Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Xoftspyse - Satchfan [Solved]

Started by PattiChati , Aug 30 2012 08:49 AM

  • This topic is locked This topic is locked
151 replies to this topic

#16 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 31 August 2012 - 01:44 PM

ok, I am ready to quit already, ;) Erunt says it can't back up registry. It also says its for windows 2000, xp or nt, I have windows 7

Edited by PattiChati, 31 August 2012 - 01:45 PM.

    Advertisements

Register to Remove

#17 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 31 August 2012 - 01:47 PM

ok, I am ready to quit already,

:D

Go ahead and continue past that....you should be able to do so. Once done go ahead and run OTL with the instructions I provided.
Posted Image
 
 

#18 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 31 August 2012 - 02:11 PM

I don't think ERUNT did its thing - sure did grunt a lot though. Oh well.
Here is the otl Have fun with it.

OTL logfile created on: 8/31/2012 4:07:26 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Patty\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 48.44% Memory free
5.93 Gb Paging File | 3.94 Gb Available in Paging File | 66.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 238.41 Gb Free Space | 80.01% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 588.39 Gb Free Space | 63.17% Space Free | Partition Type: NTFS

Computer Name: PATTI-PC | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/30 15:56:22 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Patty\Downloads\OTL(4).exe
PRC - [2012/08/26 23:05:05 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/08/20 23:32:24 | 000,224,960 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 20:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/10/12 08:55:06 | 000,366,496 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe
PRC - [2011/08/08 03:55:42 | 003,147,856 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
PRC - [2011/03/18 22:59:40 | 001,422,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office2010\Office14\WINWORD.EXE
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office2010\Office14\ONENOTEM.EXE
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/26 23:05:04 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/07/13 20:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 03:24:50 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 03:24:28 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/10 03:29:49 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/10 03:25:10 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 03:25:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 03:24:54 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/10/11 08:40:16 | 000,045,568 | ---- | M] () -- C:\Program Files\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\InteropHelper.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office2010\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2012/08/26 23:05:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/20 23:32:24 | 000,224,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 20:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/11 00:45:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/01/02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Disabled | Stopped] -- C:\Program Files\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Patty\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/08/20 23:33:47 | 000,012,992 | ---- | M] (Paramount Software UK Ltd) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\PSVolAcc.sys -- (PSVolAcc)
DRV - [2012/08/20 23:33:27 | 000,016,064 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pssnap.sys -- (pssnap)
DRV - [2012/08/20 23:33:19 | 000,053,952 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psmounter.sys -- (PSMounter)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/11 01:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/11/11 01:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/11/11 01:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/11/11 01:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com...ilc=8&fr=mkg029
IE - HKLM\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...mp;cr=344294484

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...mp;cr=344294484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mg5.mail.y...=ed87695mvk0e5"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI4066~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI4066~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Patty\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles/5erqatan.default\extensions\superfish@superfish.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension

[2012/08/04 13:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\mozilla\Extensions
[2012/08/24 15:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\mozilla\Firefox\Profiles\5erqatan.default\extensions
[2012/02/10 23:22:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Patty\AppData\Roaming\mozilla\Firefox\Profiles\5erqatan.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/08/14 13:00:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Patty\AppData\Roaming\mozilla\Firefox\Profiles\5erqatan.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/27 05:26:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\mozilla\Firefox\Profiles\791mcddo.default-1346059307542\extensions
[2012/08/27 02:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\mozilla\Firefox\Profiles\7z2enokc.default-1346048094184\extensions
[2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylo...000002564d80f68
CHR - homepage: http://search.babylo...000002564d80f68

O1 HOSTS File: ([2012/08/23 10:17:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Creative Home\Hallmark Card Studio 2012 Deluxe\ReminderApp.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office2010\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3E4F083-98BF-476A-B54A-CA975B5E2AAD}: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/02 07:19:42 | 000,000,000 | R--D | M] - J:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/31 15:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/31 15:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/29 17:25:58 | 000,000,000 | ---D | C] -- C:\Users\Patty\Desktop\invites
[2012/08/26 23:05:05 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/26 23:05:05 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/24 19:43:47 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\NovaRegister
[2012/08/24 19:42:09 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\HCSShell
[2012/08/24 19:38:53 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Creative Home
[2012/08/24 15:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/24 15:56:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/24 02:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/23 16:41:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/23 16:40:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/23 10:18:48 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\temp
[2012/08/23 10:11:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/21 00:41:20 | 000,053,952 | ---- | C] (Macrium Software) -- C:\Windows\System32\drivers\psmounter.sys
[2012/08/21 00:41:20 | 000,016,064 | ---- | C] (Macrium Software) -- C:\Windows\System32\drivers\pssnap.sys
[2012/08/21 00:41:20 | 000,012,992 | ---- | C] (Paramount Software UK Ltd) -- C:\Windows\System32\drivers\PSVolAcc.sys
[2012/08/20 12:26:26 | 000,000,000 | ---D | C] -- C:\Users\Patty\Desktop\Bunch of pictures
[2012/08/15 16:47:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/15 16:47:52 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/15 16:47:51 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/15 16:47:50 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/08/15 16:47:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/15 16:47:43 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/15 16:47:39 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/08/15 06:53:15 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/08/14 12:33:24 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\antiphishing-vmninternethelper1_1dn
[2012/08/13 17:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/08/12 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\APN
[2012/08/11 19:58:35 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Apple Computer
[2012/08/11 19:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/08/07 00:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Awesome Duplicate Photo Finder
[2012/08/07 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\EasyDuplicateFinder
[2012/08/05 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\MyScrapNook_12
[2011/11/28 16:40:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe

========== Files - Modified Within 30 Days ==========

[2012/08/31 15:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/31 15:12:30 | 000,000,894 | ---- | M] () -- C:\Users\Patty\Desktop\NTREGOPT.lnk
[2012/08/31 15:12:30 | 000,000,875 | ---- | M] () -- C:\Users\Patty\Desktop\ERUNT.lnk
[2012/08/31 14:36:29 | 000,000,512 | ---- | M] () -- C:\Users\Patty\Desktop\MBR.dat
[2012/08/31 14:24:43 | 000,001,282 | ---- | M] () -- C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/08/31 14:19:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/31 13:25:36 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 13:25:36 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 09:49:35 | 000,002,987 | ---- | M] () -- C:\Users\Patty\Desktop\Hallmark Card Studio 2012.lnk
[2012/08/30 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/08/30 10:50:25 | 011,255,615 | ---- | M] () -- C:\Users\Patty\Desktop\invite 2.hmk
[2012/08/30 10:44:47 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/08/29 11:48:37 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/29 11:48:37 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/29 11:43:48 | 2388,381,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/28 16:17:25 | 000,297,831 | ---- | M] () -- C:\Users\Patty\Desktop\external drive.PNG
[2012/08/28 16:14:09 | 000,318,068 | ---- | M] () -- C:\Users\Patty\Desktop\reflecrt.PNG
[2012/08/26 23:05:05 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/26 23:05:05 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/26 18:53:12 | 000,491,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/24 19:35:07 | 000,002,295 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2012/08/24 11:45:07 | 000,098,269 | ---- | M] () -- C:\Users\Patty\Desktop\adult_online_forms_07_09_rev_06_1136.pdf
[2012/08/24 01:14:42 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/23 10:17:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/21 11:50:44 | 000,000,448 | ---- | M] () -- C:\Users\Patty\Documents\cc_20120821_115040.reg
[2012/08/20 23:33:47 | 000,012,992 | ---- | M] (Paramount Software UK Ltd) -- C:\Windows\System32\drivers\PSVolAcc.sys
[2012/08/20 23:33:27 | 000,016,064 | ---- | M] (Macrium Software) -- C:\Windows\System32\drivers\pssnap.sys
[2012/08/20 23:33:19 | 000,053,952 | ---- | M] (Macrium Software) -- C:\Windows\System32\drivers\psmounter.sys

========== Files Created - No Company Name ==========

[2012/08/31 15:12:30 | 000,000,894 | ---- | C] () -- C:\Users\Patty\Desktop\NTREGOPT.lnk
[2012/08/31 15:12:30 | 000,000,875 | ---- | C] () -- C:\Users\Patty\Desktop\ERUNT.lnk
[2012/08/31 14:36:29 | 000,000,512 | ---- | C] () -- C:\Users\Patty\Desktop\MBR.dat
[2012/08/31 14:24:43 | 000,001,282 | ---- | C] () -- C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/08/31 09:49:35 | 000,002,987 | ---- | C] () -- C:\Users\Patty\Desktop\Hallmark Card Studio 2012.lnk
[2012/08/29 11:57:34 | 011,255,615 | ---- | C] () -- C:\Users\Patty\Desktop\invite 2.hmk
[2012/08/28 16:17:25 | 000,297,831 | ---- | C] () -- C:\Users\Patty\Desktop\external drive.PNG
[2012/08/28 16:14:09 | 000,318,068 | ---- | C] () -- C:\Users\Patty\Desktop\reflecrt.PNG
[2012/08/26 23:05:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/24 19:35:07 | 000,002,295 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2012/08/24 11:45:05 | 000,098,269 | ---- | C] () -- C:\Users\Patty\Desktop\adult_online_forms_07_09_rev_06_1136.pdf
[2012/08/21 11:50:42 | 000,000,448 | ---- | C] () -- C:\Users\Patty\Documents\cc_20120821_115040.reg
[2012/07/20 14:27:03 | 000,027,520 | ---- | C] () -- C:\Users\Patty\AppData\Local\dt.dat
[2012/03/17 00:25:18 | 000,000,017 | ---- | C] () -- C:\Users\Patty\AppData\Local\resmon.resmoncfg
[2012/02/10 23:29:32 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/09/26 11:00:27 | 000,000,117 | ---- | C] () -- C:\Windows\restore.INI
[2011/04/17 19:19:47 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

========== Custom Scans ==========

< :Services >

< >

< :OTL >

< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC >

< IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC >

< FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" >

< FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" >

< [2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml >
Invalid Switch: 13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

< >

< :Files >

< ipconfig /flushdsn /c >
Error: unrecognized or incomplete command line.
USAGE:
ipconfig [/allcompartments] [/? | /all |
/renew [adapter] | /release [adapter] |
/renew6 [adapter] | /release6 [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] |
/showclassid6 adapter |
/setclassid6 adapter [classid] ]
where
adapter Connection name
(wildcard characters * and ? allowed, see examples)
Options:
/? Display this help message
/all Display full configuration information.
/release Release the IPv4 address for the specified adapter.
/release6 Release the IPv6 address for the specified adapter.
/renew Renew the IPv4 address for the specified adapter.
/renew6 Renew the IPv6 address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.
/showclassid6 Displays all the IPv6 DHCP class IDs allowed for adapter.
/setclassid6 Modifies the IPv6 DHCP class id.
The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
For Setclassid and Setclassid6, if no ClassId is specified, then the ClassId is removed.
Examples:
> ipconfig ... Show information
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"
> ipconfig /allcompartments ... Show information about all
compartments
> ipconfig /allcompartments /all ... Show detailed information about all
compartments

< >

< :Commands >

< [emptytemp] >

< [resethosts] >

< [start explorer] >

< [Reboot] >

< End of report >

#19 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 31 August 2012 - 03:24 PM

Hi, I think that you pressed for OTL to scan again. Please go back to Post 7, follow the instructions I provided for OTL again and this time be sure to press Run Fix. Post the new log when created.
Posted Image
 
 

#20 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 31 August 2012 - 03:52 PM

This just popped up on the screen when it rebooted, I take it, it is the fix program. I will now run the scan again/

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Patty\Downloads\cmd.bat deleted successfully.
C:\Users\Patty\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Patti's New Account
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Patti-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Patty
->Temp folder emptied: 65909974 bytes
->Temporary Internet Files folder emptied: 176181 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 183331207 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1643 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11866 bytes
RecycleBin emptied: 35176805 bytes

Total Files Cleaned = 271.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.59.1 log created on 08312012_174802

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#21 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 31 August 2012 - 04:00 PM

Is this what you needed? I am getting a little confused, I am having somewhat of a family problem here and it is hard to concentrate. Thank you

Edited by PattiChati, 31 August 2012 - 04:00 PM.

#22 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 31 August 2012 - 04:03 PM

Yes that was what I needed. Now please run a Quick Scan with OTL and post the new log that is created.
Posted Image
 
 

#23 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 31 August 2012 - 04:27 PM

OTL logfile created on: 8/31/2012 6:25:11 PM - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Patty\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 64.37% Memory free
5.93 Gb Paging File | 4.71 Gb Available in Paging File | 79.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 238.77 Gb Free Space | 80.13% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 588.39 Gb Free Space | 63.17% Space Free | Partition Type: NTFS

Computer Name: PATTI-PC | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/31 17:54:36 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Patty\Downloads\OTL(5).exe
PRC - [2012/08/26 23:05:05 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/08/20 23:32:24 | 000,224,960 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 20:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/10/12 08:55:06 | 000,366,496 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office2010\Office14\ONENOTEM.EXE
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/26 23:05:04 | 009,813,704 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/07/13 20:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 03:24:50 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 03:24:28 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/10 03:29:49 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/10 03:25:10 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 03:25:02 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 03:24:54 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/10/11 08:40:16 | 000,045,568 | ---- | M] () -- C:\Program Files\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\InteropHelper.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office2010\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2012/08/26 23:05:05 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/20 23:32:24 | 000,224,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 20:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/11 00:45:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/01/02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Disabled | Stopped] -- C:\Program Files\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/08/20 23:33:47 | 000,012,992 | ---- | M] (Paramount Software UK Ltd) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\PSVolAcc.sys -- (PSVolAcc)
DRV - [2012/08/20 23:33:27 | 000,016,064 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pssnap.sys -- (pssnap)
DRV - [2012/08/20 23:33:19 | 000,053,952 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\psmounter.sys -- (PSMounter)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/11 01:11:46 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/11/11 01:11:46 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/11/11 01:11:46 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/11/11 01:11:46 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com...ilc=8&fr=mkg029
IE - HKLM\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE}
IE - HKLM\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...mp;cr=344294484

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {36668FFD-7809-43FB-A609-999C5A7AB5FE}
IE - HKCU\..\SearchScopes\{36668FFD-7809-43FB-A609-999C5A7AB5FE}: "URL" = http://search.foxtab...mp;cr=344294484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.mg5.mail.y...=ed87695mvk0e5"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI4066~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI4066~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Patty\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\superfish@superfish.com: C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles/5erqatan.default\extensions\superfish@superfish.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension

[2012/08/04 13:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\mozilla\Extensions
[2012/08/24 15:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\mozilla\Firefox\Profiles\5erqatan.default\extensions
[2012/02/10 23:22:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Patty\AppData\Roaming\mozilla\Firefox\Profiles\5erqatan.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/08/14 13:00:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Patty\AppData\Roaming\mozilla\Firefox\Profiles\5erqatan.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/27 05:26:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\mozilla\Firefox\Profiles\791mcddo.default-1346059307542\extensions
[2012/08/27 02:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\mozilla\Firefox\Profiles\7z2enokc.default-1346048094184\extensions
[2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylo...000002564d80f68
CHR - homepage: http://search.babylo...000002564d80f68

O1 HOSTS File: ([2012/08/31 17:57:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AddressBookReminderApp] C:\Program Files\Creative Home\Hallmark Card Studio 2012 Deluxe\ReminderApp.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office2010\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3E4F083-98BF-476A-B54A-CA975B5E2AAD}: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/02 07:19:42 | 000,000,000 | R--D | M] - J:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/31 17:48:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/31 15:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/31 15:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/08/29 17:25:58 | 000,000,000 | ---D | C] -- C:\Users\Patty\Desktop\invites
[2012/08/24 19:43:47 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\NovaRegister
[2012/08/24 19:42:09 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\HCSShell
[2012/08/24 19:38:53 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Creative Home
[2012/08/24 15:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/24 15:56:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/24 02:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/23 16:41:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/23 16:40:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/23 10:18:48 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\temp
[2012/08/23 10:11:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/21 00:41:20 | 000,053,952 | ---- | C] (Macrium Software) -- C:\Windows\System32\drivers\psmounter.sys
[2012/08/21 00:41:20 | 000,016,064 | ---- | C] (Macrium Software) -- C:\Windows\System32\drivers\pssnap.sys
[2012/08/21 00:41:20 | 000,012,992 | ---- | C] (Paramount Software UK Ltd) -- C:\Windows\System32\drivers\PSVolAcc.sys
[2012/08/20 12:26:26 | 000,000,000 | ---D | C] -- C:\Users\Patty\Desktop\Bunch of pictures
[2012/08/14 12:33:24 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\antiphishing-vmninternethelper1_1dn
[2012/08/13 17:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/08/12 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\APN
[2012/08/11 19:58:35 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\Apple Computer
[2012/08/11 19:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/08/07 00:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Awesome Duplicate Photo Finder
[2012/08/07 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\EasyDuplicateFinder
[2012/08/05 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\MyScrapNook_12
[2011/11/28 16:40:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe

========== Files - Modified Within 30 Days ==========

[2012/08/31 18:05:28 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 18:05:28 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 18:05:05 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/31 18:05:05 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/31 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012/08/31 17:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/31 17:58:10 | 2388,381,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/31 17:57:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/08/31 17:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/31 15:12:30 | 000,000,894 | ---- | M] () -- C:\Users\Patty\Desktop\NTREGOPT.lnk
[2012/08/31 15:12:30 | 000,000,875 | ---- | M] () -- C:\Users\Patty\Desktop\ERUNT.lnk
[2012/08/31 14:36:29 | 000,000,512 | ---- | M] () -- C:\Users\Patty\Desktop\MBR.dat
[2012/08/31 14:24:43 | 000,001,282 | ---- | M] () -- C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/08/31 09:49:35 | 000,002,987 | ---- | M] () -- C:\Users\Patty\Desktop\Hallmark Card Studio 2012.lnk
[2012/08/30 10:50:25 | 011,255,615 | ---- | M] () -- C:\Users\Patty\Desktop\invite 2.hmk
[2012/08/30 10:44:47 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012/08/28 16:17:25 | 000,297,831 | ---- | M] () -- C:\Users\Patty\Desktop\external drive.PNG
[2012/08/28 16:14:09 | 000,318,068 | ---- | M] () -- C:\Users\Patty\Desktop\reflecrt.PNG
[2012/08/26 18:53:12 | 000,491,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/24 19:35:07 | 000,002,295 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2012/08/24 11:45:07 | 000,098,269 | ---- | M] () -- C:\Users\Patty\Desktop\adult_online_forms_07_09_rev_06_1136.pdf
[2012/08/24 01:14:42 | 000,002,057 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/21 11:50:44 | 000,000,448 | ---- | M] () -- C:\Users\Patty\Documents\cc_20120821_115040.reg
[2012/08/20 23:33:47 | 000,012,992 | ---- | M] (Paramount Software UK Ltd) -- C:\Windows\System32\drivers\PSVolAcc.sys
[2012/08/20 23:33:27 | 000,016,064 | ---- | M] (Macrium Software) -- C:\Windows\System32\drivers\pssnap.sys
[2012/08/20 23:33:19 | 000,053,952 | ---- | M] (Macrium Software) -- C:\Windows\System32\drivers\psmounter.sys

========== Files Created - No Company Name ==========

[2012/08/31 15:12:30 | 000,000,894 | ---- | C] () -- C:\Users\Patty\Desktop\NTREGOPT.lnk
[2012/08/31 15:12:30 | 000,000,875 | ---- | C] () -- C:\Users\Patty\Desktop\ERUNT.lnk
[2012/08/31 14:36:29 | 000,000,512 | ---- | C] () -- C:\Users\Patty\Desktop\MBR.dat
[2012/08/31 14:24:43 | 000,001,282 | ---- | C] () -- C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/08/31 09:49:35 | 000,002,987 | ---- | C] () -- C:\Users\Patty\Desktop\Hallmark Card Studio 2012.lnk
[2012/08/29 11:57:34 | 011,255,615 | ---- | C] () -- C:\Users\Patty\Desktop\invite 2.hmk
[2012/08/28 16:17:25 | 000,297,831 | ---- | C] () -- C:\Users\Patty\Desktop\external drive.PNG
[2012/08/28 16:14:09 | 000,318,068 | ---- | C] () -- C:\Users\Patty\Desktop\reflecrt.PNG
[2012/08/26 23:05:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/24 19:35:07 | 000,002,295 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk
[2012/08/24 11:45:05 | 000,098,269 | ---- | C] () -- C:\Users\Patty\Desktop\adult_online_forms_07_09_rev_06_1136.pdf
[2012/08/21 11:50:42 | 000,000,448 | ---- | C] () -- C:\Users\Patty\Documents\cc_20120821_115040.reg
[2012/07/20 14:27:03 | 000,027,520 | ---- | C] () -- C:\Users\Patty\AppData\Local\dt.dat
[2012/03/17 00:25:18 | 000,000,017 | ---- | C] () -- C:\Users\Patty\AppData\Local\resmon.resmoncfg
[2012/02/10 23:29:32 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/09/26 11:00:27 | 000,000,117 | ---- | C] () -- C:\Windows\restore.INI
[2011/04/17 19:19:47 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

========== LOP Check ==========

[2012/02/10 23:22:26 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\.purple
[2012/08/24 15:39:57 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Canon
[2012/05/04 17:46:26 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/06/19 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\DriverCure
[2012/08/07 00:26:27 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\EasyDuplicateFinder
[2012/02/10 23:22:27 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Foxit Software
[2012/02/10 23:22:27 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Garmin
[2012/02/10 23:22:27 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Jenkat
[2012/02/10 23:22:32 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\mjusbsp
[2012/02/10 23:22:38 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\OpenCandy
[2012/06/19 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\ParetoLogic
[2010/12/25 11:19:30 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Skinux
[2011/09/26 00:51:45 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Systweak
[2012/02/10 23:22:38 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\TeamViewer
[2012/02/10 23:22:38 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\ViquaSoft
[2012/02/10 23:22:38 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\www.shadowexplorer.com
[2012/02/10 23:22:38 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Xlinkw
[2012/08/31 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012/08/30 10:44:47 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2009/07/14 00:53:46 | 000,023,922 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#24 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 31 August 2012 - 05:09 PM

Download Combofix from the link below, and save it to your desktop.
Link

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------
Posted Image
 
 

#25 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 31 August 2012 - 06:44 PM

Always have been confused about the antivirus and anti spyware programs I have. And could never turn them off even with the link you gave me. Are these decent ones or should I have better. As soon as I know how to properly disable them, I will do the combofix, but I don't think I disabled them last time because malwarebytes just kept wanting to reinstall and always said it was working.

    Advertisements

Register to Remove

#26 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 01 September 2012 - 09:14 AM

Have figured out how to disable MSE but not malarebytes. I went to this link and tried what they said, but I don't have on my computer the same things they have.
http://smartnetadmin...bytes-real.html

#27 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 01 September 2012 - 09:16 AM

I typed to you and I see it doesn't show up. I have the flu today, so probably won't be on the computer much unless that Tylenol 3 kicks in. I feel like I have been run over by a mack truck. I am doing little by little though because I love working on the computer.

#28 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 September 2012 - 09:37 AM

Hi, Hope you get to feeling better. I won't be on much myself today having several things to do, but go ahead and run ComboFix and post the log. If you are told that Malwarebytes is still running just continue on...it shouldn't be a problem.
Posted Image
 
 

#29 PattiChati

PattiChati

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 703 posts

Posted 01 September 2012 - 12:57 PM

ComboFix 12-08-31.08 - Patty 09/01/2012 14:50:06.6.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.2012 [GMT -4:00] Running from: c:\users\Patty\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 ))))))))))))))))))))))))))))))) . . 2012-09-01 18:55 . 2012-09-01 18:55 -------- d-----w- c:\users\Patti-PC\AppData\Local\temp 2012-09-01 18:55 . 2012-09-01 18:55 -------- d-----w- c:\users\Patti's New Account\AppData\Local\temp 2012-09-01 18:55 . 2012-09-01 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-01 18:44 . 2012-09-01 18:55 -------- d-----w- c:\users\Patty\AppData\Local\temp 2012-09-01 15:57 . 2012-09-01 15:57 -------- d-----w- c:\users\Patty\AppData\Local\Avanquest North America 2012-08-31 21:48 . 2012-08-31 21:48 -------- d-----w- C:\_OTL 2012-08-31 19:12 . 2012-08-31 19:12 -------- d-----w- c:\program files\ERUNT 2012-08-31 18:30 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6745207D-CB98-4DEB-AF29-8BC1E078BF66}\mpengine.dll 2012-08-31 13:43 . 2012-08-31 13:43 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-08-31 13:42 . 2012-08-31 13:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-08-30 16:42 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-27 03:05 . 2012-08-27 03:05 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-27 03:05 . 2012-08-27 03:05 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-24 23:43 . 2012-08-24 23:43 -------- d-----w- c:\users\Patty\AppData\Local\NovaRegister 2012-08-24 23:42 . 2012-08-24 23:42 -------- d-----w- c:\users\Patty\AppData\Local\HCSShell 2012-08-24 23:38 . 2012-08-24 23:38 -------- d-----w- c:\users\Patty\AppData\Local\Creative Home 2012-08-24 19:56 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-24 06:06 . 2012-08-24 06:06 -------- d-----w- c:\program files\ESET 2012-08-21 04:41 . 2012-08-21 03:33 12992 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys 2012-08-21 04:41 . 2012-08-21 03:33 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys 2012-08-21 04:41 . 2012-08-21 03:33 53952 ----a-w- c:\windows\system32\drivers\psmounter.sys 2012-08-15 10:53 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 10:53 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll 2012-08-15 10:53 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll 2012-08-14 16:33 . 2012-08-14 16:33 -------- d-----w- c:\users\Patty\AppData\Local\antiphishing-vmninternethelper1_1dn 2012-08-13 21:21 . 2012-08-14 17:00 -------- d-----w- c:\programdata\Yahoo! Companion 2012-08-12 20:01 . 2012-08-12 20:01 -------- d-----w- c:\users\Patty\AppData\Local\APN 2012-08-11 23:58 . 2012-08-11 23:58 -------- d-----w- c:\users\Patty\AppData\Local\Apple Computer 2012-08-11 23:56 . 2012-08-15 10:45 -------- d-----w- c:\program files\Bonjour 2012-08-07 04:34 . 2012-08-15 10:44 -------- d-----w- c:\program files\Awesome Duplicate Photo Finder 2012-08-07 04:25 . 2012-08-07 04:26 -------- d-----w- c:\users\Patty\AppData\Roaming\EasyDuplicateFinder 2012-08-05 19:59 . 2012-08-05 19:59 -------- d-----w- c:\users\Patty\AppData\Local\MyScrapNook_12 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-13 20:01 . 2012-07-13 20:01 53248 ----a-r- c:\users\Patty\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe 2012-07-06 02:06 . 2012-07-16 17:59 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-06 02:06 . 2011-09-08 22:59 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-27 02:14 . 2012-06-27 02:14 4472832 ----a-w- c:\windows\system32\GPhotos.scr 2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-06 05:05 . 2012-07-11 00:33 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05 . 2012-07-11 00:33 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:03 . 2012-07-11 00:33 805376 ----a-w- c:\windows\system32\cdosys.dll 2011-11-16 19:20 . 2011-11-28 20:40 584192 ----a-w- c:\program files\OTL.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office2010\Office14\ONENOTEM.EXE [2010-12-21 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Event Planner Reminder.lnk - c:\program files\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe [2011-10-12 366496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder 2010.lnk] backup=c:\windows\pss\Event Planner Reminder 2010.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KineticD.lnk] backup=c:\windows\pss\KineticD.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\KineticD.lnk . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk . [HKLM\~\startupfolder\C:^Users^Patty^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup path=c:\users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk . [HKLM\~\startupfolder\C:^Users^Patty^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk] path=c:\users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk backup=c:\windows\pss\ZooskMessenger.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office2010\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater] 2011-12-15 15:40 1446248 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2010-08-26 00:45 171032 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2010-08-26 00:45 136216 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-07-03 17:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC] 2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2012-01-21 01:03 719672 ----a-w- c:\program files\Microsoft Office2010\Office14\MSOSYNC.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2010-08-26 00:45 170520 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office2010\Office14\GROOVE.EXE [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [x] R3 PSVolAcc;PSVolAcc; [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [x] S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc . Contents of the 'Scheduled Tasks' folder . 2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 03:05] . 2012-08-31 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-09-29 18:43] . 2012-08-30 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-09-29 18:43] . . ------- Supplementary Scan ------- . uStart Page = mStart Page = hxxp://www.yahoo.com/?ilc=8&fr=mkg029 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3 FF - ProfilePath - c:\users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\791mcddo.default-1346059307542\ FF - prefs.js: browser.startup.homepage - hxxp://us.mg5.mail.yahoo.com/neo/launch?.rand=dfcgl1kd68nre . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,2c,28,fe,93,ff,c0,40,87,15,fd,\ "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,2c,28,fe,93,ff,c0,40,87,15,fd,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*] "v5Licence0"="15-D9KX-C4Q6-DN4R-TVH3-4HM1-XCTA125" "Activated"="Y" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-01 14:56:41 ComboFix-quarantined-files.txt 2012-09-01 18:56 ComboFix2.txt 2012-09-01 18:44 . Pre-Run: 254,169,186,304 bytes free Post-Run: 254,114,820,096 bytes free . - - End Of File - - F74FA9E349E607CA9FDBEE6882B8FD79

#30 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 01 September 2012 - 08:50 PM

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.
----------
Posted Image
 
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·