Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Interpol virus has total control

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Interpol virus has total control

Unread postby andrbrks » September 1st, 2013, 11:00 pm

I'm trying to help a friend out how had their laptop infected with the interpol virus. When the computer boots up in normal mode it doesn't display any users effectively locking you out from the machine completely. In safe mode with networking, the networking does not work and no antivirus has managed to find any problems. I've tried some antivirus tools that are bootable from a USB drive and have had the most luck with Norton's tool, however it gets stuck on a certain file and never passes it. I'm at my wits end as to how to fix the problem.

Below are the DDS logs from the computer.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16660
Run by Katie at 21:58:08 on 2013-09-01
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT33093 ... 85F6B6C3BB
uDefault_Page_URL = hxxp://solutions.us.fujitsu.com/index.php
uURLSearchHooks: BrowserPlus2 Toolbar: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
mURLSearchHooks: BrowserPlus2 Toolbar: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
uWinlogon: Userinit = C:\windows\System32\userinit.exe
mWinlogon: Userinit = C:\windows\System32\userinit.exe
BHO: DealCabby: {0B4A07CF-45EB-4B10-B6BB-35568A2F89BE} - C:\Users\Katie\AppData\Local\dealcabby\ie\dealcabby_20121029030001.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
BHO: BrowserPlus2 Toolbar: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -
BHO: TidyNetwork.com: {7736C7FA-512D-11E2-B871-DEC36088709B} - C:\Users\Katie\AppData\Local\TidyNetwork.com\tidy2ie.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: BrowserPlus2 Toolbar: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe -update plugin
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: MaxRecentDocs = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoWinKey = dword:0
mPolicies-Explorer: NoNetConnextDisconnect = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:-1
mPolicies-Explorer: NoSMConfigurePrograms = dword:0
mPolicies-Explorer: NoControlPanle = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: NoAdminPage = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\windows\System32\Sendori.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/ ... anager.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{85D46540-F0AE-4D9F-B37E-7A367853DA67} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{85D46540-F0AE-4D9F-B37E-7A367853DA67}\143555350294E6475627E65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{85D46540-F0AE-4D9F-B37E-7A367853DA67}\1455F54556D607 : DHCPNameServer = 131.204.41.3 131.204.2.10
TCP: Interfaces\{85D46540-F0AE-4D9F-B37E-7A367853DA67}\247594D275966496 : DHCPNameServer = 192.168.208.1 8.8.8.8
TCP: Interfaces\{85D46540-F0AE-4D9F-B37E-7A367853DA67}\2656C6B696E6E2562323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{85D46540-F0AE-4D9F-B37E-7A367853DA67}\762757E646E6564777F627B6 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{85D46540-F0AE-4D9F-B37E-7A367853DA67}\7657563747 : DHCPNameServer = 4.2.2.2 4.2.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-RunOnce: [asdsetup] C:\asdsetup.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BrowserPlus2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT33093 ... 85F6B6C3BB
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 68&UM=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\npMSDM.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - ExtSQL: 2013-08-28 20:23; {650598e1-b35a-45d3-b607-896d7acb64c3}; C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}
FF - ExtSQL: 2013-08-28 20:24; tidynetwork@tidynetwork; C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\tidynetwork@tidynetwork
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-09-02 00:21:49 -------- d-----w- C:\NBRT
2013-09-02 00:04:42 -------- d-----w- C:\NPE
2013-09-01 20:29:40 -------- d-----w- C:\Users\Katie\AppData\Local\NPE
2013-08-30 20:44:46 -------- d-sh--w- C:\$$PendingFiles
2013-08-30 16:29:30 25679064 ----a-w- C:\asdsetup.exe
2013-08-30 03:10:45 -------- d---a-w- C:\$Anvi Rescue Disk$
2013-08-29 21:19:58 -------- d-----w- C:\windows\pss
2013-08-29 01:25:56 -------- d-----w- C:\Users\Katie\AppData\Local\iLivid
2013-08-29 01:24:08 -------- d-----w- C:\Users\Katie\AppData\Local\TidyNetwork.com
2013-08-29 01:23:57 -------- d-----w- C:\Program Files (x86)\Conduit
2013-08-29 01:23:55 -------- d-----w- C:\Users\Katie\AppData\Local\Conduit
2013-08-29 01:23:55 -------- d-----w- C:\Program Files (x86)\BrowserPlus2
2013-08-29 01:23:39 770384 ----a-w- C:\windows\SysWow64\msvcr100.dll
2013-08-29 01:23:39 421200 ----a-w- C:\windows\SysWow64\msvcp100.dll
2013-08-29 01:23:39 -------- d-----w- C:\Program Files (x86)\SearchProtect
2013-08-29 01:23:33 -------- d-----w- C:\Users\Katie\AppData\Roaming\SearchProtect
2013-08-28 23:56:57 -------- d-----w- C:\Users\Katie\AppData\Roaming\Subversion
2013-08-28 23:56:38 -------- d-----w- C:\Users\Katie\AppData\Roaming\MathWorks
2013-08-28 18:56:07 -------- d-----w- C:\Users\Katie\.grasp_settings
2013-08-28 18:54:16 -------- d-----w- C:\Program Files\MATLAB
2013-08-23 22:10:13 -------- d-----w- C:\Program Files\jGRASP
2013-08-23 21:59:08 972712 ----a-w- C:\windows\System32\deployJava1.dll
2013-08-23 21:59:08 1093032 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-08-23 21:58:54 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-08-17 00:10:58 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-16 23:59:51 -------- d-----w- C:\windows\System32\MRT
2013-08-15 22:23:18 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-08-15 22:23:18 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-08-15 22:23:18 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-15 22:23:18 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-08-15 22:23:18 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-08-15 22:23:18 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-08-15 22:23:18 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-15 22:23:18 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-08-15 22:22:55 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-08-15 22:22:55 2048 ----a-w- C:\windows\System32\tzres.dll
2013-08-15 22:22:46 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-08-15 22:22:46 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-08-15 22:22:44 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-08-15 22:22:44 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2013-08-15 22:22:44 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-08-15 22:22:43 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-07-01 19:28:10 325920 ----a-w- C:\windows\SysWow64\Sendori.dll
2013-06-23 08:06:57 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
.
============= FINISH: 21:58:15.21 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX 64-bit
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.8
Ares 3.1.7.3042
AuthenTec Fingerprint Software
AutoCAD 2011 - English
AutoCAD 2011 Language Pack - English
AutoCAD Architecture 2011 - English
AutoCAD Architecture 2011 Language Pack - English
Autodesk Design Review 2011
Autodesk Material Library 2011
Autodesk Material Library 2011 Base Image library
Autodesk Material Library 2011 Medium Image library
Battery Utility
Bluetooth Feature Pack 5.0
Bonjour
BrowserPlus2 Toolbar
CodeBlocks
Contenta Converter PREMIUM
CyberLink MakeDisc
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink YouCam
DealCabby
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
eReg
FARO LS 1.1.406.58
FirstClass
FJ Camera
FoxTab PDF Converter
Fujitsu Button Utilities
Fujitsu Driver Update
Fujitsu Fingerprint Authentication Library
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Funmoods Web Search
Google Toolbar for Internet Explorer
Google Update Helper
HP Deskjet 3050A J611 series Basic Device Software
HP Deskjet 3050A J611 series Help
HP LaserJet Professional CP1520 Series
HPLaserJetHelp_LearnCenter
hppCP1520LaserJetService
hppLaserJetService
hppTLBXFXCP1520
iLivid
Inst5672
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
iTunes
Java 7 Update 25 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 25 (64-bit)
Java(TM) 6 Update 23
jGRASP
Junk Mail filter update
Logitech SetPoint 6.32
Logitech Unifying Software 2.10
MATLAB R2013a Student Version (32-bit)
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Download Manager
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Click-to-Run 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Home and Student 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MultiClock 1.0
MultiClock Packages
Norton Internet Security
O2Micro Flash Memory Card Windows Driver
OmniPass
Pen Tablet
Realtek High Definition Audio Driver
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator LJ
Search Protect by conduit
Security Panel
Security Panel Application
Security Panel Application for Supervisor
Security Panel for Supervisor
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Sendori
Shock Sensor Utility
Skype Click to Call
Skype™ 6.3
TidyNetwork.com
Touch Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VD64Inst
Virtual Earth 3D (Beta)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (04/21/2011 01.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================
andrbrks
Active Member
 
Posts: 11
Joined: September 1st, 2013, 10:46 pm
Advertisement
Register to Remove

Re: Interpol virus has total control

Unread postby nunped » September 4th, 2013, 2:43 am

Hello andrbrks, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Interpol virus has total control

Unread postby nunped » September 4th, 2013, 3:06 am

Hi andrbrks,

A couple of questions:
Is this computer connected to an education/university network?
Which is the version of Windows (XP, Vista, 7, 8...)?

Try to run this scan on Safe Mode:
OTL
Please download OTL by Old Timer from an uninfected computer and save it to a pen drive. Copy it to the Desktop of this computer.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Interpol virus has total control

Unread postby andrbrks » September 4th, 2013, 1:51 pm

Hi nunped, I want to go ahead and thank you for your time helping me with this.

The computer is not connected to a University network and is running Windows 7, however, it is a student's (engineering major) computer. That's why you see all the educational software on there.

I successfully have OTL on the infected computer, but when I click run scan nothing seems to happen. Maybe it's actually running the scan and just has nothing change? If that's the case I'll update with the logs.
andrbrks
Active Member
 
Posts: 11
Joined: September 1st, 2013, 10:46 pm

Re: Interpol virus has total control

Unread postby andrbrks » September 4th, 2013, 1:59 pm

The scan successfully completed. Here are the logs.

OTL:
OTL logfile created on: 9/4/2013 12:50:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 3.21 Gb Available Physical Memory | 84.54% Memory free
7.60 Gb Paging File | 7.04 Gb Available in Paging File | 92.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.95 Gb Total Space | 68.55 Gb Free Space | 48.63% Space Free | Partition Type: NTFS
Drive D: | 140.95 Gb Total Space | 140.83 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive E: | 2.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 14.89 Gb Total Space | 14.65 Gb Free Space | 98.38% Space Free | Partition Type: FAT32

Computer Name: KATIE-PC | User Name: Katie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/04 12:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katie\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/12/22 11:00:38 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/12/27 22:10:06 | 002,704,704 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2009/12/24 13:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Disabled | Stopped] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV:64bit: - [2009/09/30 18:23:16 | 000,014,336 | ---- | M] (FUJITSU LIMITED) [Disabled | Stopped] -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe -- (UpdateNaviInstallService)
SRV:64bit: - [2009/09/14 14:46:54 | 003,650,344 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/08/27 17:53:56 | 000,041,984 | ---- | M] (Softex Inc.) [Disabled | Stopped] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2013/07/01 14:28:16 | 000,119,072 | ---- | M] (Sendori, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
SRV - [2013/07/01 14:28:14 | 000,022,304 | ---- | M] (sendori) [Disabled | Stopped] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
SRV - [2013/07/01 14:28:12 | 003,623,200 | ---- | M] (Sendori) [Disabled | Stopped] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
SRV - [2013/05/30 15:35:38 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2010/04/12 10:13:08 | 000,142,336 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 15:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 15:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/12 17:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Windows\SysWOW64\o2flash.exe -- (O2Flash)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/18 17:11:14 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 00:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/28 23:22:16 | 000,014,696 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FJGSDisk.sys -- (FJGSDisk)
DRV:64bit: - [2010/03/15 16:02:38 | 000,121,600 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbsersra2k.sys -- (qcusbsersra2k)
DRV:64bit: - [2010/03/15 16:02:38 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfiltersra2k.sys -- (qcfiltersra2k)
DRV:64bit: - [2010/01/13 11:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/12/28 02:17:28 | 000,736,840 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/12/18 14:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/12/10 12:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2009/11/27 08:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/20 18:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/26 15:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/28 18:31:00 | 000,269,872 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/09/21 19:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/04 18:44:46 | 003,531,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/08/27 19:11:02 | 000,023,040 | ---- | M] (Fujitsu America, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FjBtnDrv.sys -- (Fjbtndrv)
DRV:64bit: - [2009/08/24 18:32:02 | 000,044,200 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wisdpen.sys -- (wisdpen)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/03 10:51:00 | 000,056,096 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009/06/24 17:31:30 | 000,021,104 | ---- | M] (FUJITSU LIMITED) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FBIOSDRV.sys -- (FBIOSDRV)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 15:13:00 | 000,058,400 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2006/11/01 22:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 22:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2013/08/28 19:03:13 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\ex64.sys -- (NAVEX15)
DRV - [2013/08/28 19:03:13 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\eng64.sys -- (NAVENG)
DRV - [2013/08/26 23:22:30 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/13 20:30:18 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130828.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/05/31 11:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0E0EtAzy0D0F0FyBtA0E0C0AyDtAtBtDtN0D0TzutBtDtCtBtDyCtBtA&cr=498804649
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {605B5F9C-CC13-4E71-B99A-76F61821CFE8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{19B39180-5720-A25C-FA2A-630E383EFC7E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0E0EtAzy0D0F0FyBtA0E0C0AyDtAtBtDtN0D0TzutBtDtCtBtDyCtBtA&cr=498804649
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.us.fujitsu.com/index.php
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/ [binary data]
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33093 ... 85F6B6C3BB
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\URLSearchHook: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes,DefaultScope = {605B5F9C-CC13-4E71-B99A-76F61821CFE8}
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110803&tt=4612_3&babsrc=SP_ss&mntrId=acd15320000000000000ee39dff73eca
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes\{605B5F9C-CC13-4E71-B99A-76F61821CFE8}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN98466650430087194&UM=2
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS411
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3309350.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "BrowserPlus2 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BrowserPlus2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&CUI=UN18105630541345268&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "BrowserPlus2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN18105630541345268&UM=2&UP=SPEEA6237E-C7D7-47DA-A84B-5D85F6B6C3BB"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&SearchSource=2&CUI=UN18105630541345268&UM=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/12/21 15:43:40 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\windows\ [2013/09/02 00:37:31 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ [2010/12/21 15:43:40 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/02/06 20:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2013/09/02 05:58:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/24 14:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katie\AppData\Roaming\Mozilla\Extensions
[2013/08/28 20:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions
[2013/08/28 20:23:32 | 000,000,000 | ---D | M] (BrowserPlus2) -- C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}
[2013/08/28 20:24:10 | 000,000,000 | ---D | M] (Tidy Network) -- C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\tidynetwork@tidynetwork
[2013/08/28 20:23:33 | 000,001,001 | ---- | M] () -- C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\searchplugins\conduit.xml
[2013/05/30 15:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/30 15:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/30 15:35:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/15 03:25:47 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Web Search ()
CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0E0EtAzy0D0F0FyBtA0E0C0AyDtAtBtDtN0D0TzutBtDtCtBtDyCtBtA&cr=498804649
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://start.funmoods.com/?f=1&a=axl&ch ... =498804649
CHR - plugin: Silverlight 3 (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: DealCabby = C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenicmgjbmpgagkhghjmkikfoljdcbhi\4.0_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (BrowserPlus2 Toolbar) - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BrowserPlus2 Toolbar) - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [asdsetup] C:\asdsetup.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2211242001-146955705-1653819127-1001..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKey = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnextDisconnect = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoAdminPage = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoAdminPage = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\SysWow64\Sendori.dll (Sendori)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\windows\SysWow64\Sendori.dll (Sendori)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/ ... anager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85D46540-F0AE-4D9F-B37E-7A367853DA67}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2211242001-146955705-1653819127-1001 Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2211242001-146955705-1653819127-1001 Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/16 14:50:04 | 000,000,028 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{02d36f0d-dde5-11e2-a2cb-e839df86ed35}\Shell - "" = AutoRun
O33 - MountPoints2\{02d36f0d-dde5-11e2-a2cb-e839df86ed35}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{30252b3d-a546-11e2-972d-e839df86ed35}\Shell - "" = AutoRun
O33 - MountPoints2\{30252b3d-a546-11e2-972d-e839df86ed35}\Shell\AutoRun\command - "" = F:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{30252b9f-a546-11e2-972d-e839df86ed35}\Shell - "" = AutoRun
O33 - MountPoints2\{30252b9f-a546-11e2-972d-e839df86ed35}\Shell\AutoRun\command - "" = G:\Autorun.exe /s
O33 - MountPoints2\{4e0126a7-6769-11e0-aee3-e839df86ed35}\Shell - "" = AutoRun
O33 - MountPoints2\{4e0126a7-6769-11e0-aee3-e839df86ed35}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{946893cc-5f78-11df-a392-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{946893cc-5f78-11df-a392-806e6f6e6963}\Shell\AutoRun\command - "" = D:\StartCD.exe
O33 - MountPoints2\{ab8b4262-5cdc-11e1-8d76-e839df86ed35}\Shell - "" = AutoRun
O33 - MountPoints2\{ab8b4262-5cdc-11e1-8d76-e839df86ed35}\Shell\AutoRun\command - "" = F:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/04 12:45:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Katie\Desktop\OTL.exe
[2013/09/02 22:24:40 | 001,038,464 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Katie\Desktop\rkill64.exe
[2013/09/02 21:59:33 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixZeroAccess.sys
[2013/09/02 21:38:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/02 21:38:07 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\MFAData
[2013/09/02 21:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/09/02 21:38:07 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\Avg2013
[2013/09/02 00:57:21 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Roaming\Malwarebytes
[2013/09/02 00:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/02 00:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/02 00:55:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/09/02 00:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/02 00:55:36 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\Programs
[2013/09/02 00:50:11 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Katie\Desktop\rkill.exe
[2013/09/02 00:25:37 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Users\Katie\Desktop\NPE.exe
[2013/09/01 19:21:49 | 000,000,000 | ---D | C] -- C:\NBRT
[2013/09/01 19:04:42 | 000,000,000 | ---D | C] -- C:\NPE
[2013/09/01 15:29:40 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\NPE
[2013/08/30 15:44:46 | 000,000,000 | -HSD | C] -- C:\$$PendingFiles
[2013/08/29 22:10:45 | 000,000,000 | ---D | C] -- C:\$Anvi Rescue Disk$
[2013/08/29 16:19:58 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/08/28 20:25:56 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\iLivid
[2013/08/28 20:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/08/28 20:23:55 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\Conduit
[2013/08/28 20:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowserPlus2
[2013/08/28 20:23:39 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr100.dll
[2013/08/28 20:23:39 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp100.dll
[2013/08/28 20:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/08/28 20:23:33 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Roaming\SearchProtect
[2013/08/28 18:56:57 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Roaming\Subversion
[2013/08/28 18:56:50 | 000,000,000 | ---D | C] -- C:\Users\Katie\Documents\MATLAB
[2013/08/28 18:56:38 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Roaming\MathWorks
[2013/08/28 14:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
[2013/08/28 13:56:07 | 000,000,000 | ---D | C] -- C:\Users\Katie\.grasp_settings
[2013/08/28 13:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB
[2013/08/23 17:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jGRASP
[2013/08/23 17:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\jGRASP
[2013/08/23 16:59:08 | 001,093,032 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2013/08/23 16:59:08 | 000,972,712 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2013/08/23 16:59:08 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013/08/23 16:58:54 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013/08/23 16:58:54 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2013/08/23 16:58:54 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013/08/23 16:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/08/23 16:28:44 | 000,000,000 | R--D | C] -- C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013/08/16 19:11:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/08/16 19:11:15 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/08/16 19:11:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/08/16 19:11:13 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/08/16 19:11:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/08/16 19:11:13 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/08/16 19:11:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/16 19:11:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/08/16 19:11:13 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/08/16 19:11:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/08/16 19:11:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/08/16 19:11:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/08/16 19:11:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/08/16 19:11:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/08/16 19:11:07 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/08/16 18:59:51 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2013/08/15 17:23:18 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/08/15 17:23:18 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/08/15 17:23:18 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/08/15 17:22:46 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/08/15 17:22:46 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/08/15 17:22:44 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll

========== Files - Modified Within 30 Days ==========

[2013/09/04 12:39:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/04 12:39:34 | 3060,428,800 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/04 12:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katie\Desktop\OTL.exe
[2013/09/02 22:24:40 | 001,038,464 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Katie\Desktop\rkill64.exe
[2013/09/02 22:20:36 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2013/09/02 21:59:33 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixZeroAccess.sys
[2013/09/02 21:41:24 | 003,651,120 | ---- | M] () -- C:\Users\Katie\Desktop\avg_remover_zeroaccess.exe
[2013/09/02 00:55:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/02 00:48:12 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Katie\Desktop\rkill.exe
[2013/09/02 00:37:31 | 000,002,243 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/09/01 15:26:30 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Users\Katie\Desktop\NPE.exe
[2013/08/30 11:30:22 | 025,679,064 | ---- | M] () -- C:\asdsetup.exe
[2013/08/29 16:28:36 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/29 16:28:36 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/29 15:30:17 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/29 13:12:35 | 000,383,584 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/08/29 13:10:16 | 000,000,004 | ---- | M] () -- C:\Users\Katie\AppData\Roaming\cache.ini
[2013/08/29 13:09:53 | 000,000,582 | ---- | M] () -- C:\windows\tasks\MATLAB R2013a Startup Accelerator.job
[2013/08/28 23:07:55 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/28 20:24:06 | 000,000,009 | ---- | M] () -- C:\END
[2013/08/28 18:53:00 | 000,000,438 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro Updates.job
[2013/08/23 17:10:17 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\jGRASP.lnk
[2013/08/23 16:58:36 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013/08/23 16:58:32 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
[2013/08/23 16:58:32 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013/08/23 16:58:32 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013/08/23 16:58:32 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2013/08/23 16:58:31 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
[2013/08/23 16:26:40 | 000,000,414 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2013/08/16 19:05:18 | 000,741,704 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/16 19:05:18 | 000,624,864 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/16 19:05:18 | 000,106,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2013/09/02 22:20:36 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2013/09/02 21:52:26 | 003,651,120 | ---- | C] () -- C:\Users\Katie\Desktop\avg_remover_zeroaccess.exe
[2013/09/02 00:55:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/02 00:37:31 | 000,002,243 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/08/30 11:29:30 | 025,679,064 | ---- | C] () -- C:\asdsetup.exe
[2013/08/29 12:58:11 | 000,000,004 | ---- | C] () -- C:\Users\Katie\AppData\Roaming\cache.ini
[2013/08/28 20:29:16 | 000,001,042 | ---- | C] () -- C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2013/08/28 20:23:15 | 000,000,009 | ---- | C] () -- C:\END
[2013/08/28 14:17:30 | 000,001,235 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2013a Student Version (32-bit).lnk
[2013/08/28 14:15:37 | 000,000,582 | ---- | C] () -- C:\windows\tasks\MATLAB R2013a Startup Accelerator.job
[2013/08/23 17:10:16 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\jGRASP.lnk
[2012/09/12 22:55:30 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/23 18:46:29 | 000,302,425 | ---- | C] () -- C:\Users\Katie\AppData\Local\funmoods-speeddial.crx
[2012/01/23 19:02:22 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2010/12/28 00:44:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/21 17:21:23 | 000,003,540 | ---- | C] () -- C:\Users\Katie\AppData\Roaming\FjMenu1.XML

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras:
OTL Extras logfile created on: 9/4/2013 12:50:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 3.21 Gb Available Physical Memory | 84.54% Memory free
7.60 Gb Paging File | 7.04 Gb Available in Paging File | 92.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.95 Gb Total Space | 68.55 Gb Free Space | 48.63% Space Free | Partition Type: NTFS
Drive D: | 140.95 Gb Total Space | 140.83 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive E: | 2.43 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 14.89 Gb Total Space | 14.65 Gb Free Space | 98.38% Space Free | Partition Type: FAT32

Computer Name: KATIE-PC | User Name: Katie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2211242001-146955705-1653819127-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" "%1" (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E06E21A-7641-485E-A42E-7E2563171CC7}" = Fujitsu Fingerprint Authentication Library
"{207E8B60-07D2-4B7F-97FE-0DA448606861}" = Fujitsu Button Utilities
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{2B97F94C-F062-4508-817E-DAD1D1ABF526}" = AuthenTec Fingerprint Software
"{314FAD12-F785-4471-BCE8-AB506642B9A1}" = OmniPass
"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Fujitsu Driver Update
"{4B1CF482-AD0E-48F3-8032-BCF5F071C123}" = O2Micro Flash Memory Card Windows Driver
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E3AB08B-4203-4CDD-9F15-C016F1BC6453}" = Inst5672
"{5783F2D7-9001-0409-0102-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{5783F2D7-9004-0409-0102-0060B0CE6BBA}" = AutoCAD Architecture 2011 - English
"{5783F2D7-9004-0409-1102-0060B0CE6BBA}" = AutoCAD Architecture 2011 Language Pack - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170250}" = Java SE Development Kit 7 Update 25 (64-bit)
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98260E6D-3B9D-43C6-8FFA-02EC406B54A9}" = Battery Utility
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABE8CE7E-01CC-4500-BAF5-FFC29EA108A1}" = Shock Sensor Utility
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2F4C332-2359-4ADE-AF0C-C631768BBB89}" = Bluetooth Feature Pack 5.0
"{B6A3EAE4-3727-46A4-A659-8576BF7C8C8D}" = HP Deskjet 3050A J611 series Basic Device Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"AutoCAD Architecture 2011 - English" = AutoCAD Architecture 2011 - English
"BEA7B05370C19B9C86893BB484FD6B9CC52B0CD8" = Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (04/21/2011 01.0.0.0)
"Logitech Unifying" = Logitech Unifying Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}" = Security Panel Application for Supervisor
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = FJ Camera
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45CA9B23-5EF8-43AA-9851-E9E062BF0147}" = Security Panel Application
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5C069542-CA13-4f1b-B90C-28C6430F4992}" = HP LaserJet Professional CP1520 Series
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.POWERPOINTR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.POWERPOINTR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.POWERPOINTR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.POWERPOINTR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.POWERPOINTR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.POWERPOINTR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.POWERPOINTR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.POWERPOINTR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.POWERPOINTR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.POWERPOINTR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91140000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{91140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINTR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Creator LJ
"{A768BA49-B583-4C10-BCA4-C45983825C12}" = FirstClass
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BEEDEC2C-D33F-4FEF-8692-A5CCE6FF6835}" = hppTLBXFXCP1520
"{C54E5B43-D886-4CD8-AF3A-EDDB04E3341A}" = Touch Launcher
"{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1" = Ares 3.1.7.3042
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E15C68A1-9CA5-44AC-A7F7-6C0673F196A8}" = HPLaserJetHelp_LearnCenter
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Creator LJ
"{FE6DB3B1-C754-405D-BCAB-F4F9C765BF35}" = hppCP1520LaserJetService
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ares" = Ares 2.1.8
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"BrowserPlus2 Toolbar" = BrowserPlus2 Toolbar
"ContentaConverter-PREMIUM" = Contenta Converter PREMIUM
"DealCabby" = DealCabby
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17F82182-0E3D-4A14-8843-5ECBFAF4F12F}" = Security Panel for Supervisor
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}" = OmniPass
"InstallShield_{45CA9B23-5EF8-43AA-9851-E9E062BF0147}" = Security Panel
"InstallShield_{4B1CF482-AD0E-48F3-8032-BCF5F071C123}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{98260E6D-3B9D-43C6-8FFA-02EC406B54A9}" = Battery Utility
"InstallShield_{ABE8CE7E-01CC-4500-BAF5-FFC29EA108A1}" = Shock Sensor Utility
"InstallShield_{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"jGRASP" = jGRASP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Matlab SV R2013a" = MATLAB R2013a Student Version (32-bit)
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiClock" = MultiClock 1.0
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.POWERPOINTR" = Microsoft PowerPoint Home and Student 2010
"Pen Tablet Driver" = Pen Tablet
"Sendori" = Sendori
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2211242001-146955705-1653819127-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Funmoods Web Search" = Funmoods Web Search
"MultiClock Packages" = MultiClock Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.

< End of report >
andrbrks
Active Member
 
Posts: 11
Joined: September 1st, 2013, 10:46 pm

Re: Interpol virus has total control

Unread postby nunped » September 4th, 2013, 2:19 pm

Hi andrbrks,

Hi nunped, I want to go ahead and thank you for your time helping me with this.

You are welcome :)

Let's try a fix with OTL:
Step 1 - Fix with OTL
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0E0EtAzy0D0F0FyBtA0E0C0AyDtAtBtDtN0D0TzutBtDtCtBtDyCtBtA&cr=498804649
IE - HKLM\..\URLSearchHook: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {605B5F9C-CC13-4E71-B99A-76F61821CFE8}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0E0EtAzy0D0F0FyBtA0E0C0AyDtAtBtDtN0D0TzutBtDtCtBtDyCtBtA&cr=498804649
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33093 ... 85F6B6C3BB
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\URLSearchHook: {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes,DefaultScope = {605B5F9C-CC13-4E71-B99A-76F61821CFE8}
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q= {searchTerms}&affID=110803&tt=4612_3&babsrc=SP_ss&mntrId=acd15320000000000000ee39dff73eca
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes\{605B5F9C-CC13-4E71-B99A-76F61821CFE8}: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3309350&CUI=UN98466650430087194&UM=2
IE - HKU\S-1-5-21-2211242001-146955705-1653819127-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q= {SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18
FF - prefs.js..CT3309350.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "BrowserPlus2 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BrowserPlus2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&CUI=UN18105630541345268&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "BrowserPlus2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN18105630541345268&UM=2&UP=SPEEA6237E-C7D7-47DA-A84B-5D85F6B6C3BB"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&SearchSource=2&CUI=UN18105630541345268&UM=2&q="
[2013/08/28 20:23:32 | 000,000,000 | ---D | M] (BrowserPlus2) -- C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}
[2013/08/28 20:24:10 | 000,000,000 | ---D | M] (Tidy Network) -- C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\tidynetwork@tidynetwork
[2013/08/28 20:23:33 | 000,001,001 | ---- | M] () -- C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\searchplugins\conduit.xml
[2012/11/15 03:25:47 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&q= {searchTerms}&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0E0EtAzy0D0F0FyBtA0E0C0AyDtAtBtDtN0D0TzutBtDtCtBtDyCtBtA&cr=498804649
CHR - homepage: http://start.funmoods.com/?f=1&a=axl&ch ... =498804649
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BrowserPlus2 Toolbar) - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrowserPlus2 Toolbar) - {650598e1-b35a-45d3-b607-896d7acb64c3} - C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll (Conduit Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/ ... anager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O33 - MountPoints2\{02d36f0d-dde5-11e2-a2cb-e839df86ed35}\Shell - "" = AutoRun
O33 - MountPoints2\{02d36f0d-dde5-11e2-a2cb-e839df86ed35}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{30252b3d-a546-11e2-972d-e839df86ed35}\Shell - "" = AutoRun
O33 - MountPoints2\{30252b3d-a546-11e2-972d-e839df86ed35}\Shell\AutoRun\command - "" = F:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{30252b9f-a546-11e2-972d-e839df86ed35}\Shell - "" = AutoRun
O33 - MountPoints2\{30252b9f-a546-11e2-972d-e839df86ed35}\Shell\AutoRun\command - "" = G:\Autorun.exe /s
O33 - MountPoints2\{4e0126a7-6769-11e0-aee3-e839df86ed35}\Shell - "" = AutoRun
O33 - MountPoints2\{4e0126a7-6769-11e0-aee3-e839df86ed35}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{946893cc-5f78-11df-a392-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{946893cc-5f78-11df-a392-806e6f6e6963}\Shell\AutoRun\command - "" = D:\StartCD.exe
O33 - MountPoints2\{ab8b4262-5cdc-11e1-8d76-e839df86ed35}\Shell - "" = AutoRun
O33 - MountPoints2\{ab8b4262-5cdc-11e1-8d76-e839df86ed35}\Shell\AutoRun\command - "" = F:\ToolLauncher-Bootstrap.exe
[2013/08/28 20:25:56 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\iLivid
[2013/08/28 20:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/08/28 20:23:55 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Local\Conduit
[2013/08/28 20:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowserPlus2
[2013/08/28 20:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/08/28 20:23:33 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Roaming\SearchProtect
[2013/08/28 20:29:16 | 000,001,042 | ---- | C] () -- C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk

:files
ipconfig /flushdns /c

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2 - Uninstall Programs
  • Click on Start
  • Copy and paste the value below, into the Start Search entry box:
    appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  • Locate the following programs:
    BrowserPlus2 Toolbar
    DealCabby
    Funmoods Web Search
    iLivid
    Java(TM) 6 Update 23
    Search Protect by conduit
    TidyNetwork.com

  • Select the program and click on Uninstall to uninstall it.
  • Repeat steps 3 - 4 for each program in the list.
  • Reboot your computer after this.

Step 3 - AdwCleaner Download and Run
Click on this link to download : ADWCleaner
Click on the Download Now button and save it to the pen drive and copy to the infected computer as before.
NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

Image

You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
You will then be presented with the report. Copy & Paste it into your next post.

Image

After these steps, see if you can connect to normal mode and give an update on computer's performance.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Interpol virus has total control

Unread postby andrbrks » September 4th, 2013, 3:27 pm

Here is the log produced after the fix ran through OTL:

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{650598e1-b35a-45d3-b607-896d7acb64c3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{650598e1-b35a-45d3-b607-896d7acb64c3}\ deleted successfully.
C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-2211242001-146955705-1653819127-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2211242001-146955705-1653819127-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{650598e1-b35a-45d3-b607-896d7acb64c3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{650598e1-b35a-45d3-b607-896d7acb64c3}\ not found.
File C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll not found.
HKEY_USERS\S-1-5-21-2211242001-146955705-1653819127-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-2211242001-146955705-1653819127-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2211242001-146955705-1653819127-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2211242001-146955705-1653819127-1001\Software\Microsoft\Internet Explorer\SearchScopes\{605B5F9C-CC13-4E71-B99A-76F61821CFE8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{605B5F9C-CC13-4E71-B99A-76F61821CFE8}\ not found.
Registry key HKEY_USERS\S-1-5-21-2211242001-146955705-1653819127-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Prefs.js: "true" removed from CT3309350.browser.search.defaultthis.engineName
Prefs.js: "BrowserPlus2 Customized Web Search" removed from browser.search.defaultenginename
Prefs.js: "BrowserPlus2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&CUI=UN18105630541345268&UM=2&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "BrowserPlus2 Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN18105630541345268&UM=2&UP=SPEEA6237E-C7D7-47DA-A84B-5D85F6B6C3BB" removed from browser.startup.homepage
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&SearchSource=2&CUI=UN18105630541345268&UM=2&q=" removed from keyword.URL
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\Plugins folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\modules folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\META-INF folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\lib folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\defaults\preferences folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\defaults folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\components folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\sl folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\lib\jquery.alerts folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\lib folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\core folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\wa folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\menu folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\gf\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\gf folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ui folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\sp\spsd\images folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\sp\spsd folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\sp\spbd\images folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\sp\spbd folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\sp\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\sp folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\options\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\options\images folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\options\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\options folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\msd folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\api folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ac\res folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ac\img folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ac\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\ac folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al\aboutBox folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb\al folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\tb folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\logic\uninstall\dialog\js folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\logic\uninstall\dialog\images folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\logic\uninstall\dialog\css folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\logic\uninstall\dialog folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\logic\uninstall folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content\logic folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350\content folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome\CT3309350 folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}\chrome folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3} folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\tidynetwork@tidynetwork\chrome\skin folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\tidynetwork@tidynetwork\chrome\content folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\tidynetwork@tidynetwork\chrome folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\extensions\tidynetwork@tidynetwork folder moved successfully.
C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\searchplugins\conduit.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{650598e1-b35a-45d3-b607-896d7acb64c3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{650598e1-b35a-45d3-b607-896d7acb64c3}\ not found.
File C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{650598e1-b35a-45d3-b607-896d7acb64c3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{650598e1-b35a-45d3-b607-896d7acb64c3}\ not found.
File C:\Program Files (x86)\BrowserPlus2\prxtbBrow.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {B479199A-1242-4E3C-AD81-7F0DF801B4AE}
C:\Windows\Downloaded Program Files\MicrosoftDownloadManager.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B479199A-1242-4E3C-AD81-7F0DF801B4AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B479199A-1242-4E3C-AD81-7F0DF801B4AE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B479199A-1242-4E3C-AD81-7F0DF801B4AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B479199A-1242-4E3C-AD81-7F0DF801B4AE}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02d36f0d-dde5-11e2-a2cb-e839df86ed35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02d36f0d-dde5-11e2-a2cb-e839df86ed35}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02d36f0d-dde5-11e2-a2cb-e839df86ed35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02d36f0d-dde5-11e2-a2cb-e839df86ed35}\ not found.
File F:\VZW_Software_upgrade_assistant_installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30252b3d-a546-11e2-972d-e839df86ed35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30252b3d-a546-11e2-972d-e839df86ed35}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30252b3d-a546-11e2-972d-e839df86ed35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30252b3d-a546-11e2-972d-e839df86ed35}\ not found.
File F:\ToolLauncher-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30252b9f-a546-11e2-972d-e839df86ed35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30252b9f-a546-11e2-972d-e839df86ed35}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30252b9f-a546-11e2-972d-e839df86ed35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30252b9f-a546-11e2-972d-e839df86ed35}\ not found.
File G:\Autorun.exe /s not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e0126a7-6769-11e0-aee3-e839df86ed35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e0126a7-6769-11e0-aee3-e839df86ed35}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e0126a7-6769-11e0-aee3-e839df86ed35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e0126a7-6769-11e0-aee3-e839df86ed35}\ not found.
File F:\TL-Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946893cc-5f78-11df-a392-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{946893cc-5f78-11df-a392-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946893cc-5f78-11df-a392-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{946893cc-5f78-11df-a392-806e6f6e6963}\ not found.
File D:\StartCD.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab8b4262-5cdc-11e1-8d76-e839df86ed35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab8b4262-5cdc-11e1-8d76-e839df86ed35}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab8b4262-5cdc-11e1-8d76-e839df86ed35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab8b4262-5cdc-11e1-8d76-e839df86ed35}\ not found.
File F:\ToolLauncher-Bootstrap.exe not found.
C:\Users\Katie\AppData\Local\iLivid\iLivid folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\Katie\AppData\Local\Conduit\CT3309350 folder moved successfully.
C:\Users\Katie\AppData\Local\Conduit folder moved successfully.
C:\Program Files (x86)\BrowserPlus2 folder moved successfully.
C:\Program Files (x86)\SearchProtect folder moved successfully.
C:\Users\Katie\AppData\Roaming\SearchProtect folder moved successfully.
C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Katie\Desktop\cmd.bat deleted successfully.
C:\Users\Katie\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 622912 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Katie
->Temp folder emptied: 802950864 bytes
->Temporary Internet Files folder emptied: 1188306924 bytes
->Java cache emptied: 4426274 bytes
->FireFox cache emptied: 230532657 bytes
->Google Chrome cache emptied: 21114237 bytes
->Flash cache emptied: 110777 bytes

User: norton
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 623040 bytes
->FireFox cache emptied: 13488818 bytes

User: norton.Katie-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 642453 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 643556930 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42311682 bytes
RecycleBin emptied: 596546409 bytes

Total Files Cleaned = 3,381.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09042013_133422

Files\Folders moved on Reboot...
File move failed. C:\Users\Katie\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Some of the programs listed had a dialog box come up saying they appeared to be already unistalled and whether or not I wanted to remove them from the programs list. I selected yes. However, the Java update will not uninstall and produces an error saying that the windows installer service is not installed correctly. Search Protect by conduit nor Tidynetwork.com was not on the list.

Adw cleaner produced two logs, I wasn't sure which one you needed, so here's both of them:

# AdwCleaner v3.002 - Report created 04/09/2013 at 14:14:35
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Katie - KATIE-PC
# Running from : C:\Users\Katie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\Users\Katie\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Katie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Katie\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\Katie\AppData\LocalLow\BrowserPlus2
File Deleted : C:\END
File Deleted : C:\Users\Katie\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\windows\Tasks\PC Optimizer Pro Updates.job
File Deleted : C:\windows\System32\Tasks\PC Optimizer Pro Updates

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309350
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A83013E6-BF8A-410F-B343-E9D1E597A36E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{650598E1-B35A-45D3-B607-896D7ACB64C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A83013E6-BF8A-410F-B343-E9D1E597A36E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3149A98B-C977-40E7-A829-C948ED329FBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BD269C7-6C77-48C3-9278-ED0458F7C296}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\BrowserPlus2
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\BrowserPlus2
Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\prefs.js ]

Line Deleted : user_pref("CT3309350.FF19Solved", "true");
Line Deleted : user_pref("CT3309350.UserID", "UN18105630541345268");
Line Deleted : user_pref("CT3309350.browser.search.defaultthis.engineName", "");
Line Deleted : user_pref("CT3309350.fullUserID", "UN18105630541345268.IN.20130828202331");
Line Deleted : user_pref("CT3309350.installDate", "28/08/2013 20:23:32");
Line Deleted : user_pref("CT3309350.installSessionId", "{20C3431C-F75E-453E-809C-C10F3D3AC9A5}");
Line Deleted : user_pref("CT3309350.installSp", "TRUE");
Line Deleted : user_pref("CT3309350.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3309350.keyword", "true");
Line Deleted : user_pref("CT3309350.originalHomepage", "about:home");
Line Deleted : user_pref("CT3309350.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3309350.originalSearchEngine", "");
Line Deleted : user_pref("CT3309350.originalSearchEngineName", "");
Line Deleted : user_pref("CT3309350.searchRevert", "false");
Line Deleted : user_pref("CT3309350.searchUserMode", "2");
Line Deleted : user_pref("CT3309350.smartbar.homepage", "true");
Line Deleted : user_pref("CT3309350.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3309350.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN18105630541345268&UM=2&UP=SPEEA6237E-C7D7-47DA-A84B-5D85F6B6C3BB");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3309350");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3309350&CUI=UN18105630541345268&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&SearchSource=2&CUI=UN18105630541345268&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3309350");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3309350");
Line Deleted : user_pref("smartbar.machineId", "PYU41QTP7QFM1KEYOJCEMVYG/W8I3WJBRR2HFVY9GE5JGQKFXOHGLZEMODFFSPCMVBJFNV+DP4B++DFWDVECEQ");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3309350&CUI=UN18105630541345268&UM=2&SearchSource=13");

-\\ Google Chrome v

[ File : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url

*************************

AdwCleaner[R0].txt - [9082 octets] - [04/09/2013 14:11:09]
AdwCleaner[S0].txt - [8891 octets] - [04/09/2013 14:14:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8951 octets] ##########


# AdwCleaner v3.002 - Report created 04/09/2013 at 14:11:09
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Katie - KATIE-PC
# Running from : C:\Users\Katie\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Katie\AppData\Local\funmoods-speeddial.crx
File Found : C:\windows\System32\Tasks\PC Optimizer Pro Updates
File Found : C:\windows\Tasks\PC Optimizer Pro Updates.job
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\PC Optimizer Pro
Folder Found C:\Users\Katie\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\Katie\AppData\LocalLow\BrowserPlus2
Folder Found C:\Users\Katie\AppData\LocalLow\Conduit
Folder Found C:\Users\Katie\AppData\LocalLow\ShoppingReport2

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\BrowserPlus2
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{650598E1-B35A-45D3-B607-896D7ACB64C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\pc optimizer pro
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrowserPlus2
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A83013E6-BF8A-410F-B343-E9D1E597A36E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3309350
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BD269C7-6C77-48C3-9278-ED0458F7C296}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3149A98B-C977-40E7-A829-C948ED329FBC}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A83013E6-BF8A-410F-B343-E9D1E597A36E}
Key Found : HKLM\Software\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : [x64] HKLM\SOFTWARE\pc optimizer pro
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default-1353613124484\prefs.js ]

Line Found : user_pref("CT3309350.FF19Solved", "true");
Line Found : user_pref("CT3309350.UserID", "UN18105630541345268");
Line Found : user_pref("CT3309350.browser.search.defaultthis.engineName", "");
Line Found : user_pref("CT3309350.fullUserID", "UN18105630541345268.IN.20130828202331");
Line Found : user_pref("CT3309350.installDate", "28/08/2013 20:23:32");
Line Found : user_pref("CT3309350.installSessionId", "{20C3431C-F75E-453E-809C-C10F3D3AC9A5}");
Line Found : user_pref("CT3309350.installSp", "TRUE");
Line Found : user_pref("CT3309350.installerVersion", "1.6.1.2");
Line Found : user_pref("CT3309350.keyword", "true");
Line Found : user_pref("CT3309350.originalHomepage", "about:home");
Line Found : user_pref("CT3309350.originalSearchAddressUrl", "");
Line Found : user_pref("CT3309350.originalSearchEngine", "");
Line Found : user_pref("CT3309350.originalSearchEngineName", "");
Line Found : user_pref("CT3309350.searchRevert", "false");
Line Found : user_pref("CT3309350.searchUserMode", "2");
Line Found : user_pref("CT3309350.smartbar.homepage", "true");
Line Found : user_pref("CT3309350.versionFromInstaller", "10.19.2.5");
Line Found : user_pref("CT3309350.xpeMode", "0");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN18105630541345268&UM=2&UP=SPEEA6237E-C7D7-47DA-A84B-5D85F6B6C3BB");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3309350");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3309350&CUI=UN18105630541345268&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&SearchSource=2&CUI=UN18105630541345268&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3309350");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3309350");
Line Found : user_pref("smartbar.machineId", "PYU41QTP7QFM1KEYOJCEMVYG/W8I3WJBRR2HFVY9GE5JGQKFXOHGLZEMODFFSPCMVBJFNV+DP4B++DFWDVECEQ");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3309350&CUI=UN18105630541345268&UM=2&SearchSource=13");

-\\ Google Chrome v

[ File : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : search_url

*************************

AdwCleaner[R0].txt - [8902 octets] - [04/09/2013 14:11:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8962 octets] ##########


After all those steps I tried to reboot in normal mode. The computer boots up, however, no users are shown on the login screen and I am not able to get passed it.
andrbrks
Active Member
 
Posts: 11
Joined: September 1st, 2013, 10:46 pm

Re: Interpol virus has total control

Unread postby nunped » September 4th, 2013, 4:48 pm

Please proceed with the following:
FRST in Recovery Environment
(Farbar Recovery Scanner Tool for Vista-W7)

Please download FRST64.exe ... by Farbar. Save it to a FLASH drive.

  1. Plug the flashdrive into the infected PC.
  2. Enter System Recovery Options.
    1. To enter System Recovery Options from the Boot Menu ....
      • Restart the computer.
      • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
      • Use the arrow keys to select Repair your computer.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
    2. To enter System Recovery Options by using Windows installation disk ....
      • Insert the installation disk.
      • Restart your computer.
      • If prompted, press any key to start Windows from the installation disc.
      • If your computer is not configured to start from a CD or DVD, check your BIOS settings.
      • Choose your language settings, and then click Next.
      • Click Repair your computer.
      • Select the operating system you want to repair, and then click Next.
      • Select your user account and click Next.
  3. In the System Recovery Options Menu you will see the following options:
      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Scan your computer's memory for errors.
      Command Prompt
    1. Select Command Prompt
      • In the command window type in notepad and press Enter.
      • Notepad will open.
        Under File menu select Open.
      • Select "Computer" and find your flash drive letter.
      • Close Notepad.
    2. In the command window type E:\frst64.exe and press Enter. (Note: Replace letter E with the drive letter of your flash drive.)
  4. The tool will start to run.
  5. When the tool opens click Yes to disclaimer.
  6. Press Scan button.
  7. When finished scanning it will make a log FRST.txt on the flash drive.

Please post it in your next post.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Interpol virus has total control

Unread postby andrbrks » September 4th, 2013, 5:12 pm

I do not have an installation disc for this computer, and nor does its owner. If I can still get to that menu without one, should I go ahead and proceed?
andrbrks
Active Member
 
Posts: 11
Joined: September 1st, 2013, 10:46 pm

Re: Interpol virus has total control

Unread postby nunped » September 4th, 2013, 5:13 pm

Yes.
Following the instructions in 2A.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Interpol virus has total control

Unread postby andrbrks » September 4th, 2013, 5:48 pm

Here is the log FRST64 created after it's scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-09-2013
Ran by SYSTEM on MININT-2F6F3E9 on 04-09-2013 16:52:13
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\RunOnce: [asdsetup] - C:\asdsetup.exe [25679064 2013-08-30] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoSetTaskBar] 0
HKLM\...\Policies\Explorer: [NoFileMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoDesktop] 0x00000000
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 255
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoInternetIcon] 0
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoNetHood] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 4294967295
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKU\Katie\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe [690888 2012-08-24] (Adobe Systems Incorporated)
HKU\Katie\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S0].txt [9043 2013-09-04] ()
HKU\Katie\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
HKU\Katie\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION

==================== Services (Whitelisted) =================

S4 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S4 O2Flash; C:\Windows\SysWOW64\o2flash.exe [65536 2007-02-12] (O2Micro International)
S4 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [41984 2009-08-27] (Softex Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S4 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
S4 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
S4 UpdateNaviInstallService; C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe [14336 2009-09-30] (FUJITSU LIMITED)
S4 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
S0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
S3 Fjbtndrv; C:\Windows\system32\drivers\FjBtnDrv.sys [23040 2009-08-27] (Fujitsu America, Inc.)
S0 FJGSDisk; C:\Windows\System32\DRIVERS\FJGSDisk.sys [14696 2010-03-28] (FUJITSU LIMITED)
S3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
S3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130828.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130828.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
S3 O2MDRDR; C:\Windows\system32\drivers\o2mdx64.sys [58400 2009-05-13] (O2Micro )
S3 qcfiltersra2k; C:\Windows\system32\drivers\qcfiltersra2k.sys [6400 2010-03-15] (QUALCOMM Incorporated)
S3 qcusbsersra2k; C:\Windows\system32\drivers\qcusbsersra2k.sys [121600 2010-03-15] (QUALCOMM Incorporated)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3531776 2009-09-04] ()
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 wisdpen; C:\Windows\System32\DRIVERS\wisdpen.sys [44200 2009-08-24] (Wacom Technology)
S3 rm; \??\C:\windows\system32\drivers\rm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 11:11 - 2013-09-04 11:14 - 00000000 ____D C:\AdwCleaner
2013-09-04 10:59 - 2013-09-04 10:36 - 01037222 _____ C:\Users\Katie\Desktop\AdwCleaner.exe
2013-09-04 10:34 - 2013-09-04 10:34 - 00000000 ____D C:\_OTL
2013-09-04 09:45 - 2013-09-04 09:36 - 00602112 _____ (OldTimer Tools) C:\Users\Katie\Desktop\OTL.exe
2013-09-02 19:24 - 2013-09-02 19:24 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill64.exe
2013-09-02 19:20 - 2013-09-02 19:20 - 00003224 ____N C:\bootsqm.dat
2013-09-02 18:59 - 2013-09-02 18:59 - 00027256 _____ (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-09-02 18:52 - 2013-09-02 18:41 - 03651120 _____ C:\Users\Katie\Desktop\avg_remover_zeroaccess.exe
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\Users\Katie\AppData\Local\MFAData
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\Users\Katie\AppData\Local\Avg2013
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\ProgramData\MFAData
2013-09-01 21:57 - 2013-09-01 21:57 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Malwarebytes
2013-09-01 21:55 - 2013-09-01 21:55 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 21:55 - 2013-09-01 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 21:55 - 2013-09-01 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-01 21:55 - 2013-04-04 11:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-09-01 21:51 - 2013-09-02 19:29 - 00003102 _____ C:\Users\Katie\Desktop\Rkill.txt
2013-09-01 21:50 - 2013-09-01 21:48 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill.exe
2013-09-01 21:37 - 2013-09-01 21:37 - 00002243 _____ C:\Windows\epplauncher.mif
2013-09-01 21:25 - 2013-09-01 12:26 - 02986440 _____ (Symantec Corporation) C:\Users\Katie\Desktop\NPE.exe
2013-09-01 18:54 - 2013-09-01 18:58 - 00013822 _____ C:\Users\Katie\Desktop\dds.txt
2013-09-01 18:54 - 2013-09-01 18:58 - 00008786 _____ C:\Users\Katie\Desktop\attach.txt
2013-09-01 18:48 - 2013-09-01 18:48 - 00688992 ____R (Swearware) C:\Users\norton.Katie-PC\Desktop\dds.com
2013-09-01 16:21 - 2013-09-01 16:21 - 00000000 ____D C:\NBRT
2013-09-01 16:04 - 2013-09-01 16:04 - 00000000 ____D C:\NPE
2013-09-01 12:36 - 2013-09-01 12:36 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Roaming\Adobe
2013-09-01 12:32 - 2013-09-01 12:32 - 00000000 ____D C:\users\norton.Katie-PC
2013-09-01 12:32 - 2012-10-06 11:38 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Local\Microsoft Help
2013-09-01 12:32 - 2010-12-21 13:26 - 00002065 _____ C:\Users\norton.Katie-PC\Desktop\CyberLink PowerDirector.lnk
2013-09-01 12:32 - 2010-12-21 13:22 - 00001163 _____ C:\Users\norton.Katie-PC\Desktop\CyberLink MakeDisc.lnk
2013-09-01 12:32 - 2010-03-29 09:05 - 00057560 _____ C:\Users\norton.Katie-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 12:32 - 2010-03-28 20:22 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Roaming\InstallShield
2013-09-01 12:32 - 2009-07-13 21:09 - 00000020 ___SH C:\Users\norton.Katie-PC\ntuser.ini
2013-09-01 12:29 - 2013-09-02 19:46 - 00000000 ____D C:\Users\Katie\AppData\Local\NPE
2013-09-01 12:27 - 2013-09-01 12:26 - 02986440 _____ (Symantec Corporation) C:\Users\norton\Desktop\NPE.exe
2013-09-01 12:23 - 2013-09-01 12:23 - 00000000 ____D C:\Users\norton\AppData\Roaming\Mozilla
2013-09-01 12:23 - 2013-09-01 12:23 - 00000000 ____D C:\Users\norton\AppData\Local\Mozilla
2013-09-01 12:22 - 2013-09-01 12:22 - 00000000 ____D C:\users\norton
2013-09-01 12:22 - 2012-10-06 11:38 - 00000000 ____D C:\Users\norton\AppData\Local\Microsoft Help
2013-09-01 12:22 - 2010-12-21 13:26 - 00002065 _____ C:\Users\norton\Desktop\CyberLink PowerDirector.lnk
2013-09-01 12:22 - 2010-12-21 13:22 - 00001163 _____ C:\Users\norton\Desktop\CyberLink MakeDisc.lnk
2013-09-01 12:22 - 2010-03-29 09:05 - 00057560 _____ C:\Users\norton\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 12:22 - 2010-03-28 20:22 - 00000000 ____D C:\Users\norton\AppData\Roaming\InstallShield
2013-09-01 12:22 - 2009-07-13 21:09 - 00000020 ___SH C:\Users\norton\ntuser.ini
2013-08-30 12:44 - 2013-08-30 12:44 - 00000000 __SHD C:\$$PendingFiles
2013-08-30 08:29 - 2013-08-30 08:30 - 25679064 _____ C:\asdsetup.exe
2013-08-29 20:05 - 2013-08-29 20:05 - 85983232 _____ C:\Windows\System32\config\SOFTWARE.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 19922944 _____ C:\Windows\System32\config\SYSTEM.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 01048576 _____ C:\Windows\System32\config\DEFAULT.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2013-08-29 19:10 - 2013-08-29 19:10 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-08-29 13:19 - 2013-08-29 13:19 - 00000000 ____D C:\Windows\pss
2013-08-29 09:58 - 2013-08-29 10:10 - 00000004 _____ C:\Users\Katie\AppData\Roaming\cache.ini
2013-08-28 17:24 - 2013-08-28 17:24 - 00003774 _____ C:\Windows\System32\Tasks\TidyNetwork Update
2013-08-28 17:24 - 2013-08-28 17:24 - 00000000 ____D C:\Users\Katie\Downloads\spiritstallionthmzip
2013-08-28 17:23 - 2013-05-07 22:10 - 00770384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-08-28 17:23 - 2013-05-07 22:10 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-08-28 17:21 - 2013-08-28 17:21 - 01117952 _____ C:\Users\Katie\Downloads\spiritstallionofthecimarron-setup.exe
2013-08-28 15:56 - 2013-08-28 20:23 - 00000000 ____D C:\Users\Katie\Documents\MATLAB
2013-08-28 15:56 - 2013-08-28 15:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Subversion
2013-08-28 15:56 - 2013-08-28 15:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\MathWorks
2013-08-28 14:23 - 2013-08-28 14:23 - 01021100 _____ C:\Users\Katie\Downloads\02_Data_and_Expressions.zip
2013-08-28 11:17 - 2013-08-28 11:17 - 06080482 _____ C:\Users\Katie\Downloads\checkstyle-5.6-bin.zip
2013-08-28 11:15 - 2013-08-29 10:09 - 00000582 _____ C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-08-28 11:15 - 2013-08-28 11:15 - 00003760 _____ C:\Windows\System32\Tasks\MATLAB R2013a Startup Accelerator
2013-08-28 10:56 - 2013-08-28 15:55 - 00000000 ____D C:\Users\Katie\.grasp_settings
2013-08-28 10:54 - 2013-08-28 11:23 - 00000000 ____D C:\Program Files\MATLAB
2013-08-23 14:10 - 2013-08-23 14:10 - 00002075 _____ C:\Users\Public\Desktop\jGRASP.lnk
2013-08-23 14:10 - 2013-08-23 14:10 - 00000000 ____D C:\Program Files\jGRASP
2013-08-23 14:09 - 2013-08-23 14:09 - 05026008 _____ C:\Users\Katie\Downloads\jgrasp200_03.exe
2013-08-23 13:59 - 2013-08-23 13:58 - 01093032 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-08-23 13:59 - 2013-08-23 13:58 - 00972712 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-08-23 13:59 - 2013-08-23 13:58 - 00312232 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00188840 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-08-23 13:57 - 2013-08-23 13:58 - 00000000 ____D C:\Program Files\Java
2013-08-16 16:11 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-16 16:11 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-16 16:11 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-16 16:11 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-16 16:11 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 16:11 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 16:11 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 16:11 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 16:11 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-16 16:11 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 16:10 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-16 16:10 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-16 16:10 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-16 16:10 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 16:10 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 15:59 - 2013-08-16 16:02 - 00000000 ____D C:\Windows\System32\MRT
2013-08-15 14:23 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-15 14:23 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-15 14:23 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-15 14:23 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-15 14:23 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 14:23 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 14:23 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 14:23 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 14:22 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-15 14:22 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 14:22 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-15 14:22 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 14:22 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-15 14:22 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 14:22 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-15 14:22 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-04 16:51 - 2013-09-04 16:51 - 00000000 ____D C:\FRST
2013-09-04 11:14 - 2013-09-04 11:11 - 00000000 ____D C:\AdwCleaner
2013-09-04 11:06 - 2010-05-14 14:08 - 00124162 _____ C:\Windows\PFRO.log
2013-09-04 10:36 - 2013-09-04 10:59 - 01037222 _____ C:\Users\Katie\Desktop\AdwCleaner.exe
2013-09-04 10:34 - 2013-09-04 10:34 - 00000000 ____D C:\_OTL
2013-09-04 09:36 - 2013-09-04 09:45 - 00602112 _____ (OldTimer Tools) C:\Users\Katie\Desktop\OTL.exe
2013-09-02 19:46 - 2013-09-01 12:29 - 00000000 ____D C:\Users\Katie\AppData\Local\NPE
2013-09-02 19:29 - 2013-09-01 21:51 - 00003102 _____ C:\Users\Katie\Desktop\Rkill.txt
2013-09-02 19:24 - 2013-09-02 19:24 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill64.exe
2013-09-02 19:20 - 2013-09-02 19:20 - 00003224 ____N C:\bootsqm.dat
2013-09-02 18:59 - 2013-09-02 18:59 - 00027256 _____ (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-09-02 18:41 - 2013-09-02 18:52 - 03651120 _____ C:\Users\Katie\Desktop\avg_remover_zeroaccess.exe
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\Users\Katie\AppData\Local\MFAData
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\Users\Katie\AppData\Local\Avg2013
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\ProgramData\MFAData
2013-09-01 21:57 - 2013-09-01 21:57 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Malwarebytes
2013-09-01 21:55 - 2013-09-01 21:55 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 21:55 - 2013-09-01 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 21:55 - 2013-09-01 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-01 21:48 - 2013-09-01 21:50 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill.exe
2013-09-01 21:45 - 2010-12-21 10:29 - 01168147 _____ C:\Windows\WindowsUpdate.log
2013-09-01 21:37 - 2013-09-01 21:37 - 00002243 _____ C:\Windows\epplauncher.mif
2013-09-01 21:34 - 2010-12-21 14:57 - 00000000 ____D C:\Users\Katie\Documents\Youcam
2013-09-01 18:58 - 2013-09-01 18:54 - 00013822 _____ C:\Users\Katie\Desktop\dds.txt
2013-09-01 18:58 - 2013-09-01 18:54 - 00008786 _____ C:\Users\Katie\Desktop\attach.txt
2013-09-01 18:48 - 2013-09-01 18:48 - 00688992 ____R (Swearware) C:\Users\norton.Katie-PC\Desktop\dds.com
2013-09-01 16:21 - 2013-09-01 16:21 - 00000000 ____D C:\NBRT
2013-09-01 16:04 - 2013-09-01 16:04 - 00000000 ____D C:\NPE
2013-09-01 12:36 - 2013-09-01 12:36 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Roaming\Adobe
2013-09-01 12:32 - 2013-09-01 12:32 - 00000000 ____D C:\users\norton.Katie-PC
2013-09-01 12:29 - 2010-05-14 13:32 - 00000000 ____D C:\ProgramData\Norton
2013-09-01 12:26 - 2013-09-01 21:25 - 02986440 _____ (Symantec Corporation) C:\Users\Katie\Desktop\NPE.exe
2013-09-01 12:26 - 2013-09-01 12:27 - 02986440 _____ (Symantec Corporation) C:\Users\norton\Desktop\NPE.exe
2013-09-01 12:23 - 2013-09-01 12:23 - 00000000 ____D C:\Users\norton\AppData\Roaming\Mozilla
2013-09-01 12:23 - 2013-09-01 12:23 - 00000000 ____D C:\Users\norton\AppData\Local\Mozilla
2013-09-01 12:22 - 2013-09-01 12:22 - 00000000 ____D C:\users\norton
2013-08-30 12:44 - 2013-08-30 12:44 - 00000000 __SHD C:\$$PendingFiles
2013-08-30 08:30 - 2013-08-30 08:29 - 25679064 _____ C:\asdsetup.exe
2013-08-29 20:05 - 2013-08-29 20:05 - 85983232 _____ C:\Windows\System32\config\SOFTWARE.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 19922944 _____ C:\Windows\System32\config\SYSTEM.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 01048576 _____ C:\Windows\System32\config\DEFAULT.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2013-08-29 20:05 - 2010-12-21 10:29 - 00000000 ____D C:\users\Katie
2013-08-29 19:10 - 2013-08-29 19:10 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-08-29 13:28 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 13:28 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 13:19 - 2013-08-29 13:19 - 00000000 ____D C:\Windows\pss
2013-08-29 12:30 - 2010-12-22 13:32 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 10:13 - 2012-11-15 00:25 - 00000000 ____D C:\ProgramData\Sendori
2013-08-29 10:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 10:12 - 2009-07-13 20:51 - 00063114 _____ C:\Windows\setupact.log
2013-08-29 10:12 - 2009-07-13 20:45 - 00383584 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-29 10:10 - 2013-08-29 09:58 - 00000004 _____ C:\Users\Katie\AppData\Roaming\cache.ini
2013-08-29 10:09 - 2013-08-28 11:15 - 00000582 _____ C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-08-29 09:53 - 2010-12-22 13:31 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-28 20:23 - 2013-08-28 15:56 - 00000000 ____D C:\Users\Katie\Documents\MATLAB
2013-08-28 20:07 - 2010-12-22 13:32 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 17:24 - 2013-08-28 17:24 - 00003774 _____ C:\Windows\System32\Tasks\TidyNetwork Update
2013-08-28 17:24 - 2013-08-28 17:24 - 00000000 ____D C:\Users\Katie\Downloads\spiritstallionthmzip
2013-08-28 17:21 - 2013-08-28 17:21 - 01117952 _____ C:\Users\Katie\Downloads\spiritstallionofthecimarron-setup.exe
2013-08-28 15:56 - 2013-08-28 15:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Subversion
2013-08-28 15:56 - 2013-08-28 15:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\MathWorks
2013-08-28 15:55 - 2013-08-28 10:56 - 00000000 ____D C:\Users\Katie\.grasp_settings
2013-08-28 14:31 - 2013-04-14 17:01 - 00000000 ____D C:\Users\Katie\Documents\AU 2013
2013-08-28 14:23 - 2013-08-28 14:23 - 01021100 _____ C:\Users\Katie\Downloads\02_Data_and_Expressions.zip
2013-08-28 11:23 - 2013-08-28 10:54 - 00000000 ____D C:\Program Files\MATLAB
2013-08-28 11:17 - 2013-08-28 11:17 - 06080482 _____ C:\Users\Katie\Downloads\checkstyle-5.6-bin.zip
2013-08-28 11:15 - 2013-08-28 11:15 - 00003760 _____ C:\Windows\System32\Tasks\MATLAB R2013a Startup Accelerator
2013-08-27 14:55 - 2010-12-22 12:36 - 00000000 ____D C:\Users\Katie\AppData\Local\CrashDumps
2013-08-25 19:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-25 09:36 - 2010-12-21 10:29 - 00101328 _____ C:\Users\Katie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-24 12:13 - 2010-12-27 21:42 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Skype
2013-08-23 14:10 - 2013-08-23 14:10 - 00002075 _____ C:\Users\Public\Desktop\jGRASP.lnk
2013-08-23 14:10 - 2013-08-23 14:10 - 00000000 ____D C:\Program Files\jGRASP
2013-08-23 14:09 - 2013-08-23 14:09 - 05026008 _____ C:\Users\Katie\Downloads\jgrasp200_03.exe
2013-08-23 13:58 - 2013-08-23 13:59 - 01093032 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-08-23 13:58 - 2013-08-23 13:59 - 00972712 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-08-23 13:58 - 2013-08-23 13:59 - 00312232 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00188840 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-08-23 13:58 - 2013-08-23 13:57 - 00000000 ____D C:\Program Files\Java
2013-08-23 13:26 - 2012-06-23 16:03 - 00000414 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-08-23 13:26 - 2010-12-21 12:41 - 00000000 ____D C:\Users\Katie\AppData\Roaming\WTablet
2013-08-16 16:05 - 2009-07-13 21:13 - 00741704 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-16 16:02 - 2013-08-16 15:59 - 00000000 ____D C:\Windows\System32\MRT
2013-08-16 15:59 - 2010-12-22 21:04 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{b0ca9241-7088-efd6-d47d-015d0122b1d5}
C:\Users\Katie\AppData\Roaming\cache.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3891.54 MB
Available physical RAM: 3271.09 MB
Total Pagefile: 3889.69 MB
Available Pagefile: 3263.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:140.95 GB) (Free:72.02 GB) NTFS
Drive e: () (Fixed) (Total:140.95 GB) (Free:140.83 GB) NTFS
Drive f: () (Fixed) (Total:16 GB) (Free:5.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (MATHWORKS_R2013A) (CDROM) (Total:2.43 GB) (Free:0 GB) CDFS
Drive h: (BROOKS) (Removable) (Total:14.89 GB) (Free:14.65 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 3964DB9D)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=141 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-08-25 18:56

==================== End Of Log ============================
andrbrks
Active Member
 
Posts: 11
Joined: September 1st, 2013, 10:46 pm

Re: Interpol virus has total control

Unread postby nunped » September 4th, 2013, 6:14 pm

Hi andrbrks,

Can I ask you to try again with a fresh download, please?

If you still aren't able to run it under recovery environment, please run it under "Safe Mode" saving the FRST64.exe file to the desktop of the infected computer and run it from there.
Please post the logs on your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Interpol virus has total control

Unread postby andrbrks » September 4th, 2013, 6:25 pm

Here are the requested logs with FRST64 ran from safe mode:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-09-2013
Ran by SYSTEM on MININT-2F6F3E9 on 04-09-2013 16:52:13
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\RunOnce: [asdsetup] - C:\asdsetup.exe [25679064 2013-08-30] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoSetTaskBar] 0
HKLM\...\Policies\Explorer: [NoFileMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoDesktop] 0x00000000
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 255
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoInternetIcon] 0
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoNetHood] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 4294967295
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKU\Katie\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe [690888 2012-08-24] (Adobe Systems Incorporated)
HKU\Katie\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S0].txt [9043 2013-09-04] ()
HKU\Katie\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
HKU\Katie\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION

==================== Services (Whitelisted) =================

S4 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S4 O2Flash; C:\Windows\SysWOW64\o2flash.exe [65536 2007-02-12] (O2Micro International)
S4 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [41984 2009-08-27] (Softex Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S4 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
S4 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
S4 UpdateNaviInstallService; C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe [14336 2009-09-30] (FUJITSU LIMITED)
S4 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
S0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
S3 Fjbtndrv; C:\Windows\system32\drivers\FjBtnDrv.sys [23040 2009-08-27] (Fujitsu America, Inc.)
S0 FJGSDisk; C:\Windows\System32\DRIVERS\FJGSDisk.sys [14696 2010-03-28] (FUJITSU LIMITED)
S3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
S3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130828.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130828.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
S3 O2MDRDR; C:\Windows\system32\drivers\o2mdx64.sys [58400 2009-05-13] (O2Micro )
S3 qcfiltersra2k; C:\Windows\system32\drivers\qcfiltersra2k.sys [6400 2010-03-15] (QUALCOMM Incorporated)
S3 qcusbsersra2k; C:\Windows\system32\drivers\qcusbsersra2k.sys [121600 2010-03-15] (QUALCOMM Incorporated)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3531776 2009-09-04] ()
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 wisdpen; C:\Windows\System32\DRIVERS\wisdpen.sys [44200 2009-08-24] (Wacom Technology)
S3 rm; \??\C:\windows\system32\drivers\rm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 11:11 - 2013-09-04 11:14 - 00000000 ____D C:\AdwCleaner
2013-09-04 10:59 - 2013-09-04 10:36 - 01037222 _____ C:\Users\Katie\Desktop\AdwCleaner.exe
2013-09-04 10:34 - 2013-09-04 10:34 - 00000000 ____D C:\_OTL
2013-09-04 09:45 - 2013-09-04 09:36 - 00602112 _____ (OldTimer Tools) C:\Users\Katie\Desktop\OTL.exe
2013-09-02 19:24 - 2013-09-02 19:24 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill64.exe
2013-09-02 19:20 - 2013-09-02 19:20 - 00003224 ____N C:\bootsqm.dat
2013-09-02 18:59 - 2013-09-02 18:59 - 00027256 _____ (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-09-02 18:52 - 2013-09-02 18:41 - 03651120 _____ C:\Users\Katie\Desktop\avg_remover_zeroaccess.exe
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\Users\Katie\AppData\Local\MFAData
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\Users\Katie\AppData\Local\Avg2013
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\ProgramData\MFAData
2013-09-01 21:57 - 2013-09-01 21:57 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Malwarebytes
2013-09-01 21:55 - 2013-09-01 21:55 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 21:55 - 2013-09-01 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 21:55 - 2013-09-01 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-01 21:55 - 2013-04-04 11:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-09-01 21:51 - 2013-09-02 19:29 - 00003102 _____ C:\Users\Katie\Desktop\Rkill.txt
2013-09-01 21:50 - 2013-09-01 21:48 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill.exe
2013-09-01 21:37 - 2013-09-01 21:37 - 00002243 _____ C:\Windows\epplauncher.mif
2013-09-01 21:25 - 2013-09-01 12:26 - 02986440 _____ (Symantec Corporation) C:\Users\Katie\Desktop\NPE.exe
2013-09-01 18:54 - 2013-09-01 18:58 - 00013822 _____ C:\Users\Katie\Desktop\dds.txt
2013-09-01 18:54 - 2013-09-01 18:58 - 00008786 _____ C:\Users\Katie\Desktop\attach.txt
2013-09-01 18:48 - 2013-09-01 18:48 - 00688992 ____R (Swearware) C:\Users\norton.Katie-PC\Desktop\dds.com
2013-09-01 16:21 - 2013-09-01 16:21 - 00000000 ____D C:\NBRT
2013-09-01 16:04 - 2013-09-01 16:04 - 00000000 ____D C:\NPE
2013-09-01 12:36 - 2013-09-01 12:36 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Roaming\Adobe
2013-09-01 12:32 - 2013-09-01 12:32 - 00000000 ____D C:\users\norton.Katie-PC
2013-09-01 12:32 - 2012-10-06 11:38 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Local\Microsoft Help
2013-09-01 12:32 - 2010-12-21 13:26 - 00002065 _____ C:\Users\norton.Katie-PC\Desktop\CyberLink PowerDirector.lnk
2013-09-01 12:32 - 2010-12-21 13:22 - 00001163 _____ C:\Users\norton.Katie-PC\Desktop\CyberLink MakeDisc.lnk
2013-09-01 12:32 - 2010-03-29 09:05 - 00057560 _____ C:\Users\norton.Katie-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 12:32 - 2010-03-28 20:22 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Roaming\InstallShield
2013-09-01 12:32 - 2009-07-13 21:09 - 00000020 ___SH C:\Users\norton.Katie-PC\ntuser.ini
2013-09-01 12:29 - 2013-09-02 19:46 - 00000000 ____D C:\Users\Katie\AppData\Local\NPE
2013-09-01 12:27 - 2013-09-01 12:26 - 02986440 _____ (Symantec Corporation) C:\Users\norton\Desktop\NPE.exe
2013-09-01 12:23 - 2013-09-01 12:23 - 00000000 ____D C:\Users\norton\AppData\Roaming\Mozilla
2013-09-01 12:23 - 2013-09-01 12:23 - 00000000 ____D C:\Users\norton\AppData\Local\Mozilla
2013-09-01 12:22 - 2013-09-01 12:22 - 00000000 ____D C:\users\norton
2013-09-01 12:22 - 2012-10-06 11:38 - 00000000 ____D C:\Users\norton\AppData\Local\Microsoft Help
2013-09-01 12:22 - 2010-12-21 13:26 - 00002065 _____ C:\Users\norton\Desktop\CyberLink PowerDirector.lnk
2013-09-01 12:22 - 2010-12-21 13:22 - 00001163 _____ C:\Users\norton\Desktop\CyberLink MakeDisc.lnk
2013-09-01 12:22 - 2010-03-29 09:05 - 00057560 _____ C:\Users\norton\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 12:22 - 2010-03-28 20:22 - 00000000 ____D C:\Users\norton\AppData\Roaming\InstallShield
2013-09-01 12:22 - 2009-07-13 21:09 - 00000020 ___SH C:\Users\norton\ntuser.ini
2013-08-30 12:44 - 2013-08-30 12:44 - 00000000 __SHD C:\$$PendingFiles
2013-08-30 08:29 - 2013-08-30 08:30 - 25679064 _____ C:\asdsetup.exe
2013-08-29 20:05 - 2013-08-29 20:05 - 85983232 _____ C:\Windows\System32\config\SOFTWARE.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 19922944 _____ C:\Windows\System32\config\SYSTEM.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 01048576 _____ C:\Windows\System32\config\DEFAULT.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2013-08-29 19:10 - 2013-08-29 19:10 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-08-29 13:19 - 2013-08-29 13:19 - 00000000 ____D C:\Windows\pss
2013-08-29 09:58 - 2013-08-29 10:10 - 00000004 _____ C:\Users\Katie\AppData\Roaming\cache.ini
2013-08-28 17:24 - 2013-08-28 17:24 - 00003774 _____ C:\Windows\System32\Tasks\TidyNetwork Update
2013-08-28 17:24 - 2013-08-28 17:24 - 00000000 ____D C:\Users\Katie\Downloads\spiritstallionthmzip
2013-08-28 17:23 - 2013-05-07 22:10 - 00770384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-08-28 17:23 - 2013-05-07 22:10 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-08-28 17:21 - 2013-08-28 17:21 - 01117952 _____ C:\Users\Katie\Downloads\spiritstallionofthecimarron-setup.exe
2013-08-28 15:56 - 2013-08-28 20:23 - 00000000 ____D C:\Users\Katie\Documents\MATLAB
2013-08-28 15:56 - 2013-08-28 15:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Subversion
2013-08-28 15:56 - 2013-08-28 15:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\MathWorks
2013-08-28 14:23 - 2013-08-28 14:23 - 01021100 _____ C:\Users\Katie\Downloads\02_Data_and_Expressions.zip
2013-08-28 11:17 - 2013-08-28 11:17 - 06080482 _____ C:\Users\Katie\Downloads\checkstyle-5.6-bin.zip
2013-08-28 11:15 - 2013-08-29 10:09 - 00000582 _____ C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-08-28 11:15 - 2013-08-28 11:15 - 00003760 _____ C:\Windows\System32\Tasks\MATLAB R2013a Startup Accelerator
2013-08-28 10:56 - 2013-08-28 15:55 - 00000000 ____D C:\Users\Katie\.grasp_settings
2013-08-28 10:54 - 2013-08-28 11:23 - 00000000 ____D C:\Program Files\MATLAB
2013-08-23 14:10 - 2013-08-23 14:10 - 00002075 _____ C:\Users\Public\Desktop\jGRASP.lnk
2013-08-23 14:10 - 2013-08-23 14:10 - 00000000 ____D C:\Program Files\jGRASP
2013-08-23 14:09 - 2013-08-23 14:09 - 05026008 _____ C:\Users\Katie\Downloads\jgrasp200_03.exe
2013-08-23 13:59 - 2013-08-23 13:58 - 01093032 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-08-23 13:59 - 2013-08-23 13:58 - 00972712 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-08-23 13:59 - 2013-08-23 13:58 - 00312232 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00188840 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-08-23 13:57 - 2013-08-23 13:58 - 00000000 ____D C:\Program Files\Java
2013-08-16 16:11 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-16 16:11 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-16 16:11 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-16 16:11 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-16 16:11 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-16 16:11 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 16:11 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 16:11 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 16:11 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 16:11 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 16:11 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-16 16:11 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 16:10 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-16 16:10 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-16 16:10 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-16 16:10 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 16:10 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 15:59 - 2013-08-16 16:02 - 00000000 ____D C:\Windows\System32\MRT
2013-08-15 14:23 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-15 14:23 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-15 14:23 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-15 14:23 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-15 14:23 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 14:23 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 14:23 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 14:23 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 14:22 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-15 14:22 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 14:22 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-15 14:22 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 14:22 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-15 14:22 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 14:22 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-15 14:22 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-04 16:51 - 2013-09-04 16:51 - 00000000 ____D C:\FRST
2013-09-04 11:14 - 2013-09-04 11:11 - 00000000 ____D C:\AdwCleaner
2013-09-04 11:06 - 2010-05-14 14:08 - 00124162 _____ C:\Windows\PFRO.log
2013-09-04 10:36 - 2013-09-04 10:59 - 01037222 _____ C:\Users\Katie\Desktop\AdwCleaner.exe
2013-09-04 10:34 - 2013-09-04 10:34 - 00000000 ____D C:\_OTL
2013-09-04 09:36 - 2013-09-04 09:45 - 00602112 _____ (OldTimer Tools) C:\Users\Katie\Desktop\OTL.exe
2013-09-02 19:46 - 2013-09-01 12:29 - 00000000 ____D C:\Users\Katie\AppData\Local\NPE
2013-09-02 19:29 - 2013-09-01 21:51 - 00003102 _____ C:\Users\Katie\Desktop\Rkill.txt
2013-09-02 19:24 - 2013-09-02 19:24 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill64.exe
2013-09-02 19:20 - 2013-09-02 19:20 - 00003224 ____N C:\bootsqm.dat
2013-09-02 18:59 - 2013-09-02 18:59 - 00027256 _____ (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2013-09-02 18:41 - 2013-09-02 18:52 - 03651120 _____ C:\Users\Katie\Desktop\avg_remover_zeroaccess.exe
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\Users\Katie\AppData\Local\MFAData
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\Users\Katie\AppData\Local\Avg2013
2013-09-02 18:38 - 2013-09-02 18:38 - 00000000 ____D C:\ProgramData\MFAData
2013-09-01 21:57 - 2013-09-01 21:57 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Malwarebytes
2013-09-01 21:55 - 2013-09-01 21:55 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-01 21:55 - 2013-09-01 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 21:55 - 2013-09-01 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-01 21:48 - 2013-09-01 21:50 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill.exe
2013-09-01 21:45 - 2010-12-21 10:29 - 01168147 _____ C:\Windows\WindowsUpdate.log
2013-09-01 21:37 - 2013-09-01 21:37 - 00002243 _____ C:\Windows\epplauncher.mif
2013-09-01 21:34 - 2010-12-21 14:57 - 00000000 ____D C:\Users\Katie\Documents\Youcam
2013-09-01 18:58 - 2013-09-01 18:54 - 00013822 _____ C:\Users\Katie\Desktop\dds.txt
2013-09-01 18:58 - 2013-09-01 18:54 - 00008786 _____ C:\Users\Katie\Desktop\attach.txt
2013-09-01 18:48 - 2013-09-01 18:48 - 00688992 ____R (Swearware) C:\Users\norton.Katie-PC\Desktop\dds.com
2013-09-01 16:21 - 2013-09-01 16:21 - 00000000 ____D C:\NBRT
2013-09-01 16:04 - 2013-09-01 16:04 - 00000000 ____D C:\NPE
2013-09-01 12:36 - 2013-09-01 12:36 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Roaming\Adobe
2013-09-01 12:32 - 2013-09-01 12:32 - 00000000 ____D C:\users\norton.Katie-PC
2013-09-01 12:29 - 2010-05-14 13:32 - 00000000 ____D C:\ProgramData\Norton
2013-09-01 12:26 - 2013-09-01 21:25 - 02986440 _____ (Symantec Corporation) C:\Users\Katie\Desktop\NPE.exe
2013-09-01 12:26 - 2013-09-01 12:27 - 02986440 _____ (Symantec Corporation) C:\Users\norton\Desktop\NPE.exe
2013-09-01 12:23 - 2013-09-01 12:23 - 00000000 ____D C:\Users\norton\AppData\Roaming\Mozilla
2013-09-01 12:23 - 2013-09-01 12:23 - 00000000 ____D C:\Users\norton\AppData\Local\Mozilla
2013-09-01 12:22 - 2013-09-01 12:22 - 00000000 ____D C:\users\norton
2013-08-30 12:44 - 2013-08-30 12:44 - 00000000 __SHD C:\$$PendingFiles
2013-08-30 08:30 - 2013-08-30 08:29 - 25679064 _____ C:\asdsetup.exe
2013-08-29 20:05 - 2013-08-29 20:05 - 85983232 _____ C:\Windows\System32\config\SOFTWARE.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 19922944 _____ C:\Windows\System32\config\SYSTEM.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 01048576 _____ C:\Windows\System32\config\DEFAULT.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 00262144 _____ C:\Windows\System32\config\SECURITY.bhv
2013-08-29 20:05 - 2013-08-29 20:05 - 00262144 _____ C:\Windows\System32\config\SAM.bhv
2013-08-29 20:05 - 2010-12-21 10:29 - 00000000 ____D C:\users\Katie
2013-08-29 19:10 - 2013-08-29 19:10 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-08-29 13:28 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 13:28 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 13:19 - 2013-08-29 13:19 - 00000000 ____D C:\Windows\pss
2013-08-29 12:30 - 2010-12-22 13:32 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 10:13 - 2012-11-15 00:25 - 00000000 ____D C:\ProgramData\Sendori
2013-08-29 10:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 10:12 - 2009-07-13 20:51 - 00063114 _____ C:\Windows\setupact.log
2013-08-29 10:12 - 2009-07-13 20:45 - 00383584 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-29 10:10 - 2013-08-29 09:58 - 00000004 _____ C:\Users\Katie\AppData\Roaming\cache.ini
2013-08-29 10:09 - 2013-08-28 11:15 - 00000582 _____ C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-08-29 09:53 - 2010-12-22 13:31 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-28 20:23 - 2013-08-28 15:56 - 00000000 ____D C:\Users\Katie\Documents\MATLAB
2013-08-28 20:07 - 2010-12-22 13:32 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 17:24 - 2013-08-28 17:24 - 00003774 _____ C:\Windows\System32\Tasks\TidyNetwork Update
2013-08-28 17:24 - 2013-08-28 17:24 - 00000000 ____D C:\Users\Katie\Downloads\spiritstallionthmzip
2013-08-28 17:21 - 2013-08-28 17:21 - 01117952 _____ C:\Users\Katie\Downloads\spiritstallionofthecimarron-setup.exe
2013-08-28 15:56 - 2013-08-28 15:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Subversion
2013-08-28 15:56 - 2013-08-28 15:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\MathWorks
2013-08-28 15:55 - 2013-08-28 10:56 - 00000000 ____D C:\Users\Katie\.grasp_settings
2013-08-28 14:31 - 2013-04-14 17:01 - 00000000 ____D C:\Users\Katie\Documents\AU 2013
2013-08-28 14:23 - 2013-08-28 14:23 - 01021100 _____ C:\Users\Katie\Downloads\02_Data_and_Expressions.zip
2013-08-28 11:23 - 2013-08-28 10:54 - 00000000 ____D C:\Program Files\MATLAB
2013-08-28 11:17 - 2013-08-28 11:17 - 06080482 _____ C:\Users\Katie\Downloads\checkstyle-5.6-bin.zip
2013-08-28 11:15 - 2013-08-28 11:15 - 00003760 _____ C:\Windows\System32\Tasks\MATLAB R2013a Startup Accelerator
2013-08-27 14:55 - 2010-12-22 12:36 - 00000000 ____D C:\Users\Katie\AppData\Local\CrashDumps
2013-08-25 19:06 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-08-25 09:36 - 2010-12-21 10:29 - 00101328 _____ C:\Users\Katie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-24 12:13 - 2010-12-27 21:42 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Skype
2013-08-23 14:10 - 2013-08-23 14:10 - 00002075 _____ C:\Users\Public\Desktop\jGRASP.lnk
2013-08-23 14:10 - 2013-08-23 14:10 - 00000000 ____D C:\Program Files\jGRASP
2013-08-23 14:09 - 2013-08-23 14:09 - 05026008 _____ C:\Users\Katie\Downloads\jgrasp200_03.exe
2013-08-23 13:58 - 2013-08-23 13:59 - 01093032 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-08-23 13:58 - 2013-08-23 13:59 - 00972712 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-08-23 13:58 - 2013-08-23 13:59 - 00312232 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00188840 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-08-23 13:58 - 2013-08-23 13:58 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-08-23 13:58 - 2013-08-23 13:57 - 00000000 ____D C:\Program Files\Java
2013-08-23 13:26 - 2012-06-23 16:03 - 00000414 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-08-23 13:26 - 2010-12-21 12:41 - 00000000 ____D C:\Users\Katie\AppData\Roaming\WTablet
2013-08-16 16:05 - 2009-07-13 21:13 - 00741704 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-16 16:02 - 2013-08-16 15:59 - 00000000 ____D C:\Windows\System32\MRT
2013-08-16 15:59 - 2010-12-22 21:04 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{b0ca9241-7088-efd6-d47d-015d0122b1d5}
C:\Users\Katie\AppData\Roaming\cache.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3891.54 MB
Available physical RAM: 3271.09 MB
Total Pagefile: 3889.69 MB
Available Pagefile: 3263.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:140.95 GB) (Free:72.02 GB) NTFS
Drive e: () (Fixed) (Total:140.95 GB) (Free:140.83 GB) NTFS
Drive f: () (Fixed) (Total:16 GB) (Free:5.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (MATHWORKS_R2013A) (CDROM) (Total:2.43 GB) (Free:0 GB) CDFS
Drive h: (BROOKS) (Removable) (Total:14.89 GB) (Free:14.65 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 3964DB9D)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=141 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-08-25 18:56

==================== End Of Log ============================

I'm leaving for a six hour drive for military orders but will be taking my laptop as well as the infected laptop with me and will proceed with the next step once I arrive at the hotel.
andrbrks
Active Member
 
Posts: 11
Joined: September 1st, 2013, 10:46 pm

Re: Interpol virus has total control

Unread postby andrbrks » September 4th, 2013, 6:29 pm

I accidentally submitted the log that was saved onto the flash drive, forgetting that FRST64 ran off the actual hard drive. Here are the two logs produced from the second scan, where the computer was booted into safe mode:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-09-2013
Ran by Katie (administrator) on KATIE-PC on 04-09-2013 17:21:39
Running from C:\Users\Katie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [x]
HKLM\...\RunOnce: [asdsetup] - C:\asdsetup.exe [25679064 2013-08-30] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoSetTaskBar] 0
HKLM\...\Policies\Explorer: [NoFileMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoDesktop] 0x00000000
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 255
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoInternetIcon] 0
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoNetHood] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 4294967295
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe -update plugin [690888 2012-08-24] (Adobe Systems Incorporated)
HKCU\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S0].txt [9043 2013-09-04] ()
HKCU\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
HKCU\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.us.fujitsu.com/index.php
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKCU - Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Winsock: Catalog9 01 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 16 C:\windows\system32\Sendori.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Katie\AppData\Roaming\Mozilla\Firefox\Profiles\j4wud1zh.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - c:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/DownloadManager,version=1.1 - C:\windows\ ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - c:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: (Web Search) - http://www.google.com
CHR DefaultSuggestURL: (Web Search) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\9.0.597.84\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\9.0.597.84\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\9.0.597.84\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File

==================== Services (Whitelisted) =================

S4 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S4 O2Flash; C:\Windows\SysWOW64\o2flash.exe [65536 2007-02-12] (O2Micro International)
S4 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [41984 2009-08-27] (Softex Inc.)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S4 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
S4 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
S4 UpdateNaviInstallService; C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe [14336 2009-09-30] (FUJITSU LIMITED)
S4 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 Fjbtndrv; C:\Windows\system32\drivers\FjBtnDrv.sys [23040 2009-08-27] (Fujitsu America, Inc.)
R0 FJGSDisk; C:\Windows\System32\DRIVERS\FJGSDisk.sys [14696 2010-03-28] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\system32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130828.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130828.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130829.002\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
R3 O2MDRDR; C:\Windows\system32\drivers\o2mdx64.sys [58400 2009-05-13] (O2Micro )
S3 qcfiltersra2k; C:\Windows\system32\drivers\qcfiltersra2k.sys [6400 2010-03-15] (QUALCOMM Incorporated)
S3 qcusbsersra2k; C:\Windows\system32\drivers\qcusbsersra2k.sys [121600 2010-03-15] (QUALCOMM Incorporated)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3531776 2009-09-04] ()
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-18] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
R3 wisdpen; C:\Windows\System32\DRIVERS\wisdpen.sys [44200 2009-08-24] (Wacom Technology)
S3 rm; \??\C:\windows\system32\drivers\rm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 17:21 - 2013-09-04 16:34 - 01950668 _____ (Farbar) C:\Users\Katie\Desktop\FRST64.exe
2013-09-04 14:11 - 2013-09-04 14:14 - 00000000 ____D C:\AdwCleaner
2013-09-04 13:59 - 2013-09-04 13:36 - 01037222 _____ C:\Users\Katie\Desktop\AdwCleaner.exe
2013-09-04 13:34 - 2013-09-04 13:34 - 00000000 ____D C:\_OTL
2013-09-04 12:45 - 2013-09-04 12:36 - 00602112 _____ (OldTimer Tools) C:\Users\Katie\Desktop\OTL.exe
2013-09-02 22:24 - 2013-09-02 22:24 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill64.exe
2013-09-02 22:20 - 2013-09-02 22:20 - 00003224 ____N C:\bootsqm.dat
2013-09-02 21:59 - 2013-09-02 21:59 - 00027256 _____ (Symantec Corporation) C:\windows\system32\Drivers\FixZeroAccess.sys
2013-09-02 21:52 - 2013-09-02 21:41 - 03651120 _____ C:\Users\Katie\Desktop\avg_remover_zeroaccess.exe
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\Users\Katie\AppData\Local\MFAData
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\Users\Katie\AppData\Local\Avg2013
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\ProgramData\MFAData
2013-09-02 00:57 - 2013-09-02 00:57 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Malwarebytes
2013-09-02 00:55 - 2013-09-02 00:55 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-02 00:55 - 2013-09-02 00:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 00:55 - 2013-09-02 00:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 00:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-02 00:51 - 2013-09-02 22:29 - 00003102 _____ C:\Users\Katie\Desktop\Rkill.txt
2013-09-02 00:50 - 2013-09-02 00:48 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill.exe
2013-09-02 00:37 - 2013-09-02 00:37 - 00002243 _____ C:\windows\epplauncher.mif
2013-09-02 00:25 - 2013-09-01 15:26 - 02986440 _____ (Symantec Corporation) C:\Users\Katie\Desktop\NPE.exe
2013-09-01 21:54 - 2013-09-01 21:58 - 00013822 _____ C:\Users\Katie\Desktop\dds.txt
2013-09-01 21:54 - 2013-09-01 21:58 - 00008786 _____ C:\Users\Katie\Desktop\attach.txt
2013-09-01 21:48 - 2013-09-01 21:48 - 00688992 ____R (Swearware) C:\Users\norton.Katie-PC\Desktop\dds.com
2013-09-01 19:21 - 2013-09-01 19:21 - 00000000 ____D C:\NBRT
2013-09-01 19:04 - 2013-09-01 19:04 - 00000000 ____D C:\NPE
2013-09-01 15:36 - 2013-09-01 15:36 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Roaming\Adobe
2013-09-01 15:32 - 2013-09-01 15:32 - 00000000 ____D C:\Users\norton.Katie-PC
2013-09-01 15:32 - 2012-10-06 14:38 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Local\Microsoft Help
2013-09-01 15:32 - 2010-12-21 16:26 - 00002065 _____ C:\Users\norton.Katie-PC\Desktop\CyberLink PowerDirector.lnk
2013-09-01 15:32 - 2010-12-21 16:22 - 00001163 _____ C:\Users\norton.Katie-PC\Desktop\CyberLink MakeDisc.lnk
2013-09-01 15:32 - 2010-03-29 12:05 - 00057560 _____ C:\Users\norton.Katie-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 15:32 - 2010-03-28 23:22 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Roaming\InstallShield
2013-09-01 15:32 - 2009-07-14 00:09 - 00000020 ___SH C:\Users\norton.Katie-PC\ntuser.ini
2013-09-01 15:29 - 2013-09-02 22:46 - 00000000 ____D C:\Users\Katie\AppData\Local\NPE
2013-09-01 15:27 - 2013-09-01 15:26 - 02986440 _____ (Symantec Corporation) C:\Users\norton\Desktop\NPE.exe
2013-09-01 15:23 - 2013-09-01 15:23 - 00000000 ____D C:\Users\norton\AppData\Roaming\Mozilla
2013-09-01 15:23 - 2013-09-01 15:23 - 00000000 ____D C:\Users\norton\AppData\Local\Mozilla
2013-09-01 15:22 - 2013-09-01 15:22 - 00000000 ____D C:\Users\norton
2013-09-01 15:22 - 2012-10-06 14:38 - 00000000 ____D C:\Users\norton\AppData\Local\Microsoft Help
2013-09-01 15:22 - 2010-12-21 16:26 - 00002065 _____ C:\Users\norton\Desktop\CyberLink PowerDirector.lnk
2013-09-01 15:22 - 2010-12-21 16:22 - 00001163 _____ C:\Users\norton\Desktop\CyberLink MakeDisc.lnk
2013-09-01 15:22 - 2010-03-29 12:05 - 00057560 _____ C:\Users\norton\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-01 15:22 - 2010-03-28 23:22 - 00000000 ____D C:\Users\norton\AppData\Roaming\InstallShield
2013-09-01 15:22 - 2009-07-14 00:09 - 00000020 ___SH C:\Users\norton\ntuser.ini
2013-08-30 15:44 - 2013-08-30 15:44 - 00000000 __SHD C:\$$PendingFiles
2013-08-30 11:29 - 2013-08-30 11:30 - 25679064 _____ C:\asdsetup.exe
2013-08-29 23:05 - 2013-08-29 23:05 - 85983232 _____ C:\windows\system32\config\SOFTWARE.bhv
2013-08-29 23:05 - 2013-08-29 23:05 - 19922944 _____ C:\windows\system32\config\SYSTEM.bhv
2013-08-29 23:05 - 2013-08-29 23:05 - 01048576 _____ C:\windows\system32\config\DEFAULT.bhv
2013-08-29 23:05 - 2013-08-29 23:05 - 00262144 _____ C:\windows\system32\config\SECURITY.bhv
2013-08-29 23:05 - 2013-08-29 23:05 - 00262144 _____ C:\windows\system32\config\SAM.bhv
2013-08-29 22:10 - 2013-08-29 22:10 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-08-29 16:19 - 2013-08-29 16:19 - 00000000 ____D C:\windows\pss
2013-08-29 12:58 - 2013-08-29 13:10 - 00000004 _____ C:\Users\Katie\AppData\Roaming\cache.ini
2013-08-28 20:24 - 2013-08-28 20:24 - 00003774 _____ C:\windows\System32\Tasks\TidyNetwork Update
2013-08-28 20:24 - 2013-08-28 20:24 - 00000000 ____D C:\Users\Katie\Downloads\spiritstallionthmzip
2013-08-28 20:23 - 2013-05-08 01:10 - 00770384 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100.dll
2013-08-28 20:23 - 2013-05-08 01:10 - 00421200 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp100.dll
2013-08-28 20:21 - 2013-08-28 20:21 - 01117952 _____ C:\Users\Katie\Downloads\spiritstallionofthecimarron-setup.exe
2013-08-28 18:56 - 2013-08-28 23:23 - 00000000 ____D C:\Users\Katie\Documents\MATLAB
2013-08-28 18:56 - 2013-08-28 18:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Subversion
2013-08-28 18:56 - 2013-08-28 18:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\MathWorks
2013-08-28 17:23 - 2013-08-28 17:23 - 01021100 _____ C:\Users\Katie\Downloads\02_Data_and_Expressions.zip
2013-08-28 14:17 - 2013-08-28 14:17 - 06080482 _____ C:\Users\Katie\Downloads\checkstyle-5.6-bin.zip
2013-08-28 14:15 - 2013-08-29 13:09 - 00000582 _____ C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-08-28 14:15 - 2013-08-28 14:15 - 00003760 _____ C:\windows\System32\Tasks\MATLAB R2013a Startup Accelerator
2013-08-28 13:56 - 2013-08-28 18:55 - 00000000 ____D C:\Users\Katie\.grasp_settings
2013-08-28 13:54 - 2013-08-28 14:23 - 00000000 ____D C:\Program Files\MATLAB
2013-08-23 17:10 - 2013-08-23 17:10 - 00002075 _____ C:\Users\Public\Desktop\jGRASP.lnk
2013-08-23 17:10 - 2013-08-23 17:10 - 00000000 ____D C:\Program Files\jGRASP
2013-08-23 17:09 - 2013-08-23 17:09 - 05026008 _____ C:\Users\Katie\Downloads\jgrasp200_03.exe
2013-08-23 16:59 - 2013-08-23 16:58 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-08-23 16:59 - 2013-08-23 16:58 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-08-23 16:59 - 2013-08-23 16:58 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-08-23 16:58 - 2013-08-23 16:58 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-08-23 16:58 - 2013-08-23 16:58 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-08-23 16:58 - 2013-08-23 16:58 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-08-23 16:57 - 2013-08-23 16:58 - 00000000 ____D C:\Program Files\Java
2013-08-23 16:28 - 2013-08-23 16:28 - 00000000 ___RD C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-08-16 19:11 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-16 19:11 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-16 19:11 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-16 19:11 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-16 19:11 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-16 19:11 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-16 19:11 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-16 19:11 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-16 19:11 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-16 19:11 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-16 19:11 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-16 19:11 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-16 19:11 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-16 19:11 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-16 19:11 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-16 19:11 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-16 19:11 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-16 19:11 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-16 19:11 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-08-16 19:11 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-16 19:11 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-16 19:11 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-16 19:11 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-16 19:11 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-16 19:11 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-16 19:11 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 19:10 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-16 19:10 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-16 19:10 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-16 19:10 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-16 19:10 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-16 18:59 - 2013-08-16 19:02 - 00000000 ____D C:\windows\system32\MRT
2013-08-15 17:23 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-15 17:23 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-15 17:23 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-15 17:23 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-15 17:23 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-15 17:23 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-15 17:23 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-08-15 17:23 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-08-15 17:22 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-15 17:22 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-08-15 17:22 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-15 17:22 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-08-15 17:22 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-15 17:22 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-15 17:22 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-15 17:22 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-04 19:51 - 2013-09-04 19:51 - 00000000 ____D C:\FRST
2013-09-04 16:34 - 2013-09-04 17:21 - 01950668 _____ (Farbar) C:\Users\Katie\Desktop\FRST64.exe
2013-09-04 14:14 - 2013-09-04 14:11 - 00000000 ____D C:\AdwCleaner
2013-09-04 14:06 - 2010-05-14 17:08 - 00124162 _____ C:\windows\PFRO.log
2013-09-04 13:36 - 2013-09-04 13:59 - 01037222 _____ C:\Users\Katie\Desktop\AdwCleaner.exe
2013-09-04 13:34 - 2013-09-04 13:34 - 00000000 ____D C:\_OTL
2013-09-04 12:36 - 2013-09-04 12:45 - 00602112 _____ (OldTimer Tools) C:\Users\Katie\Desktop\OTL.exe
2013-09-02 22:46 - 2013-09-01 15:29 - 00000000 ____D C:\Users\Katie\AppData\Local\NPE
2013-09-02 22:29 - 2013-09-02 00:51 - 00003102 _____ C:\Users\Katie\Desktop\Rkill.txt
2013-09-02 22:24 - 2013-09-02 22:24 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill64.exe
2013-09-02 22:20 - 2013-09-02 22:20 - 00003224 ____N C:\bootsqm.dat
2013-09-02 21:59 - 2013-09-02 21:59 - 00027256 _____ (Symantec Corporation) C:\windows\system32\Drivers\FixZeroAccess.sys
2013-09-02 21:41 - 2013-09-02 21:52 - 03651120 _____ C:\Users\Katie\Desktop\avg_remover_zeroaccess.exe
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\Users\Katie\AppData\Local\MFAData
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\Users\Katie\AppData\Local\Avg2013
2013-09-02 21:38 - 2013-09-02 21:38 - 00000000 ____D C:\ProgramData\MFAData
2013-09-02 00:57 - 2013-09-02 00:57 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Malwarebytes
2013-09-02 00:55 - 2013-09-02 00:55 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-02 00:55 - 2013-09-02 00:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-02 00:55 - 2013-09-02 00:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-02 00:48 - 2013-09-02 00:50 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Katie\Desktop\rkill.exe
2013-09-02 00:45 - 2010-12-21 13:29 - 01168147 _____ C:\windows\WindowsUpdate.log
2013-09-02 00:37 - 2013-09-02 00:37 - 00002243 _____ C:\windows\epplauncher.mif
2013-09-02 00:34 - 2010-12-21 17:57 - 00000000 ____D C:\Users\Katie\Documents\Youcam
2013-09-01 21:58 - 2013-09-01 21:54 - 00013822 _____ C:\Users\Katie\Desktop\dds.txt
2013-09-01 21:58 - 2013-09-01 21:54 - 00008786 _____ C:\Users\Katie\Desktop\attach.txt
2013-09-01 21:48 - 2013-09-01 21:48 - 00688992 ____R (Swearware) C:\Users\norton.Katie-PC\Desktop\dds.com
2013-09-01 19:21 - 2013-09-01 19:21 - 00000000 ____D C:\NBRT
2013-09-01 19:04 - 2013-09-01 19:04 - 00000000 ____D C:\NPE
2013-09-01 15:36 - 2013-09-01 15:36 - 00000000 ____D C:\Users\norton.Katie-PC\AppData\Roaming\Adobe
2013-09-01 15:32 - 2013-09-01 15:32 - 00000000 ____D C:\Users\norton.Katie-PC
2013-09-01 15:29 - 2010-05-14 16:32 - 00000000 ____D C:\ProgramData\Norton
2013-09-01 15:26 - 2013-09-02 00:25 - 02986440 _____ (Symantec Corporation) C:\Users\Katie\Desktop\NPE.exe
2013-09-01 15:26 - 2013-09-01 15:27 - 02986440 _____ (Symantec Corporation) C:\Users\norton\Desktop\NPE.exe
2013-09-01 15:23 - 2013-09-01 15:23 - 00000000 ____D C:\Users\norton\AppData\Roaming\Mozilla
2013-09-01 15:23 - 2013-09-01 15:23 - 00000000 ____D C:\Users\norton\AppData\Local\Mozilla
2013-09-01 15:22 - 2013-09-01 15:22 - 00000000 ____D C:\Users\norton
2013-08-30 15:44 - 2013-08-30 15:44 - 00000000 __SHD C:\$$PendingFiles
2013-08-30 11:30 - 2013-08-30 11:29 - 25679064 _____ C:\asdsetup.exe
2013-08-29 23:05 - 2013-08-29 23:05 - 85983232 _____ C:\windows\system32\config\SOFTWARE.bhv
2013-08-29 23:05 - 2013-08-29 23:05 - 19922944 _____ C:\windows\system32\config\SYSTEM.bhv
2013-08-29 23:05 - 2013-08-29 23:05 - 01048576 _____ C:\windows\system32\config\DEFAULT.bhv
2013-08-29 23:05 - 2013-08-29 23:05 - 00262144 _____ C:\windows\system32\config\SECURITY.bhv
2013-08-29 23:05 - 2013-08-29 23:05 - 00262144 _____ C:\windows\system32\config\SAM.bhv
2013-08-29 23:05 - 2010-12-21 13:29 - 00000000 ____D C:\Users\Katie
2013-08-29 22:10 - 2013-08-29 22:10 - 00000000 ____D C:\$Anvi Rescue Disk$
2013-08-29 16:28 - 2009-07-13 23:45 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 16:28 - 2009-07-13 23:45 - 00009920 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 16:19 - 2013-08-29 16:19 - 00000000 ____D C:\windows\pss
2013-08-29 15:30 - 2010-12-22 16:32 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-29 13:13 - 2012-11-15 03:25 - 00000000 ____D C:\ProgramData\Sendori
2013-08-29 13:12 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-29 13:12 - 2009-07-13 23:51 - 00063114 _____ C:\windows\setupact.log
2013-08-29 13:12 - 2009-07-13 23:45 - 00383584 _____ C:\windows\system32\FNTCACHE.DAT
2013-08-29 13:10 - 2013-08-29 12:58 - 00000004 _____ C:\Users\Katie\AppData\Roaming\cache.ini
2013-08-29 13:09 - 2013-08-28 14:15 - 00000582 _____ C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-08-29 12:53 - 2010-12-22 16:31 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-28 23:23 - 2013-08-28 18:56 - 00000000 ____D C:\Users\Katie\Documents\MATLAB
2013-08-28 23:07 - 2010-12-22 16:32 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 20:24 - 2013-08-28 20:24 - 00003774 _____ C:\windows\System32\Tasks\TidyNetwork Update
2013-08-28 20:24 - 2013-08-28 20:24 - 00000000 ____D C:\Users\Katie\Downloads\spiritstallionthmzip
2013-08-28 20:21 - 2013-08-28 20:21 - 01117952 _____ C:\Users\Katie\Downloads\spiritstallionofthecimarron-setup.exe
2013-08-28 18:56 - 2013-08-28 18:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Subversion
2013-08-28 18:56 - 2013-08-28 18:56 - 00000000 ____D C:\Users\Katie\AppData\Roaming\MathWorks
2013-08-28 18:55 - 2013-08-28 13:56 - 00000000 ____D C:\Users\Katie\.grasp_settings
2013-08-28 17:31 - 2013-04-14 20:01 - 00000000 ____D C:\Users\Katie\Documents\AU 2013
2013-08-28 17:23 - 2013-08-28 17:23 - 01021100 _____ C:\Users\Katie\Downloads\02_Data_and_Expressions.zip
2013-08-28 14:23 - 2013-08-28 13:54 - 00000000 ____D C:\Program Files\MATLAB
2013-08-28 14:17 - 2013-08-28 14:17 - 06080482 _____ C:\Users\Katie\Downloads\checkstyle-5.6-bin.zip
2013-08-28 14:15 - 2013-08-28 14:15 - 00003760 _____ C:\windows\System32\Tasks\MATLAB R2013a Startup Accelerator
2013-08-27 17:55 - 2010-12-22 15:36 - 00000000 ____D C:\Users\Katie\AppData\Local\CrashDumps
2013-08-25 22:06 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2013-08-25 12:36 - 2010-12-21 13:29 - 00101328 _____ C:\Users\Katie\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-24 15:13 - 2010-12-28 00:42 - 00000000 ____D C:\Users\Katie\AppData\Roaming\Skype
2013-08-23 17:10 - 2013-08-23 17:10 - 00002075 _____ C:\Users\Public\Desktop\jGRASP.lnk
2013-08-23 17:10 - 2013-08-23 17:10 - 00000000 ____D C:\Program Files\jGRASP
2013-08-23 17:09 - 2013-08-23 17:09 - 05026008 _____ C:\Users\Katie\Downloads\jgrasp200_03.exe
2013-08-23 16:58 - 2013-08-23 16:59 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll
2013-08-23 16:58 - 2013-08-23 16:59 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll
2013-08-23 16:58 - 2013-08-23 16:59 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2013-08-23 16:58 - 2013-08-23 16:58 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2013-08-23 16:58 - 2013-08-23 16:58 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe
2013-08-23 16:58 - 2013-08-23 16:58 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2013-08-23 16:58 - 2013-08-23 16:57 - 00000000 ____D C:\Program Files\Java
2013-08-23 16:28 - 2013-08-23 16:28 - 00000000 ___RD C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-08-23 16:26 - 2012-06-23 19:03 - 00000414 _____ C:\windows\Tasks\PC Optimizer Pro64 startups.job
2013-08-23 16:26 - 2010-12-21 15:41 - 00000000 ____D C:\Users\Katie\AppData\Roaming\WTablet
2013-08-16 19:05 - 2009-07-14 00:13 - 00741704 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-16 19:02 - 2013-08-16 18:59 - 00000000 ____D C:\windows\system32\MRT
2013-08-16 18:59 - 2010-12-23 00:04 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{b0ca9241-7088-efd6-d47d-015d0122b1d5}
C:\Users\Katie\AppData\Roaming\cache.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-08-25 21:56

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-09-2013
Ran by Katie at 2013-09-04 17:22:31
Running from C:\Users\Katie\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Installed Programs =======================


64 Bit HP CIO Components Installer (Version: 7.2.4)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 Plugin (x32 Version: 11.4.402.265)
Adobe Reader 9.1 (x32 Version: 9.1.0)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)
ALPS Touch Pad Driver
Apple Application Support (x32 Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
Ares 2.1.8 (x32 Version: 2.1.8-Build#3042)
Ares 3.1.7.3042 (x32 Version: 3.1.7.3042)
AuthenTec Fingerprint Software (Version: 8.6.0.26)
AutoCAD 2011 - English (Version: 18.1.49.0)
AutoCAD 2011 Language Pack - English (Version: 18.1.49.0)
AutoCAD Architecture 2011 - English (Version: 6.5.49.0)
AutoCAD Architecture 2011 Language Pack - English (Version: 18.1.49.0)
Autodesk Design Review 2011 (x32 Version: 11.0.0.86)
Autodesk Material Library 2011 (x32 Version: 2.0.0.49)
Autodesk Material Library 2011 Base Image library (x32 Version: 2.0.0.49)
Autodesk Material Library 2011 Medium Image library (x32 Version: 2.0.0.49)
Battery Utility (Version: 3.01.10.001)
Battery Utility (x32 Version: )
be Flash Player 11 ActiveX 64-bit (Version: 11.0.1.129)
Bluetooth Feature Pack 5.0 (Version: 5.0.14)
Bonjour (Version: 3.0.0.10)
CodeBlocks (HKCU Version: 12.11)
Contenta Converter PREMIUM (x32)
CyberLink MakeDisc (x32 Version: 4.0.2611)
CyberLink PowerDirector (x32 Version: 7.0.3622)
CyberLink PowerDVD 8 (x32 Version: 8.0.3228e)
CyberLink YouCam (x32 Version: 3.0.2515)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
eReg (x32 Version: 1.20.138.34)
FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)
FirstClass (x32 Version: 10.0.009)
FJ Camera (x32 Version: 5.8.52008.0)
Fujitsu Button Utilities (Version: 7.02.0902.2009)
Fujitsu Driver Update (Version: 1.3.0011)
Fujitsu Fingerprint Authentication Library (Version: 1.00.21.1)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0)
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000)
Fujitsu MobilityCenter Extension Utility (x32 Version: )
Fujitsu System Extension Utility (Version: 3.1.1.0)
Fujitsu System Extension Utility (x32)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
HP Deskjet 3050A J611 series Basic Device Software (Version: 23.0.504.0)
HP Deskjet 3050A J611 series Help (x32 Version: 140.0.2.2)
HP LaserJet Professional CP1520 Series (x32)
HPLaserJetHelp_LearnCenter (x32 Version: 1.01.0000)
hppCP1520LaserJetService (x32 Version: 001.007.00319)
hppLaserJetService (x32 Version: 002.007.00397)
hppTLBXFXCP1520 (x32 Version: 001.007.00647)
Inst5672 (Version: 7.00.02)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2025)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
iTunes (Version: 10.5.1.42)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java Auto Updater (x32 Version: 2.0.2.4)
Java SE Development Kit 7 Update 25 (64-bit) (Version: 1.7.0.250)
Java(TM) 6 Update 23 (x32 Version: 6.0.230)
jGRASP (x32 Version: 2.0.0_03)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Logitech SetPoint 6.32 (Version: 6.32.20)
Logitech Unifying Software 2.10 (Version: 2.10.37)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MATLAB R2013a Student Version (32-bit) (x32 Version: 8.1)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Download Manager (x32 Version: 1.2.1)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft PowerPoint Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Touch Pack for Windows 7 (x32 Version: 1.0.40517.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)
Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MultiClock 1.0 (x32 Version: 1.0)
MultiClock Packages (HKCU)
Norton Internet Security (x32 Version: 18.7.2.3)
O2Micro Flash Memory Card Windows Driver (Version: 3.00.0006)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.00.0006)
OmniPass (Version: 6.00.34)
OmniPass (x32 Version: )
Pen Tablet (x32 Version: 5.1.1.11)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969)
Roxio Central Copy (x32 Version: 3.8.0)
Roxio Central Core (x32 Version: 3.8.0)
Roxio Central Data (x32 Version: 3.8.0)
Roxio Central Tools (x32 Version: 3.8.0)
Roxio Creator LJ (x32 Version: 10.3)
Roxio Creator LJ (x32 Version: 10.3.271)
Security Panel (x32 Version: 2.2.0.0)
Security Panel Application (x32 Version: 2.2.0.0)
Security Panel Application for Supervisor (x32 Version: 2.2.0.0)
Security Panel for Supervisor (x32 Version: 2.2.0.0)
Sendori (x32 Version: 2.0.15)
Shock Sensor Utility (Version: 4.01.01.000)
Shock Sensor Utility (x32 Version: )
Skype Click to Call (x32 Version: 5.9.9216)
Skype™ 6.3 (x32 Version: 6.3.105)
Touch Launcher (x32 Version: V1.0L10)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VD64Inst (Version: 1.00.0000)
Virtual Earth 3D (Beta) (Version: 4.0.903.16005)
Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (04/21/2011 01.0.0.0) (Version: 04/21/2011 01.0.0.0)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)

==================== Restore Points =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0404B67B-8B61-47FE-8C7D-96C5A20FC572} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {0C01294A-610C-4DB4-AEA2-39FECCF79D12} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {2BC5E4EC-F050-4898-8D4F-16D75A59F7ED} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {31BA4902-7B8C-4D87-A8D4-58A97C02F6C9} - System32\Tasks\{C52FF2AC-06B1-4AAA-86B5-D2FAC5E6129C} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {3BE5B2A9-29A1-40D9-B663-1A568F0A5909} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2211242001-146955705-1653819127-1001
Task: {46F040DB-DC1D-4B61-9D72-CE44739E4B99} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Users\Katie\Documents\AU 2013\MATLAB\bin\win32\MATLABStartupAccelerator.exe No File
Task: {477BD4F4-E01E-4053-B9DD-E00670BBF8CE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc
Task: {796D3C1E-D241-40A2-8447-3F561006B126} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {7C5CF9BF-275F-4DB0-BA0E-AC3C1C2B8172} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-22] (Google Inc.)
Task: {7C8FE311-89E9-47E6-A4C2-221ED958CFA5} - \PC Optimizer Pro Updates No Task File
Task: {8D31AA36-E640-4238-BCD2-FFE389908BA9} - System32\Tasks\TidyNetwork Update => C:\Users\Katie\AppData\Local\TidyNetwork.com\tidy2update.exe No File
Task: {8DAE9EF5-A413-4233-A6BC-334C0CFB668B} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe No File
Task: {97033119-3569-4050-B5AD-1504188A12B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9BA80920-AF3F-4435-9A55-29FC3BC5F041} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-22] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Users\Katie\Documents\AU 2013\MATLAB\bin\win32\MATLABStartupAccelerator.exe
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/29/2013 03:29:58 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (08/29/2013 01:13:06 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (08/29/2013 01:13:05 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (08/29/2013 01:13:05 PM) (Source: TabletServicePen) (User: )
Description: Unhandled error opening USB device

Error: (08/29/2013 06:12:24 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15522

Error: (08/29/2013 06:12:24 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15522

Error: (08/29/2013 06:12:24 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/28/2013 09:14:09 PM) (Source: Application Hang) (User: )
Description: The program iTunes.exe version 10.5.1.42 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4374

Start Time: 01cea45b5cc7c46b

Termination Time: 140

Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report Id:

Error: (08/28/2013 08:23:59 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (08/28/2013 08:13:59 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1137809


System errors:
=============
Error: (09/04/2013 05:21:37 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1058

Error: (09/04/2013 05:19:45 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1058

Error: (09/04/2013 05:19:45 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1058

Error: (09/04/2013 05:19:45 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1058

Error: (09/04/2013 05:19:45 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1058

Error: (09/04/2013 05:19:45 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1058

Error: (09/04/2013 05:19:45 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1058

Error: (09/04/2013 05:19:42 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1058

Error: (09/04/2013 05:19:10 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64
discache
eeCtrl
IDSVia64
spldr
SRTSPX
SymIRON
SymNetS
Wanarpv6

Error: (09/04/2013 05:19:10 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (08/29/2013 03:29:58 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (08/29/2013 01:13:06 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (08/29/2013 01:13:05 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (08/29/2013 01:13:05 PM) (Source: TabletServicePen)(User: )
Description: Unhandled error opening USB device

Error: (08/29/2013 06:12:24 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15522

Error: (08/29/2013 06:12:24 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15522

Error: (08/29/2013 06:12:24 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/28/2013 09:14:09 PM) (Source: Application Hang)(User: )
Description: iTunes.exe10.5.1.42437401cea45b5cc7c46b140C:\Program Files (x86)\iTunes\iTunes.exe

Error: (08/28/2013 08:23:59 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (08/28/2013 08:13:59 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1137809
andrbrks
Active Member
 
Posts: 11
Joined: September 1st, 2013, 10:46 pm

Re: Interpol virus has total control

Unread postby nunped » September 5th, 2013, 10:46 am

Hi andrbrks,

I have some bad news:

Your logs show signs of a Remote Access Infection on your computer.

ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{b0ca9241-7088-efd6-d47d-015d0122b1d5}
C:\Users\Katie\AppData\Roaming\cache.ini


These indicate you are infected with ....



Please take time to carefully read THIS topic, then let me know how you want to proceed.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware