-493A-B7EC-1D08C68FC2B9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{C369B009-5901-484C-87F3-68E2BD74730E}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
    "{C68EF2B4-13DC-482C-9412-B9E6C42B3521}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{C9B87EE1-BA59-4C16-B5CE-BB9C70FB3070}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{CD0CF86F-B267-4F9D-BE63-351E59FDEF9A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
    "{D456A4C7-FD6D-4AAD-A562-AC7004528662}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
    "{D655E743-D456-468F-95A6-02408D6CABE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DB8E19FE-E850-44AF-9712-7489CEF0699B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
    "{DD246403-6542-4365-9E81-2E723715DFCD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
    "{DD3360D9-3B3D-4D7C-AA59-E4FF1B6080E3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{E1983EF1-4B5C-4D49-B77A-92A885E60FC1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E28EF435-E815-4544-8A0A-56AB5509094C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{E4777EBB-3082-4CBC-A6E6-E46DDF74DBCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E5D6CD09-0D76-49D3-A098-981E591C6D1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E6F041AC-DAA9-4C62-B3A6-8A8B2341AB4C}" = protocol=17 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
    "{EAE8A282-C767-4CE3-BE1E-40BEF3E62E47}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{F1366F5A-347D-43DF-94A7-553F237FEA73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{F2278FC0-8AB1-4F6F-A2CD-4E9C64FE0AB3}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
    "{F2AF0377-4F67-43EF-BC9F-2EBE68EFC6B1}" = protocol=17 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
    "{F8A79607-3274-4929-9210-3F4132378CAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F9800458-1C96-40A6-A5A3-3BF7BEE4CE87}" = protocol=6 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
    "TCP Query User{11EC00F7-50C5-4528-B11B-B602ADD115A2}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
    "TCP Query User{CEAFDDF6-B684-4941-8E9C-D530B5F648B6}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
    "UDP Query User{5DDD7A7F-A89C-4CD5-88B0-BFB7C1CEA4F6}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
    "UDP Query User{CC083020-0B2D-4021-8C61-07133696D906}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{16393B5A-43A8-434B-B22A-0724581F7873}" = GameShadow
    "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
    "{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
    "{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
    "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
    "{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
    "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
    "{36A29F5F-5CBE-4CE0-9E25-4F9297E8570D}" = BitDefender Total Security 2010
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
    "{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
    "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
    "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
    "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
    "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
    "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
    "{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
    "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
    "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
    "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
    "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
    "{D4FEA244-A9BC-4727-8EA9-B369579F43CF}" = Turning Point - Fall of Liberty
    "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
    "{EE4BA4C3-6DE4-404C-9B69-A84709BED752}" = Conflict Denied Ops
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
    "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DivX Setup" = DivX Setup
    "DragonNest" = DragonNest
    "InstallShield_{D4FEA244-A9BC-4727-8EA9-B369579F43CF}" = Turning Point - Fall of Liberty
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "Origin" = Origin
    "Steam App 42680" = Call of Duty: Modern Warfare 3
    "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
    "TeamViewer 8" = TeamViewer 8
    "TomTom HOME" = TomTom HOME 2.8.3.2499
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.01 (32-bit)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 4/05/2013 6:12:17 PM | Computer Name = lauren-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 5/05/2013 2:49:05 AM | Computer Name = lauren-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wlmail.exe, version: 16.4.3505.912, time
    stamp: 0x50510ef6 Faulting module name: bdoe.dll, version: 13.1.14.123, time stamp:
    0x4adc9b0e Exception code: 0xc0000005 Fault offset: 0x0000f380 Faulting process id:
    0x1784 Faulting application start time: 0x01ce495c8f288088 Faulting application path:
    C:\Program Files\Windows Live\Mail\wlmail.exe Faulting module path: C:\Program Files\BitDefender\BitDefender
    2010\bdoe.dll Report Id: e0070d8b-b54f-11e2-bd3d-002215977ef7

    Error - 5/05/2013 7:44:25 PM | Computer Name = lauren-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 5/05/2013 7:50:32 PM | Computer Name = lauren-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 10.0.9200.16537,
    time stamp: 0x512347f7 Faulting module name: nvwgf2um.dll, version: 9.18.13.1106,
    time stamp: 0x50f94515 Exception code: 0xc0000005 Fault offset: 0x001a2519 Faulting
    process id: 0x1508 Faulting application start time: 0x01ce49eb3ed49be4 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\nvwgf2um.dll
    Report
    Id: 9208aa76-b5de-11e2-bb81-002215977ef7

    Error - 6/05/2013 6:45:55 AM | Computer Name = lauren-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: OFDR.exe, version: 1.0.0.0, time stamp:
    0x4ab36c56 Faulting module name: OFDR.exe, version: 1.0.0.0, time stamp: 0x4ab36c56
    Exception
    code: 0xc0000005 Fault offset: 0x00b5249d Faulting process id: 0x1ad8 Faulting application
    start time: 0x01ce4a4699985c1b Faulting application path: C:\Program Files\Codemasters\OF
    Dragon Rising\OFDR.exe Faulting module path: C:\Program Files\Codemasters\OF Dragon
    Rising\OFDR.exe Report Id: 2078740f-b63a-11e2-bb81-002215977ef7

    Error - 6/05/2013 6:47:23 AM | Computer Name = lauren-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wlmail.exe, version: 16.4.3505.912, time
    stamp: 0x50510ef6 Faulting module name: bdoe.dll, version: 13.1.14.123, time stamp:
    0x4adc9b0e Exception code: 0xc0000005 Fault offset: 0x0000f380 Faulting process id:
    0x1904 Faulting application start time: 0x01ce4a4707407d23 Faulting application path:
    C:\Program Files\Windows Live\Mail\wlmail.exe Faulting module path: C:\Program Files\BitDefender\BitDefender
    2010\bdoe.dll Report Id: 5548b863-b63a-11e2-bb81-002215977ef7

    Error - 6/05/2013 7:38:18 AM | Computer Name = lauren-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 7/05/2013 5:41:12 AM | Computer Name = lauren-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wlmail.exe, version: 16.4.3505.912, time
    stamp: 0x50510ef6 Faulting module name: bdoe.dll, version: 13.1.14.123, time stamp:
    0x4adc9b0e Exception code: 0xc0000005 Fault offset: 0x0000f380 Faulting process id:
    0x129c Faulting application start time: 0x01ce4b06f0a9be0a Faulting application path:
    C:\Program Files\Windows Live\Mail\wlmail.exe Faulting module path: C:\Program Files\BitDefender\BitDefender
    2010\bdoe.dll Report Id: 40b386a7-b6fa-11e2-a341-002215977ef7

    Error - 7/05/2013 8:17:55 PM | Computer Name = lauren-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 8/05/2013 3:17:57 AM | Computer Name = lauren-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    [ Spybot - Search and Destroy Events ]
    Error - 21/03/2013 12:29:12 AM | Computer Name = lauren-PC | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    Error - 21/03/2013 2:14:23 AM | Computer Name = lauren-PC | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    Error - 1/04/2013 12:49:03 AM | Computer Name = lauren-PC | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    [ System Events ]
    Error - 18/05/2013 5:27:20 PM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 18/05/2013 5:27:20 PM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 19/05/2013 12:49:40 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 19/05/2013 12:49:40 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 20/05/2013 3:08:33 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 20/05/2013 3:08:33 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 21/05/2013 3:24:53 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 21/05/2013 3:24:53 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 21/05/2013 7:22:04 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 21/05/2013 7:22:04 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069


    < End of report >

  5. #5
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Luney Loz,

    1. Uninstall via Programs and Features

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

    • AVG (if present)

    =========================

    2. Run OTL.exe

    Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
      [2013/04/23 11:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
      
      :Files
      C:\Program Files\AVG
      
      :Commands
      [purity]
      [createrestorepoint]
      [emptyjava]
      [emptyflash]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done

    =========================

    3. Enable Hidden Files & Folders :

    To enable the viewing of hidden and protected system files in Windows please follow these steps:
    1. Close all programs so that you are at your desktop.
    2. Click on the Start button. (This is the small round button with the Windows flag in the lower left corner.)
    3. Click on the Control Panel menu option.
    4. When the control panel opens you can either be in Classic View or Control Panel Home view:

      If you are in the Classic View do the following:
      1. Double-click on the Folder Options icon.
      2. Click on the View tab.
      3. Go to step 5

      If you are in the Control Panel Home view do the following:
      1. Click on the Appearance and Personalization link.
      2. Click on Show Hidden Files or Folders.
      3. Go to step 5.
    5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    6. Remove the check mark from the check box labeled Hide extensions for known file types.
    7. Remove the check mark from the check box labeled Hide protected operating system files.
    8. Press the Apply button and then the OK button.

    =========================

    4. VirusTotal

    Please go to: VirusTotal



    • Click the Browse button and search for the following file: C:\ProgramData\6AC54BA7A2.sys
    • Click Open
    • Then click Send File
    • Please be patient while the file is scanned.
    • Once the scan results appear, please provide them in your next reply.

    If it says already scanned -- click "reanalyze now"

    =========================

    In your next post please provide the following:

    • OTL fix log
    • VirusTotal results
    • Fresh OTL.txt log
    • What issues/symptoms are you experiencing?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  6. #6
    Member
    Join Date
    Mar 2012
    Posts
    46

    Default

    Hi,

    Couldn't find AVG in the Programs & Features.

    Not sure if the OTL log I posted below is the fix log or not. It didn't post on my Dad's desktop so I had to manually search.

    The hidden files were already shown for some reason.

    Hope I posted the right stuff.

    I attached the OTL.txt because when I tried pasting it, Asian characters showed.

    ----------

    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
    C:\ProgramData\McAfee\MCLOGS\Common\jre-7u21-windows-i586-iftw folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS\Common folder moved successfully.
    C:\ProgramData\McAfee\MCLOGS folder moved successfully.
    C:\ProgramData\McAfee folder moved successfully.
    ========== FILES ==========
    C:\Program Files\AVG\AVG9\log folder moved successfully.
    C:\Program Files\AVG\AVG9\cfg folder moved successfully.
    C:\Program Files\AVG\AVG9 folder moved successfully.
    C:\Program Files\AVG folder moved successfully.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: lauren
    ->Java cache emptied: 2347633 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 2.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: lauren
    ->Flash cache emptied: 42143 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 41620 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 05222013_102808

    ----------

    SHA256: 5b2c4577f7a86d6849ae53a9171e02a739f07ee80d95711b29b51fa2840e6ad2
    SHA1: 9d9aa8012b2a3069adc5f11675be8cf0c8ffdf27
    MD5: 40b19155988abb412b4283e150ab217c
    File size: 88 bytes ( 88 bytes )
    File name: 6AC54BA7A2.sys
    File type: unknown
    Detection ratio: 0 / 47
    Analysis date: 2013-05-22 00:41:15 UTC ( 0 minutes ago )
    Attached Files Attached Files

  7. #7
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Luney Loz,

    1. Run OTL.exe

    Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No CLSID value found.
      O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
      
      :Files
      C:\Users\Lauren\AppData\Local\Temp\cusbohcn.sys
      
      :Services
      cusbohcn
      
      :Commands
      [purity]
      [createrestorepoint]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done

    =========================

    2. Malwarebytes' Anti-Malware

    Locate Malwarebytes' Anti-Malware (it should be on your desktop).
    If not, download it here
    • Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to run the program..
    • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
    • Select Perform quick scan, then click Scan.



    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample: and click Remove Selected .


    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

    =========================

    3. ESET Online Scanner

    *Note:
    • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    • Please don't go surfing while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

    ** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

    = = = = = = = = = = = = = = = = = = = =

    Go here to run ESET Online Scanner

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.

    =========================

    In your next post please provide the following:
    • OTL fix log
    • MBAM.txt
    • ESET's log.txt
    • How is the computer running at the moment?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  8. #8
    Member
    Join Date
    Mar 2012
    Posts
    46

    Default

    Hi,

    I haven't been using the PC much as I've mostly been using my own. I've only been using it to run the scans you mentioned.

    From what my Dad says, that malware hasn't tried changing his home page again. I'm not sure if that and the Babylon thing were the only malware or not.

    My Dad mentioned he removed WOT because he thought it had something to do with the malware but I told him it wouldn't have been that. I re-installed it in Internet Explorer last night.

    ----------

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41c9-AAE8-31F2EC22BF0D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.
    ========== FILES ==========
    C:\Users\Lauren\AppData\Local\Temp\cusbohcn.sys moved successfully.
    ========== SERVICES/DRIVERS ==========
    Service cusbohcn stopped successfully!
    Service cusbohcn deleted successfully!
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: lauren
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 584430777 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 51667232 bytes
    ->Flash cache emptied: 506 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 155648 bytes
    %systemroot%\System32 .tmp files removed: 1598848 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9634647 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 617.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 05222013_220603

    Files\Folders moved on Reboot...
    C:\Users\lauren\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    ----------

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.22.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16576
    lauren :: LAUREN-PC [administrator]

    22/05/2013 10:14:51 PM
    mbam-log-2013-05-22 (22-14-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 228651
    Time elapsed: 5 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    Attached Files Attached Files

  9. #9
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Luney Loz,

    My Dad mentioned he removed WOT because he thought it had something to do with the malware but I told him it wouldn't have been that
    WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

    =========================

    1. Run OTL.exe

    Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Files
      C:\Users\lauren\AppData\Local\Temp\F0F4722A-BAB0-7891-8B8E-5190F0D079AF
      C:\Users\lauren\Desktop\Trainers\ME3+18Tr-LNG_Final
      
      :Commands
      [purity]
      [createrestorepoint]
      [emptyjava]
      [emptyflash]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done

    =========================

    2. ATF Cleaner by Atribune

    Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

    Download - ATF Cleaner
    Right-click ATF-Cleaner.exe and select "run as administrator" to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

    • If you use Firefox browser

      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

    =========================

    3. Re-run OTL (it should be located on your desktop).

    Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Uncheck the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
      Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.

    =========================

    In your next post please provide the following:

    • OTL fix log
    • Fresh OTL.txt log
    • How's the computer running, any remaining issues we haven't addressed yet?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  10. #10
    Member
    Join Date
    Mar 2012
    Posts
    46

    Default

    Hi,

    I ran ATF Cleaner but it said no files were removed.

    I attached the OTL file because it showed Asian characters again.

    ----------

    ========== FILES ==========
    C:\Users\lauren\AppData\Local\Temp\F0F4722A-BAB0-7891-8B8E-5190F0D079AF\Latest\HtmlScreens folder moved successfully.
    C:\Users\lauren\AppData\Local\Temp\F0F4722A-BAB0-7891-8B8E-5190F0D079AF\Latest folder moved successfully.
    C:\Users\lauren\AppData\Local\Temp\F0F4722A-BAB0-7891-8B8E-5190F0D079AF folder moved successfully.
    C:\Users\lauren\Desktop\Trainers\ME3+18Tr-LNG_Final folder moved successfully.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: lauren
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: lauren
    ->Flash cache emptied: 506 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 05232013_103607
    Attached Files Attached Files

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •