Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't remove Trojan.Zeroaccess​!inf :( [Solved]

Started by CarlM24 , Sep 23 2012 02:41 PM

  • This topic is locked This topic is locked

#1
CarlM24
Posted 23 September 2012 - 02:41 PM

CarlM24

    Member

  • Member
  • PipPip
  • 13 posts
Hi, it all started about a week ago now. I was playing Sims 3 when it suddenly shut down, I rebooted my computer and it still wouldn't run. Then the next day I started my laptop and Norton come up saying threat detected Trojan.Zeroaccess!inf. I tried to get Norton to remove it but it couldn't, and said it needs to be removed manually.

So through searching the Internet I found that it may have something to do with Services.exe.mui. I tried a few programs to help remove this threat but to no avail. Is my laptop completely broke, or is there actually a way of fixing this? I have copied and pasted my OTL report to hopefully get this fixed. Any assistance will be greatly appreciated.

P.S my little brother is a bugger for downloading and installing programs, may be this time he has well and truly broke it.

Edited by CarlM24, 23 September 2012 - 02:41 PM.

  • 0

Advertisements

#2
CarlM24
Posted 23 September 2012 - 02:42 PM

CarlM24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 23/09/2012 20:59:46 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Admin.Services-PC\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 52.36% Memory free
3.74 Gb Paging File | 2.60 Gb Available in Paging File | 69.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.00 Gb Total Space | 188.02 Gb Free Space | 82.46% Space Free | Partition Type: NTFS

Computer Name: SERVICES-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/23 20:55:03 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin.Services-PC\Desktop\otl.exe
PRC - [2012/08/29 20:17:48 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/11/16 12:32:48 | 010,310,968 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011/02/25 06:30:56 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 15:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.1.1.2\wincfi39.dll
MOD - [2012/03/06 17:31:30 | 000,431,104 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll
MOD - [2010/11/20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2010/11/20 13:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2012/09/20 23:10:09 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 20:17:48 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe -- (NIS)
SRV - [2012/04/28 21:33:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/11/16 12:32:48 | 010,310,968 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Admin\AppData\Local\Temp\ncwgoktq.sys -- (Micorsoft Windows Service)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - [2012/09/23 19:25:43 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/09/22 01:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120922.008\navex15.sys -- (NAVEX15)
DRV - [2012/09/22 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/09/22 01:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/09/22 01:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120922.008\naveng.sys -- (NAVENG)
DRV - [2012/09/21 15:30:26 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20120921.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/09/14 02:07:12 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120919.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/11 02:26:42 | 000,585,888 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\srtsp.sys -- (SRTSP)
DRV - [2012/08/08 06:18:19 | 000,926,880 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\SymEFA.sys -- (SymEFA)
DRV - [2012/08/07 19:42:43 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\ccSetx86.sys -- (ccSet_NIS)
DRV - [2012/07/28 04:25:32 | 000,368,288 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\SymDS.sys -- (SymDS)
DRV - [2012/07/28 04:05:21 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\Ironx86.sys -- (SymIRON)
DRV - [2012/07/23 02:34:24 | 000,338,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\symnets.sys -- (SymNetS)
DRV - [2012/05/25 06:36:55 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\srtspx.sys -- (SRTSPX)
DRV - [2011/04/22 13:42:24 | 001,035,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV - [2011/03/24 08:53:02 | 000,168,448 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2011/03/24 08:53:02 | 000,085,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/03/24 08:53:02 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/24 08:53:02 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/03/24 08:53:00 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/24 08:53:00 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/17 22:14:16 | 000,143,952 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzu...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin.Services-PC\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin.Services-PC\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012/09/23 19:33:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2012/09/23 20:32:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Client Gateway 4.1.16 (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\nprpspa.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\windows\system32\Wat\npWatWeb.dll
CHR - Extension: General Crawler = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: Wajam = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Radialpoint SPD Extension = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\
CHR - Extension: BitTorrentBar = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\
CHR - Extension: BitTorrentBar = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.7.1_0\
CHR - Extension: uTorrentControl2 = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D1B6462-084D-4188-8F8D-F496A0B16170}: NameServer = 88.82.13.12 88.82.13.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2036F7DB-4607-4A3F-BEA6-29A97416FC04}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AFEC012-E13A-42F4-85C3-E28990311E56}: NameServer = 88.82.13.60 88.82.13.60
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Natasha\AppData\Local\xkhmbnrn\gqyyonbe.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{51fc20f0-fd04-11e1-9555-1c659d7b5795}\Shell - "" = AutoRun
O33 - MountPoints2\{51fc20f0-fd04-11e1-9555-1c659d7b5795}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 20:55:03 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Admin.Services-PC\Desktop\otl.exe
[2012/09/23 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\FixZeroAccess
[2012/09/23 19:59:40 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\WinRAR
[2012/09/23 19:34:50 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\Documents\Symantec
[2012/09/23 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\NPE
[2012/09/23 19:25:44 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/09/23 19:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/09/23 19:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/09/23 19:22:49 | 000,926,880 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\SymEFA.sys
[2012/09/23 19:22:49 | 000,585,888 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\srtsp.sys
[2012/09/23 19:22:49 | 000,368,288 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\SymDS.sys
[2012/09/23 19:22:49 | 000,338,592 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\symnets.sys
[2012/09/23 19:22:49 | 000,175,264 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\Ironx86.sys
[2012/09/23 19:22:49 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\srtspx.sys
[2012/09/23 19:22:49 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\SymELAM.sys
[2012/09/23 19:22:48 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\ccSetx86.sys
[2012/09/23 19:22:18 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS
[2012/09/23 19:22:18 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1401010.002
[2012/09/23 19:22:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/09/23 19:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/09/23 19:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/09/23 19:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/09/23 19:16:20 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/09/23 19:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/09/23 18:52:33 | 000,000,000 | --SD | C] -- C:\Users\Admin.Services-PC\Documents\Chica Passwords
[2012/09/20 21:59:59 | 000,000,000 | ---D | C] -- C:\folder
[2012/09/20 17:21:18 | 000,000,000 | ---D | C] -- C:\Firefox
[2012/09/20 17:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/20 17:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/09/20 16:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012/09/20 01:54:21 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Adobe
[2012/09/18 14:03:51 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\ElevatedDiagnostics
[2012/09/17 20:55:10 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/09/17 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Google
[2012/09/17 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Deployment
[2012/09/17 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Apps
[2012/09/17 20:37:56 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\FLEXnet
[2012/09/17 20:32:40 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Mozilla
[2012/09/17 20:31:01 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Adobe
[2012/09/17 20:30:58 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Radialpoint
[2012/09/17 20:30:24 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Virgin Media
[2012/09/17 20:30:09 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Vodafone
[2012/09/17 20:30:02 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\{{userdatapath.company}}
[2012/09/17 20:29:44 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/17 20:29:44 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Searches
[2012/09/17 20:29:44 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/17 20:29:44 | 000,000,000 | -H-D | C] -- C:\Users\Admin.Services-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/17 20:29:34 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Identities
[2012/09/17 20:29:32 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Contacts
[2012/09/17 20:29:23 | 000,000,000 | --SD | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Videos
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Saved Games
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Pictures
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Music
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Links
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Favorites
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Downloads
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Documents
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Desktop
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\AppData\Local\Temporary Internet Files
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Templates
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Start Menu
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\SendTo
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Recent
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\PrintHood
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\NetHood
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Documents\My Videos
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Documents\My Pictures
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Documents\My Music
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\My Documents
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Local Settings
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\AppData\Local\History
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Cookies
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Application Data
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\AppData\Local\Application Data
[2012/09/17 20:29:23 | 000,000,000 | -H-D | C] -- C:\Users\Admin.Services-PC\AppData
[2012/09/17 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Temp
[2012/09/17 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Microsoft
[2012/09/17 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Media Center Programs
[2012/09/17 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Macromedia
[2012/09/13 20:21:57 | 000,017,224 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\windows\System32\roboot.exe
[2012/09/11 19:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2012/09/11 19:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone
[2012/09/03 21:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/08/31 21:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/08/31 21:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/08/26 16:14:16 | 000,168,448 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_juwwanecm.sys
[2012/08/26 16:14:14 | 000,026,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_juextctrl.sys
[2012/08/26 16:14:10 | 000,085,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jucdcacm.sys
[2012/08/26 16:13:56 | 000,072,832 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jubusenum.sys
[2012/08/26 16:13:54 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_hwusbdev.sys
[2012/08/26 16:13:52 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_usbenumfilter.sys
[2012/08/26 16:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2012/08/26 16:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

========== Files - Modified Within 30 Days ==========

[2012/09/23 21:03:03 | 000,000,932 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1489040525-1974979118-1535285479-1010UA.job
[2012/09/23 20:55:03 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin.Services-PC\Desktop\otl.exe
[2012/09/23 20:32:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/23 20:31:58 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 20:19:43 | 000,014,064 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 20:19:43 | 000,014,064 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 20:10:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/23 20:07:51 | 000,008,942 | ---- | M] () -- C:\windows\System32\drivers\NIS\1401010.002\VT20120731.038
[2012/09/23 19:26:50 | 001,383,011 | ---- | M] () -- C:\windows\System32\drivers\NIS\1401010.002\Cat.DB
[2012/09/23 19:25:43 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/09/23 19:25:43 | 000,007,446 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/09/23 19:25:43 | 000,000,806 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/09/23 19:16:23 | 000,001,304 | ---- | M] () -- C:\Users\Admin.Services-PC\Desktop\Norton Installation Files.lnk
[2012/09/23 15:01:59 | 000,000,557 | ---- | M] () -- C:\windows\System32\MyDefrag.debuglog
[2012/09/23 01:00:22 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1489040525-1974979118-1535285479-1010Core.job
[2012/09/17 20:55:17 | 000,002,439 | ---- | M] () -- C:\Users\Admin.Services-PC\Desktop\Google Chrome.lnk
[2012/09/17 20:30:17 | 000,001,419 | ---- | M] () -- C:\Users\Admin.Services-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/17 20:29:47 | 000,001,425 | ---- | M] () -- C:\Users\Admin.Services-PC\Desktop\Internet Explorer.lnk
[2012/09/14 19:52:55 | 000,639,872 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/14 19:52:55 | 000,114,364 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/08/30 06:19:20 | 000,000,172 | ---- | M] () -- C:\windows\System32\drivers\NIS\1401010.002\isolate.ini
[2012/08/27 11:46:39 | 000,435,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/08/26 16:16:29 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2012/08/26 16:16:09 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012/08/26 16:14:05 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf

========== Files Created - No Company Name ==========

[2012/09/23 20:08:21 | 000,008,942 | ---- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\VT20120731.038
[2012/09/23 19:25:58 | 001,383,011 | ---- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\Cat.DB
[2012/09/23 19:25:44 | 000,007,446 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/09/23 19:25:44 | 000,000,806 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/09/23 19:22:27 | 000,003,434 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymEFA.inf
[2012/09/23 19:22:27 | 000,002,851 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymDS.inf
[2012/09/23 19:22:27 | 000,001,440 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymNet.inf
[2012/09/23 19:22:27 | 000,001,387 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\srtspx.inf
[2012/09/23 19:22:27 | 000,001,387 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\srtsp.inf
[2012/09/23 19:22:27 | 000,000,996 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\symELAM.inf
[2012/09/23 19:22:27 | 000,000,828 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\ccSetx86.inf
[2012/09/23 19:22:27 | 000,000,737 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\Iron.inf
[2012/09/23 19:22:21 | 000,008,942 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymVTcer.dat
[2012/09/23 19:22:19 | 000,009,670 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymELAM.cat
[2012/09/23 19:22:19 | 000,007,611 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\ccsetx86.cat
[2012/09/23 19:22:19 | 000,007,601 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymNet.cat
[2012/09/23 19:22:19 | 000,007,599 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymEFA.cat
[2012/09/23 19:22:19 | 000,007,597 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\srtspx.cat
[2012/09/23 19:22:19 | 000,007,593 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymDS.cat
[2012/09/23 19:22:19 | 000,007,593 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\srtsp.cat
[2012/09/23 19:22:19 | 000,007,593 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\iron.cat
[2012/09/23 19:22:18 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\isolate.ini
[2012/09/23 19:16:20 | 000,001,304 | ---- | C] () -- C:\Users\Admin.Services-PC\Desktop\Norton Installation Files.lnk
[2012/09/23 15:01:59 | 000,000,557 | ---- | C] () -- C:\windows\System32\MyDefrag.debuglog
[2012/09/17 20:55:17 | 000,002,439 | ---- | C] () -- C:\Users\Admin.Services-PC\Desktop\Google Chrome.lnk
[2012/09/17 20:53:59 | 000,000,932 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1489040525-1974979118-1535285479-1010UA.job
[2012/09/17 20:53:58 | 000,000,880 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1489040525-1974979118-1535285479-1010Core.job
[2012/09/17 20:30:17 | 000,001,419 | ---- | C] () -- C:\Users\Admin.Services-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/17 20:29:47 | 000,001,425 | ---- | C] () -- C:\Users\Admin.Services-PC\Desktop\Internet Explorer.lnk
[2012/09/17 20:29:23 | 000,000,290 | ---- | C] () -- C:\Users\Admin.Services-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/17 20:29:23 | 000,000,272 | ---- | C] () -- C:\Users\Admin.Services-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/26 16:16:29 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2012/08/26 16:16:09 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012/08/26 16:14:05 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/07/04 10:29:56 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2012/07/04 09:32:59 | 000,069,632 | ---- | C] () -- C:\windows\System32\moveex.exe
[2012/07/03 21:40:16 | 000,057,904 | ---- | C] () -- C:\windows\System32\wbload.dll
[2012/06/07 12:14:44 | 000,102,400 | ---- | C] () -- C:\windows\RegBootClean.exe
[2012/04/28 21:01:07 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/03/24 08:50:52 | 000,226,366 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2011/11/17 06:38:39 | 000,046,080 | -HS- | M] () -- C:\Windows\Installer\{3c854dde-600f-9fad-c072-f66b11b57187}\n
[2011/11/17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{3c854dde-600f-9fad-c072-f66b11b57187}\L
[2011/11/17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{3c854dde-600f-9fad-c072-f66b11b57187}\U
[2011/11/17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Admin\AppData\Local\{3c854dde-600f-9fad-c072-f66b11b57187}\L
[2011/11/17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Admin\AppData\Local\{3c854dde-600f-9fad-c072-f66b11b57187}\U
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[2012/09/23 20:32:38 | 000,005,120 | -HS- | M] () -- C:\windows\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll\system32\wbem\wbemess.dll
"ThreadingModel" = Apartment

========== LOP Check ==========

[2012/09/23 20:01:36 | 000,000,000 | ---D | M] -- C:\Users\Admin.Services-PC\AppData\Roaming\FixZeroAccess
[2012/09/23 19:56:51 | 000,000,000 | ---D | M] -- C:\Users\Admin.Services-PC\AppData\Roaming\Radialpoint
[2012/09/17 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\Admin.Services-PC\AppData\Roaming\Virgin Media
[2012/09/17 20:30:09 | 000,000,000 | ---D | M] -- C:\Users\Admin.Services-PC\AppData\Roaming\Vodafone
[2012/09/17 20:30:02 | 000,000,000 | ---D | M] -- C:\Users\Admin.Services-PC\AppData\Roaming\{{userdatapath.company}}

========== Purity Check ==========



< End of report >
  • 0

#3
CarlM24
Posted 23 September 2012 - 02:44 PM

CarlM24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL Extras logfile created on: 23/09/2012 20:59:46 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Admin.Services-PC\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 52.36% Memory free
3.74 Gb Paging File | 2.60 Gb Available in Paging File | 69.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.00 Gb Total Space | 188.02 Gb Free Space | 82.46% Space Free | Partition Type: NTFS

Computer Name: SERVICES-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = notepad] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE4CA5AF-4A55-418C-8CB8-74435814207B}" = LogMeIn
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Origin" = Origin
"RadialpointClientGateway_is1" = Virgin Media Service Manager 4.1.16
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/09/2012 19:30:54 | Computer Name = Services-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 21/09/2012 11:17:13 | Computer Name = Services-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 22/09/2012 06:12:59 | Computer Name = Services-PC | Source = VmbService | ID = 0
Description = conflictManagerTypeValue

Error - 22/09/2012 12:17:26 | Computer Name = Services-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 22/09/2012 12:17:26 | Computer Name = Services-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 22/09/2012 12:42:28 | Computer Name = Services-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 22/09/2012 12:42:28 | Computer Name = Services-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 22/09/2012 13:51:59 | Computer Name = Services-PC | Source = VmbService | ID = 0
Description = conflictManagerTypeValue

Error - 22/09/2012 20:04:01 | Computer Name = Services-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ef8 Start
Time: 01cd990de4294d5e Termination Time: 243 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 23/09/2012 09:58:07 | Computer Name = Services-PC | Source = VmbService | ID = 0
Description = conflictManagerTypeValue

[ Media Center Events ]
Error - 13/09/2012 11:51:58 | Computer Name = Services-PC | Source = MCUpdate | ID = 0
Description = 16:51:51 - Error connecting to the internet. 16:51:51 - Unable
to contact server..

Error - 13/09/2012 14:08:10 | Computer Name = Services-PC | Source = MCUpdate | ID = 0
Description = 19:05:36 - Error connecting to the internet. 19:05:36 - Unable
to contact server..

Error - 16/09/2012 16:11:50 | Computer Name = Services-PC | Source = MCUpdate | ID = 0
Description = 21:11:50 - Error connecting to the internet. 21:11:50 - Unable
to contact server..

Error - 16/09/2012 16:12:00 | Computer Name = Services-PC | Source = MCUpdate | ID = 0
Description = 21:11:55 - Error connecting to the internet. 21:11:55 - Unable
to contact server..

Error - 16/09/2012 17:12:07 | Computer Name = Services-PC | Source = MCUpdate | ID = 0
Description = 22:12:07 - Error connecting to the internet. 22:12:07 - Unable
to contact server..

Error - 16/09/2012 17:12:17 | Computer Name = Services-PC | Source = MCUpdate | ID = 0
Description = 22:12:12 - Error connecting to the internet. 22:12:12 - Unable
to contact server..

Error - 16/09/2012 18:12:50 | Computer Name = Services-PC | Source = MCUpdate | ID = 0
Description = 23:12:49 - Error connecting to the internet. 23:12:50 - Unable
to contact server..

Error - 16/09/2012 18:13:25 | Computer Name = Services-PC | Source = MCUpdate | ID = 0
Description = 23:12:56 - Error connecting to the internet. 23:12:56 - Unable
to contact server..

Error - 16/09/2012 19:14:25 | Computer Name = Services-PC | Source = MCUpdate | ID = 0
Description = 00:14:24 - Error connecting to the internet. 00:14:24 - Unable
to contact server..

Error - 16/09/2012 19:14:43 | Computer Name = Services-PC | Source = MCUpdate | ID = 0
Description = 00:14:30 - Error connecting to the internet. 00:14:30 - Unable
to contact server..

[ System Events ]
Error - 23/09/2012 13:45:00 | Computer Name = Services-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 23/09/2012 13:46:03 | Computer Name = Services-PC | Source = Service Control Manager | ID = 7000
Description = The Trend Micro WFP Callout Driver service failed to start due to
the following error: %%2

Error - 23/09/2012 13:46:37 | Computer Name = Services-PC | Source = Service Control Manager | ID = 7000
Description = The Security Center service failed to start due to the following error:
%%1079

Error - 23/09/2012 13:47:06 | Computer Name = Services-PC | Source = Service Control Manager | ID = 7000
Description = The Security Center service failed to start due to the following error:
%%1079

Error - 23/09/2012 13:48:41 | Computer Name = Services-PC | Source = Service Control Manager | ID = 7000
Description = The Security Center service failed to start due to the following error:
%%1079

Error - 23/09/2012 13:49:09 | Computer Name = Services-PC | Source = Service Control Manager | ID = 7000
Description = The Security Center service failed to start due to the following error:
%%1079

Error - 23/09/2012 13:51:09 | Computer Name = Services-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 23/09/2012 13:51:21 | Computer Name = Services-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 23/09/2012 13:51:21 | Computer Name = Services-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 23/09/2012 13:56:34 | Computer Name = Services-PC | Source = Service Control Manager | ID = 7000
Description = The Security Center service failed to start due to the following error:
%%1079


< End of report >
  • 0

#4
Essexboy
Posted 23 September 2012 - 02:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It might be worth restricting the rights that your brother has... We will look at that at the end ;)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Admin\AppData\Local\Temp\ncwgoktq.sys -- (Micorsoft Windows Service)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzu...q={searchTerms}
O20 - HKLM Winlogon: UserInit - (C:\Users\Natasha\AppData\Local\xkhmbnrn\gqyyonbe.exe) - File not found

:Files
C:\Windows\Installer\{3c854dde-600f-9fad-c072-f66b11b57187}
C:\Users\Admin\AppData\Local\{3c854dde-600f-9fad-c072-f66b11b57187}
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#5
CarlM24
Posted 23 September 2012 - 03:45 PM

CarlM24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you for the help. The computer is running ok, still getting some errors from norton about the Trojan.Zeroaccess​!inf. Norton keeps trying to restart the laptop but I just keep pressing "ask me later". Also when ComboFix finished it asked me to erase the recyle bin drive but I done this anyway.

Here's logs as requested:

OTL logfile created on: 23/09/2012 22:07:28 - Run 2
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Admin.Services-PC\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 56.37% Memory free
3.74 Gb Paging File | 2.71 Gb Available in Paging File | 72.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 228.00 Gb Total Space | 194.82 Gb Free Space | 85.45% Space Free | Partition Type: NTFS

Computer Name: SERVICES-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/23 20:55:03 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin.Services-PC\Desktop\otl.exe
PRC - [2012/08/29 20:17:48 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe
PRC - [2011/11/16 12:32:48 | 010,310,968 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011/02/25 06:30:56 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 15:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.1.1.2\wincfi39.dll
MOD - [2010/11/20 13:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2012/09/20 23:10:09 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/29 20:17:48 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe -- (NIS)
SRV - [2012/04/28 21:33:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/11/16 12:32:48 | 010,310,968 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/29 07:47:46 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - [2012/09/23 19:25:43 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/09/22 01:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120922.008\navex15.sys -- (NAVEX15)
DRV - [2012/09/22 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/09/22 01:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/09/22 01:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120922.008\naveng.sys -- (NAVENG)
DRV - [2012/09/21 15:30:26 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20120921.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/09/14 02:07:12 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120919.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/11 02:26:42 | 000,585,888 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\srtsp.sys -- (SRTSP)
DRV - [2012/08/08 06:18:19 | 000,926,880 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\SymEFA.sys -- (SymEFA)
DRV - [2012/08/07 19:42:43 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\ccSetx86.sys -- (ccSet_NIS)
DRV - [2012/07/28 04:25:32 | 000,368,288 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\SymDS.sys -- (SymDS)
DRV - [2012/07/28 04:05:21 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\Ironx86.sys -- (SymIRON)
DRV - [2012/07/23 02:34:24 | 000,338,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\symnets.sys -- (SymNetS)
DRV - [2012/05/25 06:36:55 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\srtspx.sys -- (SRTSPX)
DRV - [2011/04/22 13:42:24 | 001,035,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV - [2011/03/24 08:53:02 | 000,168,448 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2011/03/24 08:53:02 | 000,085,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/03/24 08:53:02 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/24 08:53:02 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/03/24 08:53:00 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/24 08:53:00 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/17 22:14:16 | 000,143,952 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2009/12/01 15:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/12/26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin.Services-PC\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin.Services-PC\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012/09/23 19:33:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2012/09/23 22:00:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Client Gateway 4.1.16 (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\nprpspa.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Admin.Services-PC\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\windows\system32\Wat\npWatWeb.dll
CHR - Extension: General Crawler = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: Wajam = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Radialpoint SPD Extension = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj\1.0_0\
CHR - Extension: BitTorrentBar = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\
CHR - Extension: BitTorrentBar = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.7.1_0\
CHR - Extension: uTorrentControl2 = C:\Users\Admin.Services-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\

O1 HOSTS File: ([2012/09/23 21:49:03 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D1B6462-084D-4188-8F8D-F496A0B16170}: NameServer = 88.82.13.12 88.82.13.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2036F7DB-4607-4A3F-BEA6-29A97416FC04}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AFEC012-E13A-42F4-85C3-E28990311E56}: NameServer = 88.82.13.60 88.82.13.60
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll File not found
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{51fc20f0-fd04-11e1-9555-1c659d7b5795}\Shell - "" = AutoRun
O33 - MountPoints2\{51fc20f0-fd04-11e1-9555-1c659d7b5795}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 21:48:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/23 20:55:03 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Admin.Services-PC\Desktop\otl.exe
[2012/09/23 20:01:36 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\FixZeroAccess
[2012/09/23 19:59:40 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\WinRAR
[2012/09/23 19:34:50 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\Documents\Symantec
[2012/09/23 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\NPE
[2012/09/23 19:25:44 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/09/23 19:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/09/23 19:25:43 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/09/23 19:22:49 | 000,926,880 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\SymEFA.sys
[2012/09/23 19:22:49 | 000,585,888 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\srtsp.sys
[2012/09/23 19:22:49 | 000,368,288 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\SymDS.sys
[2012/09/23 19:22:49 | 000,338,592 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\symnets.sys
[2012/09/23 19:22:49 | 000,175,264 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\Ironx86.sys
[2012/09/23 19:22:49 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\srtspx.sys
[2012/09/23 19:22:49 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\SymELAM.sys
[2012/09/23 19:22:48 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\windows\System32\drivers\NIS\1401010.002\ccSetx86.sys
[2012/09/23 19:22:18 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS
[2012/09/23 19:22:18 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NIS\1401010.002
[2012/09/23 19:22:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/09/23 19:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/09/23 19:22:08 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/09/23 19:22:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/09/23 19:22:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/09/23 19:22:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/09/23 19:22:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/09/23 19:21:58 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/09/23 19:21:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/09/23 19:21:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/09/23 19:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/09/23 19:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/09/23 19:16:20 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/09/23 19:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/09/23 18:52:33 | 000,000,000 | --SD | C] -- C:\Users\Admin.Services-PC\Documents\Chica Passwords
[2012/09/20 21:59:59 | 000,000,000 | ---D | C] -- C:\folder
[2012/09/20 17:21:18 | 000,000,000 | ---D | C] -- C:\Firefox
[2012/09/20 17:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/20 17:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/09/20 17:10:10 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2012/09/20 17:10:10 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/09/20 17:09:48 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/20 17:09:48 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/20 16:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012/09/20 01:54:21 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Adobe
[2012/09/18 14:03:51 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\ElevatedDiagnostics
[2012/09/17 20:55:10 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/09/17 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Google
[2012/09/17 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Deployment
[2012/09/17 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Apps
[2012/09/17 20:37:56 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\FLEXnet
[2012/09/17 20:32:40 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Mozilla
[2012/09/17 20:31:01 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Adobe
[2012/09/17 20:30:58 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Radialpoint
[2012/09/17 20:30:24 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Virgin Media
[2012/09/17 20:30:09 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Vodafone
[2012/09/17 20:30:02 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\{{userdatapath.company}}
[2012/09/17 20:29:44 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/17 20:29:44 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Searches
[2012/09/17 20:29:44 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/17 20:29:44 | 000,000,000 | -H-D | C] -- C:\Users\Admin.Services-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/17 20:29:34 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Identities
[2012/09/17 20:29:32 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Contacts
[2012/09/17 20:29:23 | 000,000,000 | --SD | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Videos
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Saved Games
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Pictures
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Music
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Links
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Favorites
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Downloads
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Documents
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\Desktop
[2012/09/17 20:29:23 | 000,000,000 | R--D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\AppData\Local\Temporary Internet Files
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Templates
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Start Menu
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\SendTo
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Recent
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\PrintHood
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\NetHood
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Documents\My Videos
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Documents\My Pictures
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Documents\My Music
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\My Documents
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Local Settings
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\AppData\Local\History
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Cookies
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\Application Data
[2012/09/17 20:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Admin.Services-PC\AppData\Local\Application Data
[2012/09/17 20:29:23 | 000,000,000 | -H-D | C] -- C:\Users\Admin.Services-PC\AppData
[2012/09/17 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Temp
[2012/09/17 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Local\Microsoft
[2012/09/17 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Media Center Programs
[2012/09/17 20:29:23 | 000,000,000 | ---D | C] -- C:\Users\Admin.Services-PC\AppData\Roaming\Macromedia
[2012/09/13 20:21:57 | 000,017,224 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\windows\System32\roboot.exe
[2012/09/12 19:14:05 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys
[2012/09/12 19:14:05 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS
[2012/09/11 19:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2012/09/11 19:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone
[2012/09/03 21:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/08/31 21:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/08/31 21:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/08/31 15:10:19 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_31.dll
[2012/08/26 16:14:16 | 000,168,448 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_juwwanecm.sys
[2012/08/26 16:14:14 | 000,026,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_juextctrl.sys
[2012/08/26 16:14:10 | 000,085,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jucdcacm.sys
[2012/08/26 16:13:56 | 000,072,832 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jubusenum.sys
[2012/08/26 16:13:55 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdfcoinstaller01007.dll
[2012/08/26 16:13:54 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_hwusbdev.sys
[2012/08/26 16:13:52 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_usbenumfilter.sys
[2012/08/26 16:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2012/08/26 16:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

========== Files - Modified Within 30 Days ==========

[2012/09/23 22:10:22 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/23 22:03:04 | 000,000,932 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1489040525-1974979118-1535285479-1010UA.job
[2012/09/23 21:59:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/23 21:59:46 | 1504,354,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 21:59:00 | 000,014,064 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 21:59:00 | 000,014,064 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 21:49:03 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/09/23 20:55:03 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Admin.Services-PC\Desktop\otl.exe
[2012/09/23 20:07:51 | 000,008,942 | ---- | M] () -- C:\windows\System32\drivers\NIS\1401010.002\VT20120731.038
[2012/09/23 19:26:50 | 001,383,011 | ---- | M] () -- C:\windows\System32\drivers\NIS\1401010.002\Cat.DB
[2012/09/23 19:25:43 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012/09/23 19:25:43 | 000,007,446 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/09/23 19:25:43 | 000,000,806 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/09/23 19:16:23 | 000,001,304 | ---- | M] () -- C:\Users\Admin.Services-PC\Desktop\Norton Installation Files.lnk
[2012/09/23 15:01:59 | 000,000,557 | ---- | M] () -- C:\windows\System32\MyDefrag.debuglog
[2012/09/23 01:00:22 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1489040525-1974979118-1535285479-1010Core.job
[2012/09/20 23:10:09 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/09/20 23:10:09 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/09/20 17:09:36 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/20 17:09:36 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/17 20:55:17 | 000,002,439 | ---- | M] () -- C:\Users\Admin.Services-PC\Desktop\Google Chrome.lnk
[2012/09/17 20:30:17 | 000,001,419 | ---- | M] () -- C:\Users\Admin.Services-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/17 20:29:47 | 000,001,425 | ---- | M] () -- C:\Users\Admin.Services-PC\Desktop\Internet Explorer.lnk
[2012/09/14 19:52:55 | 000,639,872 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/14 19:52:55 | 000,114,364 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/08/30 06:19:20 | 000,000,172 | ---- | M] () -- C:\windows\System32\drivers\NIS\1401010.002\isolate.ini
[2012/08/27 11:46:39 | 000,435,504 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/08/26 16:16:29 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2012/08/26 16:16:09 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012/08/26 16:14:05 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf

========== Files Created - No Company Name ==========

[2012/09/23 20:08:21 | 000,008,942 | ---- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\VT20120731.038
[2012/09/23 19:25:58 | 001,383,011 | ---- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\Cat.DB
[2012/09/23 19:25:44 | 000,007,446 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012/09/23 19:25:44 | 000,000,806 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012/09/23 19:22:27 | 000,003,434 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymEFA.inf
[2012/09/23 19:22:27 | 000,002,851 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymDS.inf
[2012/09/23 19:22:27 | 000,001,440 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymNet.inf
[2012/09/23 19:22:27 | 000,001,387 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\srtspx.inf
[2012/09/23 19:22:27 | 000,001,387 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\srtsp.inf
[2012/09/23 19:22:27 | 000,000,996 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\symELAM.inf
[2012/09/23 19:22:27 | 000,000,828 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\ccSetx86.inf
[2012/09/23 19:22:27 | 000,000,737 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\Iron.inf
[2012/09/23 19:22:21 | 000,008,942 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymVTcer.dat
[2012/09/23 19:22:19 | 000,009,670 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymELAM.cat
[2012/09/23 19:22:19 | 000,007,611 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\ccsetx86.cat
[2012/09/23 19:22:19 | 000,007,601 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymNet.cat
[2012/09/23 19:22:19 | 000,007,599 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymEFA.cat
[2012/09/23 19:22:19 | 000,007,597 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\srtspx.cat
[2012/09/23 19:22:19 | 000,007,593 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\SymDS.cat
[2012/09/23 19:22:19 | 000,007,593 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\srtsp.cat
[2012/09/23 19:22:19 | 000,007,593 | R--- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\iron.cat
[2012/09/23 19:22:18 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NIS\1401010.002\isolate.ini
[2012/09/23 19:16:20 | 000,001,304 | ---- | C] () -- C:\Users\Admin.Services-PC\Desktop\Norton Installation Files.lnk
[2012/09/23 15:01:59 | 000,000,557 | ---- | C] () -- C:\windows\System32\MyDefrag.debuglog
[2012/09/17 20:55:17 | 000,002,439 | ---- | C] () -- C:\Users\Admin.Services-PC\Desktop\Google Chrome.lnk
[2012/09/17 20:53:59 | 000,000,932 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1489040525-1974979118-1535285479-1010UA.job
[2012/09/17 20:53:58 | 000,000,880 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1489040525-1974979118-1535285479-1010Core.job
[2012/09/17 20:30:17 | 000,001,419 | ---- | C] () -- C:\Users\Admin.Services-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/17 20:29:47 | 000,001,425 | ---- | C] () -- C:\Users\Admin.Services-PC\Desktop\Internet Explorer.lnk
[2012/09/17 20:29:23 | 000,000,290 | ---- | C] () -- C:\Users\Admin.Services-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/17 20:29:23 | 000,000,272 | ---- | C] () -- C:\Users\Admin.Services-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/26 16:16:29 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_ew_juextctrl_01007.Wdf
[2012/08/26 16:16:09 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012/08/26 16:14:05 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/07/04 10:29:56 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2012/07/04 09:32:59 | 000,069,632 | ---- | C] () -- C:\windows\System32\moveex.exe
[2012/07/03 21:40:16 | 000,057,904 | ---- | C] () -- C:\windows\System32\wbload.dll
[2012/06/07 12:14:44 | 000,102,400 | ---- | C] () -- C:\windows\RegBootClean.exe
[2012/04/28 21:01:07 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/03/24 08:50:52 | 000,226,366 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[2012/09/23 22:00:10 | 000,005,120 | -HS- | M] () -- C:\windows\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll\system32\wbem\wbemess.dll
"ThreadingModel" = Apartment

< End of report >



ComboFix 12-09-23.02 - Admin 23/09/2012 22:22:15.1.1 - x86
Running from: c:\users\Admin.Services-PC\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))))
.
.
2012-09-23 21:30 . 2012-09-23 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-23 21:30 . 2012-09-23 21:30 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-09-23 20:48 . 2012-09-23 20:48 -------- d-----w- C:\_OTL
2012-09-23 18:25 . 2012-09-23 18:25 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-09-23 18:25 . 2012-09-23 18:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-09-23 18:25 . 2012-09-23 18:25 -------- d-----w- c:\program files\Symantec
2012-09-23 18:22 . 2012-09-23 18:22 -------- d-----w- c:\windows\system32\drivers\NIS
2012-09-23 18:22 . 2012-09-23 18:22 -------- d-----w- c:\program files\Norton Internet Security
2012-09-23 18:22 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-23 18:22 . 2012-08-24 07:34 140936 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-23 18:22 . 2012-08-24 06:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-09-23 18:22 . 2012-08-24 06:48 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-23 18:22 . 2012-08-24 06:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-23 18:16 . 2012-09-23 18:34 -------- d-----w- c:\programdata\Norton
2012-09-20 20:59 . 2012-09-20 20:59 -------- d-----w- C:\folder
2012-09-20 16:21 . 2012-09-23 17:53 -------- d-----w- C:\Firefox
2012-09-20 16:11 . 2012-09-20 16:11 -------- d-----w- c:\program files\Common Files\Java
2012-09-20 16:10 . 2012-09-20 16:10 -------- d-----w- c:\program files\Oracle
2012-09-20 16:10 . 2012-07-05 21:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-20 16:09 . 2012-09-20 16:09 -------- d-----w- c:\users\Aaron\lib
2012-09-20 16:09 . 2012-09-20 16:09 -------- d-----w- c:\users\Aaron\bin
2012-09-20 15:57 . 2012-09-20 15:57 -------- d-----w- c:\program files\Paint.NET
2012-09-18 20:35 . 2012-09-18 20:36 -------- d-----w- c:\users\Natsha
2012-09-17 20:53 . 2012-09-17 20:53 2295920 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-17 20:52 . 2012-09-17 20:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-17 19:29 . 2012-09-17 19:29 -------- d-----w- c:\users\Admin.Services-PC
2012-09-17 15:47 . 2012-09-17 15:49 -------- d-----w- c:\users\Admin\AppData\Local\Akamai
2012-09-13 19:21 . 2011-11-10 09:33 17224 ----a-w- c:\windows\system32\roboot.exe
2012-09-12 18:24 . 2012-09-20 20:59 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-12 18:14 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 18:14 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 18:14 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 18:13 . 2012-09-20 20:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-12 18:13 . 2012-09-12 18:13 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-12 18:05 . 2012-09-17 17:28 -------- d-----w- c:\users\Aaron.Services-PC
2012-09-11 18:27 . 2012-09-11 18:27 -------- d-----w- c:\program files\Vodafone
2012-09-04 23:35 . 2012-09-04 23:35 -------- d-----w- c:\users\Admin\AppData\Roaming\FLEXnet
2012-09-03 21:14 . 2012-09-03 21:14 -------- d--h--r- c:\users\Admin\AppData\Roaming\SecuROM
2012-09-03 20:57 . 2012-09-03 20:57 -------- d-----w- c:\programdata\EA Core
2012-09-03 20:43 . 2012-09-03 20:43 -------- d-----w- c:\users\Admin\AppData\Local\Origin
2012-09-02 19:00 . 2012-09-02 19:00 -------- d-----w- c:\users\Admin\AppData\Roaming\Vodafone
2012-08-31 20:47 . 2012-08-31 20:47 -------- d-----w- c:\programdata\Electronic Arts
2012-08-31 14:10 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-08-26 15:14 . 2011-03-24 07:53 168448 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-08-26 15:14 . 2011-03-24 07:53 26496 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-08-26 15:14 . 2011-03-24 07:53 85760 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-08-26 15:13 . 2011-03-24 07:53 72832 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-08-26 15:13 . 2011-03-24 07:53 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-08-26 15:13 . 2011-03-24 07:53 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-08-26 15:13 . 2011-03-24 07:53 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-08-26 15:06 . 2012-08-26 15:13 -------- d-----w- c:\programdata\Vodafone
2012-08-26 15:06 . 2012-08-26 15:06 -------- d-----w- c:\programdata\FLEXnet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 22:10 . 2012-04-29 00:02 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 22:10 . 2012-04-29 00:02 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-05 23:26 . 2012-06-07 11:14 102400 ----a-w- c:\windows\RegBootClean.exe
2012-07-31 21:02 . 2011-03-28 17:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-18 17:47 . 2012-08-17 16:44 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-05 21:06 . 2012-04-28 23:26 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 21:14 . 2012-08-17 16:44 102912 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-17 16:44 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 09:29 . 2012-07-04 09:29 2560 ----a-w- c:\windows\_MSRSTRT.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1401010.002\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1401010.002\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120919.001\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1401010.002\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20120921.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1401010.002\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NIS\1401010.002\SYMNETS.SYS [x]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe [x]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [x]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 22:10]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1489040525-1974979118-1535285479-1010Core.job
- c:\users\Admin.Services-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17 19:53]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1489040525-1974979118-1535285479-1010UA.job
- c:\users\Admin.Services-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17 19:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page =
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{0D1B6462-084D-4188-8F8D-F496A0B16170}: NameServer = 88.82.13.12 88.82.13.12
TCP: Interfaces\{3AFEC012-E13A-42F4-85C3-E28990311E56}: NameServer = 88.82.13.60 88.82.13.60
.
.
------- File Associations -------
.
.txt=notepad
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Mozilla Firefox 14.0.1 (x86 en-US) - c:\program files\Mozilla Firefox\uninstall\helper.exe
AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe
AddRemove-Origin - c:\program files\Origin\OriginUninstall.exe
AddRemove-WinLiveSuite - c:\program files\Windows Live\Installer\wlarp.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.1.1.2\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{CA4520F3-AE13-4FB1-A513-58E23991C86D}"=hex:51,66,7a,6c,4c,1d,38,12,9d,23,56,
ce,21,e0,df,0a,da,05,1b,a2,3c,cf,8c,79
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:19,4c,37,9e,b5,99,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,56,2d,79,23,9e,46,46,8b,cb,ed,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,56,2d,79,23,9e,46,46,8b,cb,ed,\
.
[HKEY_USERS\S-1-5-21-1489040525-1974979118-1535285479-1000\Software\SecuROM\License information*]
"datasecu"=hex:1c,2b,f3,96,9a,46,6a,5b,37,cd,c8,4d,b0,a3,da,79,36,29,9a,bf,53,
b9,f3,f1,15,6a,03,89,7d,97,76,32,7d,ff,9e,98,f9,71,53,a0,f5,2b,50,03,c7,5f,\
"rkeysecu"=hex:a5,40,8a,46,76,27,00,a2,66,8e,6b,c1,2a,21,57,4e
.
[HKEY_USERS\S-1-5-21-1489040525-1974979118-1535285479-1008\Software\SecuROM\License information*]
"datasecu"=hex:95,09,8d,05,6b,63,7b,6f,3f,a3,55,9d,f5,d6,32,98,25,f6,0b,b4,cb,
c1,fd,9b,06,81,f3,e1,fa,c2,7d,3a,1b,da,00,8f,c6,48,f8,80,f9,52,1a,c5,8f,ae,\
"rkeysecu"=hex:4e,ac,01,e4,0a,d7,a4,d2,f9,1d,d5,72,bd,2c,dd,fb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-09-23 22:37:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-23 21:37
.
Pre-Run: 209,537,511,424 bytes free
Post-Run: 209,106,071,552 bytes free
.
- - End Of File - - 9E67B6F03B180A4FE6F00D1D388D12DF



Farbar Service Scanner Version: 19-09-2012
Ran by Admin (administrator) on 23-09-2012 at 22:40:36
Running from "C:\Users\Admin.Services-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GOBEW424"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2012-09-12 19:14] - [2012-08-22 18:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Again, thank you for the help :)!
  • 0

#6
Essexboy
Posted 24 September 2012 - 07:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A quick check for orphans now. Is Norton alerting on the quarantined files in either Qoobox ot OTL moved files ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
CarlM24
Posted 24 September 2012 - 02:40 PM

CarlM24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Norton is no longer alerting to the Trojan, but now I keep getting a pop up from Norton saying "Auto-Protect is processing security risk WS.SecurityRisk.1."

Here's the log as requested:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.24.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: SERVICES-PC [administrator]

Protection: Enabled

24/09/2012 21:23:49
mbam-log-2012-09-24 (21-23-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 265646
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Admin\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Aaron.Services-PC\Downloads\PaintDotNet_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Roaming\dclogs\2012-08-05-1.dc (Stolen.Data) -> Quarantined and deleted successfully.

(end)


Thanks again for taking your time out to help fix my laptop. It really is appreciated!
  • 0

#8
Essexboy
Posted 24 September 2012 - 03:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does Norton state what file this is related to ?

Also how is the computer behaving ?
  • 0

#9
CarlM24
Posted 24 September 2012 - 03:29 PM

CarlM24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The computer is behaving ok, alot better now than it was. I've just completed a full system scan with Norton and this is the final report. I Can post print screen if required, but doesn't really tell you anything.

Virus Defs Seq ID: 137861

Scan Statistics:
Scan Time: 2,663 seconds
Scan Targets: Entire computer
Counts:
Total items scanned: 274,074
- Files & Directories: 268,953
- Registry Entries: 296
- Processes & Start-up Items: 4,165
- Network & Browser Items: 652
- Other: 5
- Trusted Files: 2,809
- Skipped Files: 17,210

Total security risks detected: 3
Total items resolved: 1
Total items that require attention: 2

Resolved Threats:
Suspicious.Cloud.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
c:\users\admin\downloads\the sims 3 download.exe - Deleted
1 Browser Cache





Unresolved Threats:
Trojan.Zeroaccess!inf4
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Spyware
Status: Review
-----------
1 File
c:\qoobox\quarantine\c\windows\system32\services.exe.vir - Failed
1 Browser Cache



Trojan.Zeroaccess!inf
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Manual Fix Needed
-----------
1 File
c:\_otl\movedfiles\09232012_214851\c_windows\installer\{3c854dde-600f-9fad-c072-f66b11b57187}\n - Failed
1 Browser Cache
  • 0

#10
Essexboy
Posted 24 September 2012 - 03:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
c:\_otl\movedfiles\09232012_214851\c_windows\installer\{3c854dde-600f-9fad-c072-f66b11b57187}\n - Failed

Thats in quarantine so lets move it

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
Essexboy
Posted 26 September 2012 - 02:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP