TechSpot

Sirefef.w/b/y removal

Solved
By Lyr21
Mar 14, 2013
  1. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  2. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    AdwCleaner[S1].txt

    # AdwCleaner v2.115 - Logfile created 03/19/2013 at 17:51:44
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Administrator - SKELCE-L7
    # Boot Mode : Normal
    # Running from : C:\Users\Administrator.skelce-l7.000\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\ProgramData\Ask

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16470

    [OK] Registry is clean.

    -\\ Google Chrome v25.0.1364.97

    *************************

    AdwCleaner[S1].txt - [618 octets] - [19/03/2013 17:51:44]

    ########## EOF - C:\AdwCleaner[S1].txt - [677 octets] ##########






    JRT.txt


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.7.2 (03.15.2013:1)
    OS: Windows 7 Professional x64
    Ran by Administrator on Tue 03/19/2013 at 17:56:44.84
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 03/19/2013 at 18:02:41.85
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    OTL.txt


    OTL logfile created on: 3/19/2013 6:03:56 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator.skelce-l7.000\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 72.35% Memory free
    7.80 Gb Paging File | 6.57 Gb Available in Paging File | 84.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.29 Gb Total Space | 233.17 Gb Free Space | 81.45% Space Free | Partition Type: NTFS

    Computer Name: SKELCE-L7 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2013/03/19 17:54:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe
    PRC - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    PRC - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2011/02/08 02:41:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2010/12/03 16:19:26 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/03 16:19:20 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/08/13 21:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe
    PRC - [2010/03/12 11:42:02 | 000,462,993 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    PRC - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () -- c:\Windows\SysWOW64\srvany.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/07/25 09:43:18 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011/07/01 14:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
    SRV:64bit: - [2011/05/27 18:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV:64bit: - [2011/05/24 16:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV:64bit: - [2011/02/08 02:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/01/20 12:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
    SRV:64bit: - [2011/01/15 15:00:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2010/10/08 01:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
    SRV:64bit: - [2010/10/08 01:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
    SRV:64bit: - [2010/10/08 01:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/29 17:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
    SRV:64bit: - [2010/05/10 16:23:54 | 002,683,712 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
    SRV:64bit: - [2010/02/10 21:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2011/02/17 10:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
    SRV - [2010/12/03 16:19:26 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/03 16:19:20 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/12 12:56:38 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/12 12:56:38 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/12 11:17:39 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
    DRV:64bit: - [2011/10/12 11:17:39 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2011/10/12 11:17:39 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2011/10/12 11:17:39 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2011/10/12 11:17:39 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2011/07/22 12:28:56 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
    DRV:64bit: - [2011/07/15 21:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2011/06/10 15:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/04/05 04:36:46 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2011/03/23 17:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
    DRV:64bit: - [2011/02/07 10:49:38 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/01/15 15:00:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2011/01/15 14:59:54 | 004,719,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2011/01/03 18:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
    DRV:64bit: - [2011/01/03 16:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/09/03 11:40:24 | 000,104,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
    DRV:64bit: - [2010/09/02 03:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
    DRV:64bit: - [2010/09/02 03:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
    DRV:64bit: - [2010/07/21 14:13:40 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
    DRV:64bit: - [2010/02/26 20:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/16 17:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/15 21:56:06 | 000,616,960 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{E7C4FF30-E6F3-416C-8DB6-68620A121915}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{E7C4FF30-E6F3-416C-8DB6-68620A121915}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1028007176-880241210-1398436644-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
    IE - HKU\S-1-5-21-1028007176-880241210-1398436644-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
    IE - HKU\S-1-5-21-1028007176-880241210-1398436644-500\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1028007176-880241210-1398436644-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll File not found
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/21 09:32:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/02/28 10:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://g.msn.com/USREL/1
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/03/19 16:20:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
    O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKU\S-1-5-21-1028007176-880241210-1398436644-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {1943FDF7-2330-4EEC-B7E3-74D9C7864ECE} https://conference.lyrix.com/buddies/eDialCollabViewer.cab (CvncViewer Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.25.9 10.0.25.10
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lyrix.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{333C415A-D9CD-4CC1-930F-61EBC822D465}: DhcpNameServer = 10.0.25.9 10.0.25.10
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CE328ED-8EEF-41A7-9937-8723F37EF483}: DhcpNameServer = 10.0.25.9 10.0.25.10
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
    O30 - LSA: Authentication Packages - (wvauth) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/19 17:56:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/03/19 17:56:32 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/03/19 17:54:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe
    [2013/03/19 17:53:57 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Administrator.skelce-l7.000\Desktop\JRT.exe
    [2013/03/19 17:53:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
    [2013/03/19 17:50:04 | 005,041,561 | ---- | C] (Swearware) -- C:\Users\Administrator.skelce-l7.000\Desktop\ComboFix.exe
    [2013/03/19 17:47:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Broadcom
    [2013/03/19 17:47:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\Documents\Bluetooth Exchange Folder
    [2013/03/19 17:47:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Google
    [2013/03/19 17:47:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Creative
    [2013/03/19 17:47:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/03/19 17:47:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2013/03/19 17:47:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Searches
    [2013/03/19 17:47:00 | 000,000,000 | -H-D | C] -- C:\Users\Administrator.skelce-l7.000\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/03/19 17:46:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Identities
    [2013/03/19 17:46:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Contacts
    [2013/03/19 17:46:38 | 000,000,000 | --SD | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft
    [2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Videos
    [2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Saved Games
    [2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Pictures
    [2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Music
    [2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Links
    [2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Favorites
    [2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Downloads
    [2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Documents
    [2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\Desktop
    [2013/03/19 17:46:38 | 000,000,000 | R--D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Temporary Internet Files
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Templates
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Start Menu
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\SendTo
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Recent
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\PrintHood
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\NetHood
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Documents\My Videos
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Documents\My Pictures
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Documents\My Music
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\My Documents
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Local Settings
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\History
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Cookies
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\Application Data
    [2013/03/19 17:46:38 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Application Data
    [2013/03/19 17:46:38 | 000,000,000 | -H-D | C] -- C:\Users\Administrator.skelce-l7.000\AppData
    [2013/03/19 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\temp
    [2013/03/19 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Microsoft Help
    [2013/03/19 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Local\Microsoft
    [2013/03/19 17:46:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Media Center Programs
    [2013/03/19 16:25:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/03/19 16:20:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/03/19 14:03:07 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/03/18 15:30:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/03/18 15:30:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/03/18 15:30:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/03/18 15:28:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/03/18 14:10:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/03/14 16:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2013/03/14 16:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2013/03/14 16:01:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2013/03/14 15:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/03/14 15:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/03/14 15:24:00 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/03/14 15:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/03/14 14:45:31 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
    [2013/03/14 14:27:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2013/03/14 14:17:13 | 000,000,000 | ---D | C] -- C:\6db4f6672811fe965da4e9c38ef5
    [2013/02/28 13:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
    [2013/02/28 10:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/03/19 17:59:57 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/19 17:59:57 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/19 17:58:37 | 000,813,676 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/03/19 17:58:37 | 000,685,582 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/03/19 17:58:37 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/03/19 17:54:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe
    [2013/03/19 17:54:05 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Administrator.skelce-l7.000\Desktop\JRT.exe
    [2013/03/19 17:53:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/03/19 17:52:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/19 17:52:38 | 3140,169,728 | -HS- | M] () -- C:\hiberfil.sys
    [2013/03/19 17:51:19 | 000,609,993 | ---- | M] () -- C:\Users\Administrator.skelce-l7.000\Desktop\adwcleaner.exe
    [2013/03/19 17:50:04 | 005,041,561 | ---- | M] (Swearware) -- C:\Users\Administrator.skelce-l7.000\Desktop\ComboFix.exe
    [2013/03/19 16:20:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/03/18 15:27:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/03/18 10:27:49 | 000,412,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/03/15 10:08:11 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/03/14 16:13:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/03/14 15:24:07 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/03/14 14:45:31 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
    [2013/03/14 14:28:21 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/03/19 17:51:17 | 000,609,993 | ---- | C] () -- C:\Users\Administrator.skelce-l7.000\Desktop\adwcleaner.exe
    [2013/03/19 17:47:04 | 000,001,411 | ---- | C] () -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2013/03/19 17:47:02 | 000,001,445 | ---- | C] () -- C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/03/19 17:46:38 | 000,000,290 | ---- | C] () -- C:\Users\Administrator.skelce-l7.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2013/03/19 17:46:38 | 000,000,272 | ---- | C] () -- C:\Users\Administrator.skelce-l7.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2013/03/18 15:30:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/03/18 15:30:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/03/18 15:30:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/03/18 15:30:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/03/18 15:30:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/03/14 16:12:57 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2013/03/14 15:24:07 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/10/12 12:40:20 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/10/12 12:40:19 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/10/12 12:40:17 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/10/12 12:40:15 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/10/12 12:40:12 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/10/12 11:26:45 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
    [2011/10/12 11:26:27 | 000,004,500 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/10/12 11:26:06 | 000,000,206 | ---- | C] () -- C:\Windows\hbcikrnl.ini
    [2011/10/12 11:22:33 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/03/14 17:09:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
    [2011/10/25 08:33:14 | 000,000,000 | ---D | M] -- C:\Users\skelce.LYRIX\AppData\Roaming\Actual Tools
    [2011/10/21 15:14:04 | 000,000,000 | ---D | M] -- C:\Users\skelce.LYRIX\AppData\Roaming\Broadview Networks
    [2013/03/14 13:17:52 | 000,000,000 | ---D | M] -- C:\Users\skelce.LYRIX\AppData\Roaming\Skinux
    [2012/08/08 11:01:31 | 000,000,000 | ---D | M] -- C:\Users\skelce.LYRIX\AppData\Roaming\webex
    [2011/10/21 13:46:57 | 000,000,000 | ---D | M] -- C:\Users\tlesniak\AppData\Roaming\Broadview Networks
    [2011/10/21 09:36:27 | 000,000,000 | ---D | M] -- C:\Users\tlesniak\AppData\Roaming\Notepad++
    [2013/02/28 13:45:30 | 000,000,000 | ---D | M] -- C:\Users\tlesniak\AppData\Roaming\Skinux
    [2011/10/20 16:53:20 | 000,000,000 | ---D | M] -- C:\Users\tlesniak\AppData\Roaming\Wave Systems Corp

    ========== Purity Check ==========



    < End of report >
  4. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Extras.txt


    OTL Extras logfile created on: 3/19/2013 6:03:56 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator.skelce-l7.000\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.90 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 72.35% Memory free
    7.80 Gb Paging File | 6.57 Gb Available in Paging File | 84.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.29 Gb Total Space | 233.17 Gb Free Space | 81.45% Space Free | Partition Type: NTFS

    Computer Name: SKELCE-L7 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-1028007176-880241210-1398436644-500\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
    "{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
    "{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
    "{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
    "{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
    "{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
    "{560DCF39-61D1-43B0-86DA-5EFF8F7A5144}" = AuthenTec Fingerprint Software
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
    "{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}" = O2Micro OZ776 SCR Driver
    "{777FF553-493D-4068-BAC7-EE2D73DB7434}" = Wave Infrastructure Installer
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
    "{FDF509ED-9624-4FDE-9BAA-9566C186AB96}" = Dell System Manager
    "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Shrew Soft VPN Client" = Shrew Soft VPN Client
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02BCCCFB-9741-498A-A89E-2C9BFF66DA14}" = OfficeSuite Softphone
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
    "{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
    "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
    "{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
    "{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Actual Multiple Monitors_is1" = Actual Multiple Monitors 3.3
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Dell Webcam Central" = Dell Webcam Central
    "Google Chrome" = Google Chrome
    "InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
    "InstallShield_{732D0C79-C6E3-4EDE-8D11-67D58697E0DE}" = O2Micro OZ776 SCR Driver
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
    "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
    "Notepad++" = Notepad++
    "Office14.VISIOR" = Microsoft Visio Premium 2010
    "PuTTY_is1" = PuTTY version 0.61
    "SMALLBUSINESSR" = Microsoft Office Small Business 2007
    "WinLiveSuite" = Windows Live Essentials
    "winscp3_is1" = WinSCP 4.3.5

    ========== Last 20 Event Log Errors ==========

    [ Broadcom Wireless LAN Events ]
    Error - 3/14/2013 1:49:48 PM | Computer Name = skelce-l7.Lyrix.com | Source = WLAN-Tray | ID = 0
    Description = 13:49:48, Thu, Mar 14, 13 Error - Unable to gain access to user store


    Error - 3/14/2013 1:53:05 PM | Computer Name = skelce-l7.Lyrix.com | Source = WLAN-Tray | ID = 0
    Description = 13:53:05, Thu, Mar 14, 13 Error - Unable to gain access to user store


    [ OSession Events ]
    Error - 7/25/2012 4:12:56 PM | Computer Name = skelce-l7.Lyrix.com | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 218
    seconds with 0 seconds of active time. This session ended with a crash.


    < End of report >
  5. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
      FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll File not found
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
      O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found
      O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O30 - LSA: Authentication Packages - (wvauth) - File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  6. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    I ran OTL again with your above fix and it did appear to hang. When this happened the custom fix box at the bottom still had the following in it
    Code:
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    I rebooted into safe mode and a log file popped up. Here is that log file:


    Files\Folders moved on Reboot...​
    File move failed. C:\Users\Administrator.skelce-l7.000\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.​

    PendingFileRenameOperations files...​

    Registry entries deleted on Reboot...​


    Since you had said that OTL could stall, to run the fix from safe mode, I proceeded to re-run the fix in safe mode. This seemed to hang in the same place, but I just let it be, finally after about 10-15 minutes I got the blue activity bar moving at the bottom of the OTL window. That went on for a good 20+ minutes and finally it said that it needed to reboot. I rebooted, but now I'm getting the "the request is not supported" login error again after I try to enter my username/password in a normal boot.

    I rebooted into safe mode expecting OTL to show a log file of what it did, but there are no log files from the previous fix.
  7. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    I re-ran FRST, here is the log file:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 7 days old)
    Ran by SYSTEM at 20-03-2013 11:46:54
    Running from F:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-04-04] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
    HKLM\...\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
    HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd)
    HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.)
    HKU\skelce.LYRIX\...\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [1675592 2011-08-05] (Actual Tools)
    HKU\tlesniak\...\Run: [OfficeSuite Softphone] "C:\Program Files (x86)\Broadview\officesuite.exe" [14979072 2011-04-11] ()
    HKLM-x32\...\RunOnce: [OTL] "C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe" [602112 2013-03-19] (OldTimer Tools)
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    Tcpip\Parameters: [DhcpNameServer] 10.0.25.9 10.0.25.10
    Lsa: [Authentication Packages] msv1_0
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Dell System Manager.lnk
    ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
    Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )

    ==================== Services (Whitelisted) ===================

    2 BrcmMgmtAgent; "C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service [158720 2010-06-29] (Broadcom Corporation)
    2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [56592 2010-10-07] ()
    2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [957712 2010-10-07] ()
    2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [697616 2010-10-07] ()
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [379360 2013-01-27] (Microsoft Corporation)
    2 O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
    2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1633280 2011-02-17] ()
    2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
    2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [x]
    3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [x]
    2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [x]

    ==================== Drivers (Whitelisted) =====================

    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-03-20 06:25 - 2013-03-20 06:25 - 00000498 ____A C:\Users\Administrator.skelce-l7.000\Desktop\03202013_101110.log
    2013-03-20 06:11 - 2013-03-20 06:11 - 00000000 ____D C:\_OTL
    2013-03-19 15:30 - 2013-03-19 16:45 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2013-03-19 14:08 - 2013-03-19 14:12 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Notepad++
    2013-03-19 14:07 - 2013-03-19 14:07 - 00090462 ____A C:\Users\Administrator.skelce-l7.000\Desktop\OTL.Txt
    2013-03-19 14:07 - 2013-03-19 14:07 - 00041968 ____A C:\Users\Administrator.skelce-l7.000\Desktop\Extras.Txt
    2013-03-19 14:02 - 2013-03-19 14:02 - 00000641 ____A C:\Users\Administrator.skelce-l7.000\Desktop\JRT.txt
    2013-03-19 13:56 - 2013-03-19 13:56 - 00000000 ____D C:\Windows\ERUNT
    2013-03-19 13:56 - 2013-03-19 13:56 - 00000000 ____D C:\JRT
    2013-03-19 13:54 - 2013-03-19 13:54 - 00602112 ____A (OldTimer Tools) C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe
    2013-03-19 13:53 - 2013-03-19 13:54 - 00549920 ____A (Oleg N. Scherbakov) C:\Users\Administrator.skelce-l7.000\Desktop\JRT.exe
    2013-03-19 13:51 - 2013-03-19 13:51 - 00609993 ____A C:\Users\Administrator.skelce-l7.000\Desktop\adwcleaner.exe
    2013-03-19 13:51 - 2013-03-19 13:51 - 00000745 ____A C:\AdwCleaner[S1].txt
    2013-03-19 13:50 - 2013-03-19 13:50 - 05041561 ____A (Swearware) C:\Users\Administrator.skelce-l7.000\Desktop\ComboFix.exe
    2013-03-19 13:47 - 2013-03-19 13:47 - 00108840 ____A C:\Users\Administrator.skelce-l7.000\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\Documents\Bluetooth Exchange Folder
    2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Creative
    2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Local\Google
    2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Local\Broadcom
    2013-03-19 13:46 - 2013-03-19 13:47 - 00000000 ____D C:\users\Administrator.skelce-l7.000
    2013-03-19 13:46 - 2013-03-19 13:46 - 00000020 ___SH C:\Users\Administrator.skelce-l7.000\ntuser.ini
    2013-03-19 13:46 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Local\Microsoft Help
    2013-03-19 12:33 - 2013-03-19 12:33 - 00108840 ____A C:\Users\Administrator.skelce-l7\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\Documents\Bluetooth Exchange Folder
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Roaming\Creative
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Broadcom
    2013-03-19 12:32 - 2013-03-19 12:32 - 00000020 ___SH C:\Users\Administrator.skelce-l7\ntuser.ini
    2013-03-19 12:32 - 2013-03-19 12:32 - 00000000 ____D C:\users\Administrator.skelce-l7
    2013-03-19 12:32 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Microsoft Help
    2013-03-19 12:25 - 2013-03-19 12:25 - 00021054 ____A C:\ComboFix.txt
    2013-03-19 12:06 - 2013-03-19 12:07 - 05041561 ____R (Swearware) C:\Users\Administrator.skelce-l7\Desktop\ComboFix.exe
    2013-03-19 12:05 - 2013-03-19 12:05 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Google
    2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
    2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
    2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
    2013-03-18 11:30 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2013-03-18 11:30 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2013-03-18 11:30 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2013-03-18 11:30 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2013-03-18 11:28 - 2013-03-19 12:16 - 00000000 ____D C:\Windows\erdnt
    2013-03-18 10:10 - 2013-03-19 12:25 - 00000000 ____D C:\Qoobox
    2013-03-15 05:33 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2013-03-15 05:33 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2013-03-15 05:33 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2013-03-15 05:33 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
    2013-03-15 05:28 - 2013-03-15 05:30 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
    2013-03-15 05:27 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-03-15 05:27 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-03-15 05:27 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-03-15 05:27 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-03-15 05:27 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-03-15 05:27 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-03-15 05:27 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-03-15 05:27 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-03-15 05:27 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-03-15 05:27 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-03-15 05:27 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-03-15 05:27 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-03-15 05:27 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-03-15 05:27 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-03-15 05:27 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-03-15 05:27 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-03-15 05:27 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-03-15 05:27 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-03-15 05:27 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-03-15 05:27 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-03-15 05:27 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-03-15 05:27 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-03-15 05:27 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-03-15 05:27 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-03-15 05:27 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-03-15 05:27 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-03-15 05:27 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-03-15 05:27 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-03-15 05:27 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-03-15 05:27 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-03-15 05:27 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-03-15 05:27 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
    2013-03-15 05:24 - 2013-03-15 05:28 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
    2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
    2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2013-03-14 13:02 - 2013-03-14 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
    2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
    2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
    2013-03-14 12:32 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-03-14 12:32 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-03-14 12:32 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-03-14 12:32 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-03-14 12:32 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-03-14 12:32 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-03-14 12:32 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-03-14 12:32 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-03-14 12:32 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-03-14 12:31 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-03-14 12:31 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-03-14 12:31 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-03-14 12:31 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-03-14 12:31 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-03-14 12:31 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-03-14 12:31 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-03-14 12:31 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2013-03-14 12:31 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2013-03-14 12:31 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2013-03-14 12:31 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2013-03-14 12:31 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2013-03-14 12:31 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2013-03-14 12:31 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2013-03-14 12:30 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-03-14 12:30 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2013-03-14 12:30 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2013-03-14 12:30 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2013-03-14 12:30 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2013-03-14 12:30 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2013-03-14 12:29 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2013-03-14 12:29 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-03-14 12:29 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-03-14 12:29 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-03-14 12:29 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-03-14 12:29 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-03-14 12:29 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-03-14 12:29 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2013-03-14 12:29 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-03-14 12:29 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2013-03-14 12:29 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2013-03-14 12:29 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2013-03-14 12:29 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2013-03-14 12:29 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-03-14 12:29 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2013-03-14 12:29 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2013-03-14 12:29 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2013-03-14 12:29 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2013-03-14 12:29 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2013-03-14 12:29 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2013-03-14 12:29 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2013-03-14 12:29 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-03-14 12:29 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-03-14 12:29 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2013-03-14 12:28 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
    2013-03-14 12:28 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2013-03-14 12:28 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2013-03-14 12:28 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2013-03-14 12:28 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2013-03-14 12:28 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2013-03-14 12:28 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2013-03-14 12:28 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2013-03-14 12:28 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2013-03-14 12:28 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2013-03-14 12:13 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2013-03-14 12:13 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2013-03-14 12:13 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2013-03-14 12:12 - 2013-03-14 12:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
    2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
    2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-14 11:24 - 2012-12-14 12:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-03-14 11:21 - 2013-03-14 11:22 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2013-03-14 10:27 - 2013-03-14 10:33 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
    2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
    2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
    2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
    2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
    2013-03-14 09:40 - 2013-03-18 11:20 - 00000000 ____D C:\users\Administrator
    2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2013-03-14 09:40 - 2011-10-24 13:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
    2013-03-14 09:21 - 2013-03-14 09:22 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
    2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
    2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
    2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
    2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
    2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
    2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
    2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
    2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
    2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
    2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
    2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
    2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
    2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
    2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
    2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
    2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
    2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
    2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
    2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
    2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip

    ==================== One Month Modified Files and Folders =======

    2013-03-20 07:37 - 2009-07-13 21:13 - 00813676 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-03-20 07:30 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-03-20 07:30 - 2009-07-13 20:51 - 00056051 ____A C:\Windows\setupact.log
    2013-03-20 06:25 - 2013-03-20 06:25 - 00000498 ____A C:\Users\Administrator.skelce-l7.000\Desktop\03202013_101110.log
    2013-03-20 06:14 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-03-20 06:14 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-03-20 06:11 - 2013-03-20 06:11 - 00000000 ____D C:\_OTL
    2013-03-20 06:07 - 2011-10-21 05:47 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-03-19 16:45 - 2013-03-19 15:30 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2013-03-19 14:12 - 2013-03-19 14:08 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Notepad++
    2013-03-19 14:07 - 2013-03-19 14:07 - 00090462 ____A C:\Users\Administrator.skelce-l7.000\Desktop\OTL.Txt
    2013-03-19 14:07 - 2013-03-19 14:07 - 00041968 ____A C:\Users\Administrator.skelce-l7.000\Desktop\Extras.Txt
    2013-03-19 14:02 - 2013-03-19 14:02 - 00000641 ____A C:\Users\Administrator.skelce-l7.000\Desktop\JRT.txt
    2013-03-19 13:56 - 2013-03-19 13:56 - 00000000 ____D C:\Windows\ERUNT
    2013-03-19 13:56 - 2013-03-19 13:56 - 00000000 ____D C:\JRT
    2013-03-19 13:54 - 2013-03-19 13:54 - 00602112 ____A (OldTimer Tools) C:\Users\Administrator.skelce-l7.000\Desktop\OTL.exe
    2013-03-19 13:54 - 2013-03-19 13:53 - 00549920 ____A (Oleg N. Scherbakov) C:\Users\Administrator.skelce-l7.000\Desktop\JRT.exe
    2013-03-19 13:51 - 2013-03-19 13:51 - 00609993 ____A C:\Users\Administrator.skelce-l7.000\Desktop\adwcleaner.exe
    2013-03-19 13:51 - 2013-03-19 13:51 - 00000745 ____A C:\AdwCleaner[S1].txt
    2013-03-19 13:50 - 2013-03-19 13:50 - 05041561 ____A (Swearware) C:\Users\Administrator.skelce-l7.000\Desktop\ComboFix.exe
    2013-03-19 13:47 - 2013-03-19 13:47 - 00108840 ____A C:\Users\Administrator.skelce-l7.000\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\Documents\Bluetooth Exchange Folder
    2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Roaming\Creative
    2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Local\Google
    2013-03-19 13:47 - 2013-03-19 13:47 - 00000000 ____D C:\Users\Administrator.skelce-l7.000\AppData\Local\Broadcom
    2013-03-19 13:47 - 2013-03-19 13:46 - 00000000 ____D C:\users\Administrator.skelce-l7.000
    2013-03-19 13:46 - 2013-03-19 13:46 - 00000020 ___SH C:\Users\Administrator.skelce-l7.000\ntuser.ini
    2013-03-19 12:33 - 2013-03-19 12:33 - 00108840 ____A C:\Users\Administrator.skelce-l7\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\Documents\Bluetooth Exchange Folder
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Roaming\Creative
    2013-03-19 12:33 - 2013-03-19 12:33 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Broadcom
    2013-03-19 12:32 - 2013-03-19 12:32 - 00000020 ___SH C:\Users\Administrator.skelce-l7\ntuser.ini
    2013-03-19 12:32 - 2013-03-19 12:32 - 00000000 ____D C:\users\Administrator.skelce-l7
    2013-03-19 12:25 - 2013-03-19 12:25 - 00021054 ____A C:\ComboFix.txt
    2013-03-19 12:25 - 2013-03-18 10:10 - 00000000 ____D C:\Qoobox
    2013-03-19 12:20 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2013-03-19 12:17 - 2010-11-20 19:47 - 00029564 ____A C:\Windows\PFRO.log
    2013-03-19 12:16 - 2013-03-18 11:28 - 00000000 ____D C:\Windows\erdnt
    2013-03-19 12:16 - 2009-07-13 18:34 - 68464640 ____A C:\Windows\System32\config\SOFTWARE.bak
    2013-03-19 12:16 - 2009-07-13 18:34 - 14417920 ____A C:\Windows\System32\config\SYSTEM.bak
    2013-03-19 12:16 - 2009-07-13 18:34 - 00335872 ____A C:\Windows\System32\config\DEFAULT.bak
    2013-03-19 12:16 - 2009-07-13 18:34 - 00061440 ____A C:\Windows\System32\config\SAM.bak
    2013-03-19 12:16 - 2009-07-13 18:34 - 00028672 ____A C:\Windows\System32\config\SECURITY.bak
    2013-03-19 12:07 - 2013-03-19 12:06 - 05041561 ____R (Swearware) C:\Users\Administrator.skelce-l7\Desktop\ComboFix.exe
    2013-03-19 12:05 - 2013-03-19 12:05 - 00000000 ____D C:\Users\Administrator.skelce-l7\AppData\Local\Google
    2013-03-19 10:03 - 2013-03-19 10:03 - 00000000 ____D C:\FRST
    2013-03-18 13:12 - 2011-10-12 07:07 - 02030933 ____A C:\Windows\WindowsUpdate.log
    2013-03-18 12:32 - 2013-03-18 12:32 - 05041875 ____R (Swearware) C:\Users\Administrator\Desktop\lyr-fix.exe
    2013-03-18 12:32 - 2013-03-18 12:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
    2013-03-18 12:32 - 2011-10-20 12:46 - 00000224 ____A C:\Windows\System32\config\netlogon.ftl
    2013-03-18 11:38 - 2011-10-21 10:47 - 00000000 ____D C:\users\skelce.LYRIX
    2013-03-18 11:27 - 2011-10-21 05:47 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-03-18 11:20 - 2013-03-14 09:40 - 00000000 ____D C:\users\Administrator
    2013-03-18 11:18 - 2011-10-21 05:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-03-18 11:18 - 2011-10-20 12:48 - 00000000 ____D C:\users\tlesniak
    2013-03-18 11:18 - 2011-10-20 12:17 - 00000000 ____D C:\users\skelce
    2013-03-18 11:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2013-03-18 06:27 - 2012-05-11 11:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2013-03-18 06:27 - 2009-07-13 20:45 - 00412624 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-03-15 06:10 - 2012-01-11 09:25 - 00000000 __SHD C:\Users\skelce.LYRIX\AppData\Local\{43c45790-a302-66a2-21db-bedf28d52ae1}
    2013-03-15 06:09 - 2011-10-21 08:06 - 00000039 ____A C:\Windows\vbaddin.ini
    2013-03-15 06:09 - 2011-10-21 06:07 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-03-15 06:08 - 2011-02-10 06:33 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2013-03-15 05:31 - 2013-03-15 05:31 - 00000000 ____D C:\Users\Administrator\Desktop\mbar-1.01.0.1021
    2013-03-15 05:30 - 2013-03-15 05:28 - 00001818 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_03152013_02d0928.txt
    2013-03-15 05:28 - 2013-03-15 05:24 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
    2013-03-15 05:26 - 2013-03-15 05:26 - 00001748 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_03152013_02d0926.txt
    2013-03-15 05:24 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
    2013-03-15 05:21 - 2013-03-15 05:21 - 13786977 ____A C:\Users\Administrator\Desktop\mbar-1.01.0.1021.zip
    2013-03-15 05:20 - 2013-03-15 05:20 - 00815616 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
    2013-03-14 13:09 - 2013-03-14 13:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
    2013-03-14 12:57 - 2013-03-14 12:57 - 00075075 ____A C:\Users\Administrator\Desktop\attach.txt
    2013-03-14 12:57 - 2013-03-14 12:57 - 00016267 ____A C:\Users\Administrator\Desktop\dds.txt
    2013-03-14 12:13 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2013-03-14 12:13 - 2011-10-21 05:31 - 00001945 ____A C:\Windows\epplauncher.mif
    2013-03-14 12:12 - 2013-03-14 12:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2013-03-14 12:03 - 2011-10-21 05:39 - 00000000 ____D C:\ProgramData\Adobe
    2013-03-14 12:01 - 2013-03-14 12:01 - 00000000 ____D C:\Windows\System32\appmgmt
    2013-03-14 11:38 - 2013-03-14 11:38 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
    2013-03-14 11:24 - 2013-03-14 11:24 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-03-14 11:24 - 2013-03-14 11:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-14 11:22 - 2013-03-14 11:21 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.70.0.1100.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 01805736 ____A (Symantec Corporation) C:\Users\Administrator\Downloads\FixZeroAccess.exe
    2013-03-14 10:45 - 2013-03-14 10:45 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
    2013-03-14 10:33 - 2013-03-14 10:27 - 00000000 ____D C:\TDSSKiller_Quarantine
    2013-03-14 10:28 - 2012-07-18 09:59 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-03-14 10:24 - 2013-03-14 10:24 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\Desktop\tdsskiller
    2013-03-14 10:24 - 2013-03-14 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
    2013-03-14 10:17 - 2013-03-14 10:17 - 00000000 ____D C:\6db4f6672811fe965da4e9c38ef5
    2013-03-14 10:09 - 2013-03-14 10:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
    2013-03-14 10:08 - 2013-03-14 10:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
    2013-03-14 10:07 - 2013-03-14 10:07 - 00108840 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-03-14 10:07 - 2013-03-14 10:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Creative
    2013-03-14 10:05 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2013-03-14 09:51 - 2013-03-14 09:51 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\qiylpclo.sys
    2013-03-14 09:40 - 2013-03-14 09:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2013-03-14 09:22 - 2013-03-14 09:21 - 13475464 ____A (Microsoft Corporation) C:\Users\skelce.LYRIX\Downloads\mseinstall.exe
    2013-03-14 09:17 - 2011-10-21 11:14 - 00000000 ____D C:\Users\skelce.LYRIX\AppData\Roaming\Skinux
    2013-03-14 06:45 - 2013-03-14 06:45 - 00008046 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (16).wav
    2013-03-14 04:36 - 2013-03-14 04:36 - 00012597 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Mar 1 to Mar 15 2013.xlsx
    2013-03-13 06:58 - 2013-03-13 06:58 - 00047402 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet March 15 2013.xlsm
    2013-03-12 12:34 - 2013-03-12 12:34 - 00045006 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (15).wav
    2013-03-12 12:32 - 2013-03-12 12:32 - 00040526 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (14).wav
    2013-03-12 10:01 - 2013-03-12 10:01 - 00346606 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (13).wav
    2013-03-12 09:46 - 2013-03-12 09:46 - 03122563 ____A C:\Users\skelce.LYRIX\Downloads\2013 February Mobile, ADSL and home line Expenses cash GBP.zip
    2013-03-11 07:22 - 2013-03-11 07:22 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (12).wav
    2013-03-11 07:20 - 2013-03-11 07:20 - 00198766 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (11).wav
    2013-03-11 05:44 - 2013-03-11 05:44 - 00036846 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (10).wav
    2013-03-06 10:08 - 2013-03-06 10:08 - 00060206 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (9).wav
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (7).csv
    2013-03-04 11:14 - 2013-03-04 11:14 - 00000078 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (6).csv
    2013-03-04 11:11 - 2013-03-04 11:11 - 00000022 ____A C:\Users\skelce.LYRIX\Downloads\ArchiveService (5).csv
    2013-03-04 10:53 - 2011-10-21 10:08 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-02-28 09:45 - 2011-10-21 10:19 - 00000000 ____D C:\Users\tlesniak\AppData\Roaming\Skinux
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\Users\tlesniak\Documents\Dell WebCam Central
    2013-02-28 09:13 - 2013-02-28 09:13 - 00000000 ____D C:\ProgramData\Creative
    2013-02-28 09:11 - 2011-10-21 05:48 - 00002261 ____A C:\Users\tlesniak\Desktop\Google Chrome.lnk
    2013-02-28 09:11 - 2011-10-20 12:49 - 00108840 ____A C:\Users\tlesniak\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-02-28 08:56 - 2013-02-28 08:56 - 01004952 ____A (Solid State Networks) C:\Users\skelce.LYRIX\Downloads\install_flashplayer11x32_mssa_aih.exe
    2013-02-28 08:49 - 2012-04-20 07:22 - 00012389 ____A C:\Users\skelce.LYRIX\Desktop\EE Stock Ownership Addresses.xlsx
    2013-02-28 06:37 - 2013-02-28 06:37 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2013-02-28 06:37 - 2011-10-12 07:16 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2013-02-28 06:17 - 2013-02-28 06:17 - 00000000 ____D C:\ProgramData\McAfee
    2013-02-27 06:54 - 2013-02-27 06:54 - 00047314 ____A C:\Users\skelce.LYRIX\Downloads\TimeSheet February 28 2013.xlsm
    2013-02-26 13:22 - 2013-02-26 13:22 - 00522926 ____A C:\Users\skelce.LYRIX\Downloads\Voice Message (8).wav
    2013-02-26 06:03 - 2013-02-26 06:03 - 00012568 ____A C:\Users\skelce.LYRIX\Downloads\Heather's Timesheet Feb16 to Feb 28 2013.xlsx
    2013-02-21 12:06 - 2013-02-21 12:06 - 00811672 ____A C:\Users\skelce.LYRIX\Downloads\message_zdm (3).html
    2013-02-20 13:40 - 2013-02-20 13:40 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform (1).zip
    2013-02-20 13:38 - 2013-02-20 13:38 - 00142650 ____A C:\Users\skelce.LYRIX\Downloads\importantpleasecompletetheadprtipreparationform.zip
  8. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-01-18 07:54:32
    Restore point made on: 2013-02-13 13:22:03
    Restore point made on: 2013-02-28 06:36:48
    Restore point made on: 2013-02-28 06:37:22
    Restore point made on: 2013-03-14 12:00:32
    Restore point made on: 2013-03-14 12:02:54
    Restore point made on: 2013-03-14 12:04:58
    Restore point made on: 2013-03-14 12:18:28
    Restore point made on: 2013-03-15 05:22:18
    Restore point made on: 2013-03-18 06:36:34
    Restore point made on: 2013-03-18 10:04:27
    Restore point made on: 2013-03-18 11:13:04
    Restore point made on: 2013-03-19 12:04:03

    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 3992.93 MB
    Available physical RAM: 3350.59 MB
    Total Pagefile: 3991.13 MB
    Available Pagefile: 3334.68 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:286.29 GB) (Free:237.88 GB) NTFS
    3 Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (RECOVERY) (Fixed) (Total:11.76 GB) (Free:5.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 1920 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 1A17B0CE

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 11 GB 40 MB
    Partition 3 Primary 286 GB 11 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 39 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y RECOVERY NTFS Partition 11 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 286 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 00000001

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 1920 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    =========================================================
    ============================== MBR Partition Table ==================

    ==============================
    Partitions of Disk 0:
    ===============
    Disk ID: 1A17B0CE

    Partition 1:
    =========
    Hex: 00010100DEFE3F043F00000086390100
    Active: NO
    Type: DE
    Size: 39 MB

    Partition 2:
    =========
    Hex: 8019150507FEFFFF0040010000607801
    Active: YES
    Type: 07 (NTFS)
    Size: 12 GB

    Partition 3:
    =========
    Hex: 00FEFFFF07FEFFFF00A079010040C923
    Active: NO
    Type: 07 (NTFS)
    Size: 286 GB

    ==============================
    Partitions of Disk 1:
    ===============
    Disk ID: 6F20736B

    Partition 1:
    =========
    Hex: 6F74686572206D656469612EFF0D0A44
    Active: NO
    Type: 72
    Size: 544 GB

    Partition 2:
    =========
    Hex: 69736B206572726F72FF0D0A50726573
    Active: NO
    Type: 65
    Size: 923 GB

    Partition 3:
    =========
    Hex: 7320616E79206B657920746F20726573
    Active: NO
    Type: 79
    Size: 923 GB

    Partition 4:
    =========
    Hex: 746172740D0A00000000000000ACCBD8
    Active: NO
    Type: 0D
    Size: -336763289600 byte


    Last Boot: 2013-03-05 08:03

    ==================== End Of Log =============================
  9. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.

    Attached Files:

  10. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    I can now boot normally and login after running the frst fix. Here is the log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
    Ran by SYSTEM at 2013-03-21 14:05:01 Run:3
    Running from F:\

    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
  11. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Good news but what bothers me is why running Combofix fix or OTL fix causes some issues for you.

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    Leave all checkmarks as they're.
    NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

    Click on Start button.

    [​IMG]

    Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
     
  12. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Ran the checkdisk, no troubles found.
    Ran the system file check and I believe that it did fix a few issues. I've got the log file but it's 1.5million characters, so I'm not going to be posting that (and you didn't request it anyway).
    Ran the repairs and here is the windows repair logfile:

    Running Repair Under System Account
    Running Repair Under System Account
    Starting Repairs...
    Start (3/21/2013 4:42:49 PM)

    Reset Registry Permissions 01/03
    HKEY_CURRENT_USER & Sub Keys
    Start (3/21/2013 4:42:49 PM)
    Running Repair Under Current User Account
    Done (3/21/2013 4:42:52 PM)

    Reset Registry Permissions 02/03
    HKEY_LOCAL_MACHINE & Sub Keys
    Start (3/21/2013 4:42:52 PM)
    Running Repair Under System Account
    Done (3/21/2013 4:43:39 PM)

    Reset Registry Permissions 03/03
    HKEY_CLASSES_ROOT & Sub Keys
    Start (3/21/2013 4:43:39 PM)
    Running Repair Under System Account
    Done (3/21/2013 4:44:09 PM)

    Register System Files
    Start (3/21/2013 4:44:09 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:44:28 PM)

    Repair WMI
    Start (3/21/2013 4:44:28 PM)
    Running Repair Under Current User Account
    Invalid Global Switch.

    Invalid Global Switch.

    Running Repair Under System Account
    Invalid Global Switch.

    Invalid Global Switch.

    Done (3/21/2013 4:46:12 PM)

    Repair Windows Firewall
    Start (3/21/2013 4:46:12 PM)
    Running Repair Under Current User Account
    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    Running Repair Under System Account
    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    Done (3/21/2013 4:46:17 PM)

    Repair Internet Explorer
    Start (3/21/2013 4:46:17 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:46:23 PM)

    Repair MDAC/MS Jet
    Start (3/21/2013 4:46:23 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:46:34 PM)

    Repair Hosts File
    Start (3/21/2013 4:46:34 PM)
    Running Repair Under System Account
    Done (3/21/2013 4:46:37 PM)

    Remove Policies Set By Infections
    Start (3/21/2013 4:46:37 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:46:41 PM)

    Repair Icons
    Start (3/21/2013 4:46:42 PM)
    Running Repair Under System Account
    Could Not Find C:\Users\Administrator.skelce-l7.001\AppData\Local\IconCache.db.bak
    Could Not Find C:\Users\Administrator.skelce-l7.001\AppData\Local\IconCache.db
    Done (3/21/2013 4:46:44 PM)

    Repair Winsock & DNS Cache
    Start (3/21/2013 4:46:44 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:46:59 PM)

    Repair Proxy Settings
    Start (3/21/2013 4:46:59 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:47:04 PM)

    Repair Windows Updates
    Start (3/21/2013 4:47:04 PM)
    Running Repair Under Current User Account
    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The Windows Update service is not started.

    More help is available by typing NET HELPMSG 3521.

    The system cannot find the file specified.
    Running Repair Under System Account
    The Cryptographic Services service is not started.

    More help is available by typing NET HELPMSG 3521.

    The service name is invalid.

    More help is available by typing NET HELPMSG 2185.

    The Windows Update service is not started.

    More help is available by typing NET HELPMSG 3521.

    The system cannot find the file specified.
    Done (3/21/2013 4:47:38 PM)

    Repair CD/DVD Missing/Not Working
    Start (3/21/2013 4:47:38 PM)
    Done (3/21/2013 4:47:38 PM)

    Repair Volume Shadow Copy Service
    Start (3/21/2013 4:47:38 PM)
    Running Repair Under Current User Account
    The Volume Shadow Copy service is not started.

    More help is available by typing NET HELPMSG 3521.

    Running Repair Under System Account
    The Volume Shadow Copy service is not started.

    More help is available by typing NET HELPMSG 3521.

    The Microsoft Software Shadow Copy Provider service is not started.

    More help is available by typing NET HELPMSG 3521.

    Done (3/21/2013 4:47:45 PM)

    Repair MSI (Windows Installer)
    Start (3/21/2013 4:47:45 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:47:54 PM)

    Repair bat Association
    Start (3/21/2013 4:47:54 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:47:58 PM)

    Repair cmd Association
    Start (3/21/2013 4:47:58 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:03 PM)

    Repair com Association
    Start (3/21/2013 4:48:03 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:08 PM)

    Repair Directory Association
    Start (3/21/2013 4:48:08 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:13 PM)

    Repair Drive Association
    Start (3/21/2013 4:48:13 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:17 PM)

    Repair exe Association
    Start (3/21/2013 4:48:17 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:22 PM)

    Repair Folder Association
    Start (3/21/2013 4:48:22 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:27 PM)

    Repair inf Association
    Start (3/21/2013 4:48:27 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:32 PM)

    Repair lnk (Shortcuts) Association
    Start (3/21/2013 4:48:32 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:36 PM)

    Repair msc Association
    Start (3/21/2013 4:48:36 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:41 PM)

    Repair reg Association
    Start (3/21/2013 4:48:41 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:46 PM)

    Repair scr Association
    Start (3/21/2013 4:48:46 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:51 PM)

    Repair Windows Safe Mode
    Start (3/21/2013 4:48:51 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:48:55 PM)

    Repair Print Spooler
    Start (3/21/2013 4:48:55 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:49:08 PM)

    Restore Important Windows Services
    Start (3/21/2013 4:49:08 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:49:13 PM)

    Set Windows Services To Default Startup
    Start (3/21/2013 4:49:13 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (3/21/2013 4:49:18 PM)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done (3/21/2013 4:49:18 PM)
    Total Repair Time: 00:06:29


    ...YOU MUST RESTART YOUR SYSTEM...
    Running Repair Under System Account
  13. Broni

    Broni Malware Annihilator Posts: 46,787   +254

  14. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Just want to confirm that you want me to run the OTL with the fix that you included in post #30 and not just run OTL in scan mode.
  15. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Yes. Post #30.
  16. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    I ran the fix and I got the same result. "request is not supported" when trying to login after it reboots. Rebooted into safe mode and I can get in. I did find the OTL logs in c:\_OTL\MovedFiles\ if that would help at all.
  17. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Use restore point you created before running OTL fix.
  18. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    Ok, I have used the restore point that I created earlier today and can login via a normal bootup.
  19. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    This is little bit perplexing.

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  20. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    checkup.txt

    Results of screen317's Security Check version 0.99.61
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 15
    Java version out of Date!
    Adobe Flash Player 11.6.602.171
    Adobe Reader 10.1.4 Adobe Reader out of Date!
    Mozilla Firefox (7.0.1)
    Google Chrome 25.0.1364.152
    Google Chrome 25.0.1364.172
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````



    FSS.txt


    Farbar Service Scanner Version: 03-03-2013
    Ran by Administrator (administrator) on 21-03-2013 at 19:52:21
    Running from "C:\Users\Administrator.skelce-l7.001\Desktop"
    Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Yahoo.com is offline


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
    Unable to retrieve ServiceDll of WinDefend. The value does not exist.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****




    Ran both TFC and ESET online scan. no threats found from ESET.
  21. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    We still have some issues.
    I can see some Windows services which are not running despite us running Windows repair earlier.

    I'd assume that your infection corrupted Windows installation in some ways.

    Let's run repair installation: http://www.sevenforums.com/tutorials/3413-repair-install.html

    Post new FSS log afterwards.
  22. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    So at this point the system should be virus free, right? If that's the case I need to have the user move any of their files off of the system that they need so that we don't accidentally lose anything. I wanted to wait to pull files from the system until it was virus free this way I wouldn't be concerned with cross contaminating another system.
  23. Broni

    Broni Malware Annihilator Posts: 46,787   +254

    Yes, your computer is clean and yes it's always a good idea to backup important files.
  24. Lyr21

    Lyr21 TS Rookie Topic Starter Posts: 34

    I ran the repair installation procedure. I had to download the ISO because all I have is the 'reinstallation DVD' from Dell which I couldn't use according to the instructions, but now the system is saying that the license key that I have won't work for the installed OS. So it looks like my system is now officially borked and I'll just have to do a complete reinstallation of the system from the dell reinstall disc.

    At least we were able to clean the virus' from the system to allow me to copy off the files.
  25. Broni

    Broni Malware Annihilator Posts: 46,787   +254



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.