TR/ATRAPS.Gen2

View previous topic View next topic Go down

TR/ATRAPS.Gen2

Post by david.sheppard.1481 on Tue 17 Jul 2012, 5:44 pm

OTL Extras logfile created on: 7/16/2012 11:58:13 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\DAVID\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.13 Gb Available Physical Memory | 78.18% Memory free
8.00 Gb Paging File | 7.06 Gb Available in Paging File | 88.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 186.85 Gb Free Space | 80.23% Space Free | Partition Type: NTFS

Computer Name: ASUS_DUAL-CORE | User Name: DAVID | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C5D136-CBB9-446F-ACBB-9F7C80728871}" = lport=138 | protocol=17 | dir=in | app=system |
"{0CD869D1-49C5-40BC-8EC2-CC5F079C9CF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D332DBD-A894-47BB-A119-A6BE97AFBF0C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1DEF776B-67F5-4EA0-9178-6CA3B60BA206}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2EF59BF7-D154-46A8-99AF-8E4491B22063}" = lport=2869 | protocol=6 | dir=in | app=system |
"{333ADF0F-4266-4CE3-8E2A-72AFDB660052}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4625E1AB-05C5-46FD-81AC-58B5B45B2856}" = rport=139 | protocol=6 | dir=out | app=system |
"{92549C85-8896-4810-8156-57D572F33E3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7E750EC-03CE-40A4-AF31-E832DA01D166}" = rport=138 | protocol=17 | dir=out | app=system |
"{B60970E9-4514-4A42-8ADC-CF45769DEA07}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B62F202C-803E-4A45-A805-73BEEB961F25}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6F67DA9-8526-4E80-A195-FEA40E11E075}" = lport=139 | protocol=6 | dir=in | app=system |
"{B936565B-6E7F-4AFA-9FBE-60506A15511A}" = rport=137 | protocol=17 | dir=out | app=system |
"{C0E38C89-FD3D-4272-B429-A7AE55B13957}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5C6D32B-2830-4665-96B7-C46D344F93FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD11F9A1-289F-476C-944F-815EAF3BD80E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E67D4542-9FDF-4744-9BD3-A36381A908ED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EA1A09A6-537B-428A-8778-4EBE86FD8503}" = lport=137 | protocol=17 | dir=in | app=system |
"{F46AEFC5-7EF0-4913-9541-D92CC0FADE0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6C12633-3A09-4118-B768-CD75CE647CE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F74CC97F-E8D4-4979-AAE1-5E3E1D897B2A}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0350A3F4-5CA6-4A87-B0C4-F96F4DA1B403}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{06E0CFF8-9A0D-42BC-940B-0E7435ED6F44}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1164C56B-DF67-4D68-8EEB-536B237854F0}" = protocol=6 | dir=out | app=system |
"{1FDEC630-0270-49B7-9E3D-1AF6BCEA9D4B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3D63F978-D025-4911-86B4-0281754DF46D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D832E20-272D-4BB4-9E07-40C2D549E27A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E1D5B8D-CB01-4233-BB1C-19060B7CD00A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EE2C4F3-C166-4064-8521-F9F96853E59A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50235FB5-F37D-421A-BC6D-D48629154FA0}" = protocol=6 | dir=in | app=c:\program files (x86)\lock poker\pokerclient.exe |
"{5120396A-C5FD-4CB3-A171-747CDEB8979E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{57A23856-83B4-4E03-9B59-84F1BA94C7F6}" = protocol=17 | dir=in | app=c:\program files (x86)\lock poker\pokerclient.exe |
"{5DC7A44C-8050-44B6-8E59-CDED186556C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63224710-9792-419D-9DCD-CC76BD785A2C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6856D280-169F-44E8-9347-271776EF9C20}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{69A0B57B-06EE-4DE2-AAEF-1FC4513C23CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{77BA0DC1-0CBC-4192-893F-11E002B185BE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A3FCC318-F961-4C67-899D-70BF165F0666}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{C87BCBE0-1E3E-4045-85BC-07D812B350A3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C99567F6-694F-4295-9724-98654A01AFAA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{DFC00CD5-A3D0-4759-A14B-7F0B594DBDE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2055465-7DED-4ED5-BA72-3336EEC78876}" = protocol=58 | dir=in | app=system |
"{EB702C00-1F70-46D5-8404-69DC56A299C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2DF3994-5194-4800-A27E-476741732F36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F6BCA7A6-B6D5-49D6-A375-080408E1C561}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{FA679DFE-7C0F-4B5E-9240-F5F1A74F6CC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA77DB38-49AF-475D-965B-2B32B4DF54C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB067399-C246-4C83-909F-ADE3B2DC233D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{430F6233-B83B-46B5-84DA-7BF047E63CAB}C:\users\david\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{9B46014E-0D65-42F6-83FF-F4B2BA949B3C}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe |
"TCP Query User{F56A26BE-1270-4C7D-94FB-9D39C007E503}C:\users\david\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{633E0C1A-5E82-47DA-B991-7668B6CF5BA0}C:\users\david\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{7D087458-A331-4971-AEB5-F16F1FB0F228}C:\users\david\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{7DD6475D-33E1-4D10-87DE-C06086E87BE2}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HDMI" = Intel(R) Graphics Media Accelerator Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0f6a4080-a890-4d08-873f-ca211f828a6c}" = Cool Cat Casino
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}" = WorldWinner Games
"{3BB33344-3179-49A4-B6EB-22D2A390764D}" = HP Webcam User's Guide
"{41B44041-D45D-41EB-A1EF-A12BB5C6996B}" = ArcSoft Magic-i Visual Effects 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{740ed830-8014-4714-abc4-dd98b8549419}" = Virtual Casino
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8b250990-e347-403b-834e-6073f512efe7}" = Cirrus Casino
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{94406bd7-d0fc-45b2-9a59-e3f58f869397}" = Planet7 Casino
"{a29a4380-8992-43f5-b9f2-792309a08e6e}" = HighNoon Casino
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{c7026669-c53b-4ae4-85a3-56d7ca426744}" = CatsEye Casino
"{cd18be10-99c1-4a70-ad3a-3ca88606edb8}" = Club Player Casino
"{e264d6fa-ba78-4c53-96a6-7c899c09f129}" = Free Spin
"{E92E462A-700D-4949-B24B-789AEDDA3B88}" = ArcSoft ShowBiz
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFEFD86B-5D4F-4A2D-8D4E-ECD7D9AD925E}" = ArcSoft WebCam Companion 3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bejeweled 31.0" = Bejeweled 3
"Blackdiamond" = Black Diamond
"ENTERPRISE" = Microsoft Office Enterprise 2007
"foobar2000" = foobar2000 v1.1.11
"InstallShield_{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
"Lock Poker" = Lock Poker
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars.net" = PokerStars.net
"Red Light Center 3D Client" = Red Light Center 3D Client
"Updater Service" = Updater Service
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CF1AA97-47BC-41D8-B8DF-EE79C86B1573}" = Treasure Island Jackpots
"{88458270-ef4a-11e0-be50-0800200c9a66}" = Atlantis Gold Casino
"Google Chrome" = Google Chrome
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/16/2012 2:36:18 AM | Computer Name = ASUS_DUAL-CORE | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x7572c9f1 Faulting process id: 0x15c8 Faulting application
start time: 0x01cd631d4ea183c4 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 8c534e64-cf10-11e1-8d68-001e2a3a61b9

Error - 7/16/2012 2:36:37 AM | Computer Name = ASUS_DUAL-CORE | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x7572c9f1 Faulting process id: 0x4634 Faulting application
start time: 0x01cd631d59d4f362 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 97853763-cf10-11e1-8d68-001e2a3a61b9

Error - 7/16/2012 2:37:19 AM | Computer Name = ASUS_DUAL-CORE | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x7572c9f1 Faulting process id: 0x2c84 Faulting application
start time: 0x01cd631d727c9b09 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: b02cdf09-cf10-11e1-8d68-001e2a3a61b9

Error - 7/16/2012 2:47:58 AM | Computer Name = ASUS_DUAL-CORE | Source = WinMgmt | ID = 10
Description =

Error - 7/16/2012 3:03:05 AM | Computer Name = ASUS_DUAL-CORE | Source = Avira Antivirus | ID = 4109
Description = The engine file has been modified or destroyed! Returned error code:
0x9

Error - 7/16/2012 3:03:11 AM | Computer Name = ASUS_DUAL-CORE | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/16/2012 3:04:33 AM | Computer Name = ASUS_DUAL-CORE | Source = WinMgmt | ID = 10
Description =

Error - 7/16/2012 11:41:45 PM | Computer Name = ASUS_DUAL-CORE | Source = Avira Antivirus | ID = 4109
Description = The engine file has been modified or destroyed! Returned error code:
0x9

Error - 7/16/2012 11:42:26 PM | Computer Name = ASUS_DUAL-CORE | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/16/2012 11:43:20 PM | Computer Name = ASUS_DUAL-CORE | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/8/2012 4:44:55 AM | Computer Name = ASUS_DUAL-CORE | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2688338).

Error - 7/8/2012 4:44:59 AM | Computer Name = ASUS_DUAL-CORE | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2660649).

Error - 7/8/2012 4:44:59 AM | Computer Name = ASUS_DUAL-CORE | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2644615).

Error - 7/8/2012 5:37:08 AM | Computer Name = ASUS_DUAL-CORE | Source = DCOM | ID = 10005
Description =

Error - 7/8/2012 5:37:08 AM | Computer Name = ASUS_DUAL-CORE | Source = Service Control Manager | ID = 7000
Description = The Windows Activation Technologies Service service failed to start
due to the following error: %%5

Error - 7/8/2012 6:59:03 PM | Computer Name = ASUS_DUAL-CORE | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:45:54 AM on ?7/?8/?2012 was unexpected.

Error - 7/16/2012 2:48:01 AM | Computer Name = ASUS_DUAL-CORE | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/16/2012 2:48:01 AM | Computer Name = ASUS_DUAL-CORE | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/16/2012 3:03:05 AM | Computer Name = ASUS_DUAL-CORE | Source = Service Control Manager | ID = 7024
Description = The Avira Realtime Protection service terminated with service-specific
error %%306.

Error - 7/16/2012 11:41:45 PM | Computer Name = ASUS_DUAL-CORE | Source = Service Control Manager | ID = 7024
Description = The Avira Realtime Protection service terminated with service-specific
error %%306.


< End of report >




OTL Extras logfile created on: 7/16/2012 11:58:13 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\DAVID\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.13 Gb Available Physical Memory | 78.18% Memory free
8.00 Gb Paging File | 7.06 Gb Available in Paging File | 88.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 186.85 Gb Free Space | 80.23% Space Free | Partition Type: NTFS

Computer Name: ASUS_DUAL-CORE | User Name: DAVID | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C5D136-CBB9-446F-ACBB-9F7C80728871}" = lport=138 | protocol=17 | dir=in | app=system |
"{0CD869D1-49C5-40BC-8EC2-CC5F079C9CF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D332DBD-A894-47BB-A119-A6BE97AFBF0C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1DEF776B-67F5-4EA0-9178-6CA3B60BA206}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2EF59BF7-D154-46A8-99AF-8E4491B22063}" = lport=2869 | protocol=6 | dir=in | app=system |
"{333ADF0F-4266-4CE3-8E2A-72AFDB660052}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4625E1AB-05C5-46FD-81AC-58B5B45B2856}" = rport=139 | protocol=6 | dir=out | app=system |
"{92549C85-8896-4810-8156-57D572F33E3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7E750EC-03CE-40A4-AF31-E832DA01D166}" = rport=138 | protocol=17 | dir=out | app=system |
"{B60970E9-4514-4A42-8ADC-CF45769DEA07}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B62F202C-803E-4A45-A805-73BEEB961F25}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6F67DA9-8526-4E80-A195-FEA40E11E075}" = lport=139 | protocol=6 | dir=in | app=system |
"{B936565B-6E7F-4AFA-9FBE-60506A15511A}" = rport=137 | protocol=17 | dir=out | app=system |
"{C0E38C89-FD3D-4272-B429-A7AE55B13957}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5C6D32B-2830-4665-96B7-C46D344F93FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD11F9A1-289F-476C-944F-815EAF3BD80E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E67D4542-9FDF-4744-9BD3-A36381A908ED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EA1A09A6-537B-428A-8778-4EBE86FD8503}" = lport=137 | protocol=17 | dir=in | app=system |
"{F46AEFC5-7EF0-4913-9541-D92CC0FADE0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6C12633-3A09-4118-B768-CD75CE647CE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F74CC97F-E8D4-4979-AAE1-5E3E1D897B2A}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0350A3F4-5CA6-4A87-B0C4-F96F4DA1B403}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{06E0CFF8-9A0D-42BC-940B-0E7435ED6F44}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1164C56B-DF67-4D68-8EEB-536B237854F0}" = protocol=6 | dir=out | app=system |
"{1FDEC630-0270-49B7-9E3D-1AF6BCEA9D4B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3D63F978-D025-4911-86B4-0281754DF46D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D832E20-272D-4BB4-9E07-40C2D549E27A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E1D5B8D-CB01-4233-BB1C-19060B7CD00A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EE2C4F3-C166-4064-8521-F9F96853E59A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50235FB5-F37D-421A-BC6D-D48629154FA0}" = protocol=6 | dir=in | app=c:\program files (x86)\lock poker\pokerclient.exe |
"{5120396A-C5FD-4CB3-A171-747CDEB8979E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{57A23856-83B4-4E03-9B59-84F1BA94C7F6}" = protocol=17 | dir=in | app=c:\program files (x86)\lock poker\pokerclient.exe |
"{5DC7A44C-8050-44B6-8E59-CDED186556C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63224710-9792-419D-9DCD-CC76BD785A2C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6856D280-169F-44E8-9347-271776EF9C20}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{69A0B57B-06EE-4DE2-AAEF-1FC4513C23CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{77BA0DC1-0CBC-4192-893F-11E002B185BE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A3FCC318-F961-4C67-899D-70BF165F0666}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{C87BCBE0-1E3E-4045-85BC-07D812B350A3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C99567F6-694F-4295-9724-98654A01AFAA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{DFC00CD5-A3D0-4759-A14B-7F0B594DBDE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2055465-7DED-4ED5-BA72-3336EEC78876}" = protocol=58 | dir=in | app=system |
"{EB702C00-1F70-46D5-8404-69DC56A299C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2DF3994-5194-4800-A27E-476741732F36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F6BCA7A6-B6D5-49D6-A375-080408E1C561}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{FA679DFE-7C0F-4B5E-9240-F5F1A74F6CC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA77DB38-49AF-475D-965B-2B32B4DF54C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB067399-C246-4C83-909F-ADE3B2DC233D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{430F6233-B83B-46B5-84DA-7BF047E63CAB}C:\users\david\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{9B46014E-0D65-42F6-83FF-F4B2BA949B3C}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe |
"TCP Query User{F56A26BE-1270-4C7D-94FB-9D39C007E503}C:\users\david\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{633E0C1A-5E82-47DA-B991-7668B6CF5BA0}C:\users\david\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{7D087458-A331-4971-AEB5-F16F1FB0F228}C:\users\david\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{7DD6475D-33E1-4D10-87DE-C06086E87BE2}C:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utherverse digital inc\utherverse vww client\utherverse.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HDMI" = Intel(R) Graphics Media Accelerator Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0f6a4080-a890-4d08-873f-ca211f828a6c}" = Cool Cat Casino
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}" = WorldWinner Games
"{3BB33344-3179-49A4-B6EB-22D2A390764D}" = HP Webcam User's Guide
"{41B44041-D45D-41EB-A1EF-A12BB5C6996B}" = ArcSoft Magic-i Visual Effects 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{740ed830-8014-4714-abc4-dd98b8549419}" = Virtual Casino
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8b250990-e347-403b-834e-6073f512efe7}" = Cirrus Casino
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{94406bd7-d0fc-45b2-9a59-e3f58f869397}" = Planet7 Casino
"{a29a4380-8992-43f5-b9f2-792309a08e6e}" = HighNoon Casino
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{c7026669-c53b-4ae4-85a3-56d7ca426744}" = CatsEye Casino
"{cd18be10-99c1-4a70-ad3a-3ca88606edb8}" = Club Player Casino
"{e264d6fa-ba78-4c53-96a6-7c899c09f129}" = Free Spin
"{E92E462A-700D-4949-B24B-789AEDDA3B88}" = ArcSoft ShowBiz
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFEFD86B-5D4F-4A2D-8D4E-ECD7D9AD925E}" = ArcSoft WebCam Companion 3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bejeweled 31.0" = Bejeweled 3
"Blackdiamond" = Black Diamond
"ENTERPRISE" = Microsoft Office Enterprise 2007
"foobar2000" = foobar2000 v1.1.11
"InstallShield_{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
"Lock Poker" = Lock Poker
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars.net" = PokerStars.net
"Red Light Center 3D Client" = Red Light Center 3D Client
"Updater Service" = Updater Service
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CF1AA97-47BC-41D8-B8DF-EE79C86B1573}" = Treasure Island Jackpots
"{88458270-ef4a-11e0-be50-0800200c9a66}" = Atlantis Gold Casino
"Google Chrome" = Google Chrome
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/16/2012 2:36:18 AM | Computer Name = ASUS_DUAL-CORE | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x7572c9f1 Faulting process id: 0x15c8 Faulting application
start time: 0x01cd631d4ea183c4 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 8c534e64-cf10-11e1-8d68-001e2a3a61b9

Error - 7/16/2012 2:36:37 AM | Computer Name = ASUS_DUAL-CORE | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x7572c9f1 Faulting process id: 0x4634 Faulting application
start time: 0x01cd631d59d4f362 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: 97853763-cf10-11e1-8d68-001e2a3a61b9

Error - 7/16/2012 2:37:19 AM | Computer Name = ASUS_DUAL-CORE | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x7572c9f1 Faulting process id: 0x2c84 Faulting application
start time: 0x01cd631d727c9b09 Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting
module path: unknown Report Id: b02cdf09-cf10-11e1-8d68-001e2a3a61b9

Error - 7/16/2012 2:47:58 AM | Computer Name = ASUS_DUAL-CORE | Source = WinMgmt | ID = 10
Description =

Error - 7/16/2012 3:03:05 AM | Computer Name = ASUS_DUAL-CORE | Source = Avira Antivirus | ID = 4109
Description = The engine file has been modified or destroyed! Returned error code:
0x9

Error - 7/16/2012 3:03:11 AM | Computer Name = ASUS_DUAL-CORE | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/16/2012 3:04:33 AM | Computer Name = ASUS_DUAL-CORE | Source = WinMgmt | ID = 10
Description =

Error - 7/16/2012 11:41:45 PM | Computer Name = ASUS_DUAL-CORE | Source = Avira Antivirus | ID = 4109
Description = The engine file has been modified or destroyed! Returned error code:
0x9

Error - 7/16/2012 11:42:26 PM | Computer Name = ASUS_DUAL-CORE | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 7/16/2012 11:43:20 PM | Computer Name = ASUS_DUAL-CORE | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/8/2012 4:44:55 AM | Computer Name = ASUS_DUAL-CORE | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2688338).

Error - 7/8/2012 4:44:59 AM | Computer Name = ASUS_DUAL-CORE | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2660649).

Error - 7/8/2012 4:44:59 AM | Computer Name = ASUS_DUAL-CORE | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2644615).

Error - 7/8/2012 5:37:08 AM | Computer Name = ASUS_DUAL-CORE | Source = DCOM | ID = 10005
Description =

Error - 7/8/2012 5:37:08 AM | Computer Name = ASUS_DUAL-CORE | Source = Service Control Manager | ID = 7000
Description = The Windows Activation Technologies Service service failed to start
due to the following error: %%5

Error - 7/8/2012 6:59:03 PM | Computer Name = ASUS_DUAL-CORE | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:45:54 AM on ?7/?8/?2012 was unexpected.

Error - 7/16/2012 2:48:01 AM | Computer Name = ASUS_DUAL-CORE | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/16/2012 2:48:01 AM | Computer Name = ASUS_DUAL-CORE | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/16/2012 3:03:05 AM | Computer Name = ASUS_DUAL-CORE | Source = Service Control Manager | ID = 7024
Description = The Avira Realtime Protection service terminated with service-specific
error %%306.

Error - 7/16/2012 11:41:45 PM | Computer Name = ASUS_DUAL-CORE | Source = Service Control Manager | ID = 7024
Description = The Avira Realtime Protection service terminated with service-specific
error %%306.


< End of report >



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-17 01:21:26
-----------------------------
01:21:26.337 OS Version: Windows x64 6.1.7601 Service Pack 1
01:21:26.337 Number of processors: 2 586 0x404
01:21:26.338 ComputerName: ASUS_DUAL-CORE UserName: DAVID
01:21:27.482 Initialize success
01:21:48.344 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:21:48.344 Disk 0 Vendor: ST3250310AS 3.AAC Size: 238474MB BusType: 3
01:21:48.360 Disk 0 MBR read successfully
01:21:48.360 Disk 0 MBR scan
01:21:48.375 Disk 0 Windows 7 default MBR code
01:21:48.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 2048
01:21:48.391 Disk 0 scanning C:\Windows\system32\drivers
01:21:52.962 Service scanning
01:22:03.788 Modules scanning
01:22:03.788 Disk 0 trace - called modules:
01:22:03.804 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
01:22:03.804 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048e25d0]
01:22:03.819 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80043b5580]
01:22:03.819 5 ACPI.sys[fffff88000ee87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80043b7060]
01:22:04.334 Scan finished successfully
01:23:39.357 Disk 0 MBR has been saved successfully to "C:\Users\DAVID\Desktop\MBR.dat"
01:23:39.364 The log file has been saved successfully to "C:\Users\DAVID\Desktop\aswMBR.txt"


david.sheppard.1481

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2012-07-17
Operating System : windows 7 professional

View user profile

Back to top Go down

Re: TR/ATRAPS.Gen2

Post by DragonMaster Jay on Tue 17 Jul 2012, 9:24 pm

Hi! Please do these steps in order.

1. Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


2. Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

3. Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


4. Post the following in your next reply:
  • MBAM log
  • ESET log

And, please tell me how your computer is doing.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: TR/ATRAPS.Gen2

Post by david.sheppard.1481 on Sat 21 Jul 2012, 5:38 pm

Ok, I was finally able to get time and complete these steps...I wasn't aware that some of the boxes might not be checked after MB scan, so after the first ones were fixed, I re-scanned and checked the rest. If this was wrong, then I'll re-do entire step if need be.


MBAM log...


Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.07.21.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
DAVID :: ASUS_DUAL-CORE [administrator]

7/20/2012 10:43:14 PM
mbam-log-2012-07-20 (22-43-14).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322155
Time elapsed: 31 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{dedbb410-30bd-5eb4-8555-c0ee0936e592} (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\Installr (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> No action taken.

Files Detected: 10
C:\Users\DAVID\Downloads\musicoasis.exe (PUP.BundleOffers.IIQ) -> No action taken.
C:\Program Files (x86)\CatsEye Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Cirrus Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Club Player Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Cool Cat Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Free Spin\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\HighNoon Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Planet7 Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Virtual Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Windows\Setup\scripts\faXcooL.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.

(end)


2nd MBAM log...


Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.07.21.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
DAVID :: ASUS_DUAL-CORE [administrator]

7/20/2012 11:37:43 PM
mbam-log-2012-07-20 (23-37-43).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322113
Time elapsed: 26 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Users\DAVID\Downloads\musicoasis.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)


ESET log...


ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3d77a46def2d4f42854d5ef0f8c8417e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-21 06:24:27
# local_time=2012-07-21 01:24:27 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 82 0 94392996 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=107007
# found=19
# cleaned=19
# scan_time=2321
C:\Users\DAVID\Downloads\1500free.exe a variant of Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\7Sultans.exe a variant of Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\AllSlots.exe probably a variant of Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\CasinoTitan.exe Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\CatsEyeCasinoInstaller.exe Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\CirrusCasinoInstaller.exe Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\ClassyCoin.exe Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\ClubWorld.exe Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\CoolCatCasinoInstaller.exe Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\DesertNights-Setup.exe Win32/RubyRoyal application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\HighNoon.exe Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\MalibuClub-Setup_bt(596961).exe Win32/RubyRoyal application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\PageRage.exe a variant of Win32/KBM application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\PlatinumPlay.exe a variant of Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\RingMasterCasinoInstaller.exe Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\RoyalVegas.exe a variant of Win32/PrimeCasino application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\setup.exe Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\SilverOakInstaller.exe Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\DAVID\Downloads\SlotsvilleCasino.exe Win32/CasOnline application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

david.sheppard.1481

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2012-07-17
Operating System : windows 7 professional

View user profile

Back to top Go down

Re: TR/ATRAPS.Gen2

Post by DragonMaster Jay on Sun 22 Jul 2012, 3:43 am

Scan with Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: TR/ATRAPS.Gen2

Post by david.sheppard.1481 on Sun 22 Jul 2012, 6:29 am

Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.07.21.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
DAVID :: ASUS_DUAL-CORE [administrator]

7/21/2012 2:26:45 PM
mbam-log-2012-07-21 (14-26-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224132
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

david.sheppard.1481

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2012-07-17
Operating System : windows 7 professional

View user profile

Back to top Go down

Re: TR/ATRAPS.Gen2

Post by DragonMaster Jay on Mon 23 Jul 2012, 9:46 am

Good! What other issues are you experiencing?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: TR/ATRAPS.Gen2

Post by david.sheppard.1481 on Tue 24 Jul 2012, 7:54 am

I absolutely have no issue against donations, but the issue that led me to realizing a problem is still happening. Windows media player has stopped burning mp3 files. A box appears stating that Windows has encountered an error, and says for explanation to click on icon in burn list...There's never an icon there to check however.

david.sheppard.1481

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2012-07-17
Operating System : windows 7 professional

View user profile

Back to top Go down

Re: TR/ATRAPS.Gen2

Post by DragonMaster Jay on Tue 24 Jul 2012, 8:40 pm

What type of CD/DVD drive do you have? (Make/model)


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: TR/ATRAPS.Gen2

Post by david.sheppard.1481 on Fri 27 Jul 2012, 9:13 pm

I apologize, I'm so glad I took another look. I missed you asking the drive I had, and only seen the donation link again. I had the computer built for me, and all I see is....ATAPliHAS124 B ATA Device, then below under device properties it says....standard c-d rom drives

david.sheppard.1481

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2012-07-17
Operating System : windows 7 professional

View user profile

Back to top Go down

Re: TR/ATRAPS.Gen2

Post by DragonMaster Jay on Sun 29 Jul 2012, 5:17 am

Please run the smartpack so it can download and install the new firmware: [You must be registered and logged in to see this link.]

This should solve the issue of burning...


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: TR/ATRAPS.Gen2

Post by Sponsored content Today at 2:55 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum