Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 BIGBOYTERP

BIGBOYTERP

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 09 July 2011 - 06:38 AM

I was told to post my logs here.
I thank I run a 64-bit so I could not run the GMER log.


.
DDS (Ver_2011-06-23.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by kingterp at 3:24:50 on 2011-07-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.2370 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uStart Page = hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
uSearch Bar = Preserve
mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - C:\Program Files (x86)\NetZero\qsacc\X1IEBHO.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DepositFiles IE BHO: {9dfe2fe9-cf99-4adf-a28e-9b5adb8dc74f} - C:\PROGRA~2\DEPOSI~1\DFMANA~1\DEPOSI~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - C:\Program Files (x86)\NetZero\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Deposit IE Toolbar: {6aa40521-14e7-4b1d-b1b4-98528c1388c9} - C:\PROGRA~2\DEPOSI~1\DFMANA~1\DEPOSI~1.DLL
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [NetZero_uoltray] C:\Program Files (x86)\NetZero\exec.exe regrun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [DF Manager] C:\Program Files (x86)\DepositFiles\DF Manager\dfmanager.exe -minimize
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun: [FinePointSIS] C:\Users\kingterp\AppData\Local\Temp\fplicensereg.exe Zhimakaimen /FinePointSIS /FPSIS_QuitNow /Remove_All
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\Users\kingterp\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\kingterp\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\kingterp\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~2.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {D5AD327A-A089-4F04-89FD-4EA9812B3913} - {D5AD327A-A089-4F04-89FD-4EA9812B3913} - C:\PROGRA~2\DEPOSI~1\DFMANA~1\DEPOSI~1.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{041E646A-1D92-4504-8EC7-A6E7E457D604} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D3FA927B-137C-409C-AB78-6E054E107420} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D3FA927B-137C-409C-AB78-6E054E107420}\24563747245797 : DhcpNameServer = 168.94.0.15 168.94.0.14
TCP: Interfaces\{D3FA927B-137C-409C-AB78-6E054E107420}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{D3FA927B-137C-409C-AB78-6E054E107420}\B496F637B6 : DhcpNameServer = 65.111.80.1 65.111.80.9 216.138.97.246 216.138.119.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Pop-up Blocker: {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files (x86)\NetZero\qsacc\X1IEBHO.dll
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
BHO-X64: ooVoo Toolbar - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: DepositFiles IE BHO: {9DFE2FE9-CF99-4ADF-A28E-9B5ADB8DC74F} - C:\PROGRA~2\DEPOSI~1\DFMANA~1\DEPOSI~1.DLL
BHO-X64: DepositFiles.com BHO - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: ZeroBar: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files (x86)\NetZero\Toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Deposit IE Toolbar: {6AA40521-14E7-4B1D-B1B4-98528C1388C9} - C:\PROGRA~2\DEPOSI~1\DFMANA~1\DEPOSI~1.DLL
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun-x64: [FinePointSIS] C:\Users\kingterp\AppData\Local\Temp\fplicensereg.exe Zhimakaimen /FinePointSIS /FPSIS_QuitNow /Remove_All
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kingterp\AppData\Roaming\Mozilla\Firefox\Profiles\qeo72d8f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110627,16900,0,15,0
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z015&form=ZGAADF&q=
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{10289AD8-241D-406C-8168-6508B4D257D6}\components\IDfXpCom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\Users\kingterp\AppData\Roaming\Mozilla\Firefox\Profiles\qeo72d8f.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency.dll
FF - component: C:\Users\kingterp\AppData\Roaming\Mozilla\Firefox\Profiles\qeo72d8f.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency3.5.dll
FF - component: C:\Users\kingterp\AppData\Roaming\Mozilla\Firefox\Profiles\qeo72d8f.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency3.6.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: <em:name >Depositfiles plugin: {10289AD8-241D-406C-8168-6508B4D257D6} - C:\Program Files (x86)\Mozilla Firefox\extensions\{10289AD8-241D-406C-8168-6508B4D257D6}
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: PopupMaster: {35106bca-6c78-48c7-ac28-56df30b51d2d} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: NoRedirect: {c1970c0d-dbe6-4d91-804f-c9c0de643a57} - %profile%\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Zoom toolbar: {FBFB7597-9E32-46b4-A500-8B6B0412777F} - %profile%\extensions\{FBFB7597-9E32-46b4-A500-8B6B0412777F}
FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - C:\Users\kingterp\AppData\Roaming\NetAssistant
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\BHDrvx64.sys [?]
S1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008000.029\ccHPx64.sys [?]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSviA64.sys [2010-1-19 466992]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-1-5 9968]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 74480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-14 135664]
S2 lxcy_device;lxcy_device;C:\Windows\system32\lxcycoms.exe -service --> C:\Windows\system32\lxcycoms.exe -service [?]
S2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]
S2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-2-2 117640]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-16 648432]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-14 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 7408]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
.
=============== Created Last 30 ================
.
2011-07-14 02:48:06 -------- d-----w- C:\Program Files (x86)\ESET
2011-07-13 19:20:07 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-13 19:20:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-13 00:35:00 -------- d-----w- C:\Users\kingterp\AppData\Roaming\FreeFileViewer
2011-07-04 01:35:04 201728 --sha-r- C:\Windows\SysWow64\winrma.dll
2011-07-03 20:52:40 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2011-07-03 20:52:39 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-07-03 19:41:48 -------- d-----w- C:\Program Files\iTunes
2011-07-03 19:41:48 -------- d-----w- C:\Program Files\iPod
2011-07-03 19:41:48 -------- d-----w- C:\Program Files (x86)\iTunes
2011-07-01 06:07:48 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F1190E99-015E-4800-B9AC-1970668A9C37}\mpengine.dll
2011-06-28 23:09:08 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-06-28 23:09:08 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-06-28 23:09:08 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-06-28 23:09:08 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-06-28 23:09:08 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-06-27 22:57:50 -------- d-----w- C:\Program Files (x86)\FreeFileViewer
2011-06-26 20:15:32 -------- d-----w- C:\Users\kingterp\AppData\Roaming\FinalTorrent
2011-06-26 20:14:39 -------- d-----w- C:\Program Files (x86)\File Type Assistant
2011-06-26 20:14:32 -------- d-----w- C:\Program Files (x86)\FinalTorrent
2011-06-26 20:14:09 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2011-06-26 20:14:07 -------- d-----w- C:\ProgramData\W3i
2011-06-26 20:14:07 -------- d-----w- C:\Program Files (x86)\W3i
2011-06-26 20:14:04 -------- d-----w- C:\Users\kingterp\AppData\Roaming\NetAssistant
2011-06-26 05:49:11 -------- d-----w- C:\Depositfiles
2011-06-26 05:40:21 52224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{10289AD8-241D-406C-8168-6508B4D257D6}\components\IDfXpCom.dll
2011-06-26 05:40:20 -------- d-----w- C:\Program Files (x86)\DepositFiles
.
==================== Find3M ====================
.
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-10 12:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-05-10 12:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
.
============= FINISH: 3:26:26.70 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2009 12:14:34 PM
System Uptime: 7/16/2011 3:07:28 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 141.557 GiB free.
D: is CDROM (UDF)
E: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510g-m
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Officejet 4500 G510g-m
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Network Dispatch Driver
Device ID: ROOT\LEGACY_SYMTDI\0000
Manufacturer:
Name: Symantec Network Dispatch Driver
PNP Device ID: ROOT\LEGACY_SYMTDI\0000
Service: SYMTDI
.
Class GUID:
Description: Officejet 4500 G510g-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer:
Name: Officejet 4500 G510g-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: Officejet 4500 G510g-m
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer:
Name: Officejet 4500 G510g-m
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Amazon Unbox Video
Apple Application Support
Apple Software Update
Art Explosion Scrapbook Factory
Bing Bar
BufferChm
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Definition update for Microsoft Office 2010 (KB982726)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
DepositFiles FileManager 0.9.9.206
Destinations
DeviceDiscovery
DivX Setup
DocMgr
DocProc
Documents To Go Desktop for iPhone
ESET Online Scanner v3
Fax
File Type Assistant
FinalTorrent 2011
Free File Viewer 2011
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService2
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Maryland 2009
H&R Block Maryland 2010
HP Update
HPProductAssistant
HPSSupply
InstallIQ Updater
Internet TV for Windows Media Center
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
McAfee Security Scan Plus
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Project Professional 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MotoHelper 2.0.24 Driver 4.7.1
MotoHelper MergeModules
Mozilla Firefox (3.6.18)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster Download Manager
NetAssistant
NetAssistant for Firefox
NetZero Internet
Norton Internet Security
ooVoo
ooVoo Toolbar
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
Photo Explosion SE
PowerDVD DX
QuickTime
Roxio Burn
Roxio Update Manager
Safari
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Status
SUPERAntiSpyware Free Edition
Times Reader
Toolbox
TrayApp
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmdiper
TurboTax 2009 wrapper
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.4
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Center Add-in for Flash
.
==== Event Viewer Messages From Past Week ========
.
7/16/2011 3:24:52 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2011 3:08:24 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2011 3:08:23 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
7/16/2011 3:08:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/16/2011 3:08:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/16/2011 3:08:16 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
7/16/2011 3:08:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/16/2011 3:08:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/16/2011 3:08:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 SASDIFSV SASKUTIL spldr SRTSPX SYMTDI Wanarpv6
7/16/2011 3:07:57 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
7/15/2011 7:56:05 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
7/15/2011 7:56:05 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
7/15/2011 7:37:56 PM, Error: Virtual Disk Service [9] - Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014
7/15/2011 7:37:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
7/15/2011 7:36:31 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/15/2011 7:36:31 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/15/2011 3:08:15 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
7/15/2011 2:47:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/14/2011 4:01:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Norton Internet Security service.
7/13/2011 8:11:40 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 50 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 8:10:39 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 49 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 8:09:38 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 48 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 8:08:37 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 47 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 8:07:36 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 46 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 8:06:35 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 45 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 8:05:34 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 44 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 8:04:33 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 43 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 8:03:31 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 42 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 8:02:30 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 41 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 8:01:29 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 40 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 8:00:28 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 39 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 7:59:27 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 38 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 7:58:26 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 37 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 7:57:24 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 36 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 7:56:23 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 35 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 7:55:23 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 34 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 7:54:21 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 33 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 6:57:19 PM, Error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: This driver has been blocked from loading
7/13/2011 6:57:13 PM, Error: Service Control Manager [7000] - The SASENUM service failed to start due to the following error: This driver has been blocked from loading
7/13/2011 6:57:13 PM, Error: Application Popup [1060] - \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/13/2011 6:57:12 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: This driver has been blocked from loading
7/13/2011 3:08:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/13/2011 2:18:38 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 32 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:17:37 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 31 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:16:36 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 30 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:15:35 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 29 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:14:34 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 28 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:13:33 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 27 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:12:32 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:11:31 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:10:31 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:09:29 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:08:28 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:07:27 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:06:25 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:05:23 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:04:22 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:03:21 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 2:02:42 AM, Error: Service Control Manager [7000] - The MotoHelper Service service failed to start due to the following error: Access is denied.
7/13/2011 12:58:49 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
7/13/2011 12:57:31 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The pipe has been ended.
7/13/2011 12:56:59 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 4 time(s).
7/13/2011 12:56:58 PM, Error: Service Control Manager [7023] - The Application Virtualization Client service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
7/13/2011 12:56:57 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 3 time(s).
7/13/2011 12:56:55 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 2 time(s).
7/13/2011 12:56:31 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 54 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:55:30 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 53 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:54:29 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 52 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:53:28 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 51 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:35:51 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:34:50 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:33:49 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:32:48 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:31:47 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:30:46 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:29:45 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:28:44 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:27:43 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:26:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:25:40 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:24:39 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:23:38 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:22:37 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:21:52 AM, Error: Service Control Manager [7034] - The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 12:21:50 AM, Error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 12:21:36 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/13/2011 12:21:03 AM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
7/13/2011 1:05:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
7/13/2011 1:02:51 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10003] - WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll
7/13/2011 1:02:38 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/13/2011 1:02:38 PM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
7/13/2011 1:02:26 PM, Error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The LXCYCustomerConnect service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The lxcy_device service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7034] - The Amazon Unbox Video Service service terminated unexpectedly. It has done this 1 time(s).
7/13/2011 1:02:24 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/13/2011 1:02:24 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/12/2011 9:59:21 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -604803 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.40:123) is working properly.
7/12/2011 11:10:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.
7/12/2011 11:10:15 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/12/2011 11:09:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MotoHelper Service service to connect.
7/12/2011 11:09:05 PM, Error: Service Control Manager [7000] - The MotoHelper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/12/2011 10:31:26 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -604804 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.40:123) is working properly.
7/11/2011 5:24:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Amazon Unbox Video Service service to connect.
7/11/2011 4:43:50 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -604801 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.40:123) is working properly.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:56 PM

Posted 09 July 2011 - 12:10 PM

Hello BIGBOYTERP,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.


2.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.5.6.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


3.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


4.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Things to include in your next reply::
TDSSKILLER log
Combofix.txt
aswMBr log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 09 July 2011 - 06:09 PM

The TDSSKiller.exe did not find any thing


ComboFix 11-07-09.02 - kingterp 07/16/2011 17:10:22.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.2402 [GMT -4:00]
Running from: c:\users\kingterp\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\5g10dlpbayswnt6ic1kfu5n52cs32vkyjnm
c:\users\kingterp\AppData\Local\5g10dlpbayswnt6ic1kfu5n52cs32vkyjnm
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{06D89BB4-D7BD-4DCE-BB61-4AAFA1B8B46C}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{16D8B7F6-4C37-4F6D-B6D2-714F4F0D2A91}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3D8E262F-E59F-4F39-B568-EE0DF08D69B2}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{428131CE-E627-4857-B514-C039E25E74CE}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6028FC5D-DC7C-4F84-861D-E1D1663913D1}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60DF19EA-55DF-429F-9FC9-C2BA8F3A43DF}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A8870B5-C449-4811-AD4D-8FAAFF64B7F7}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{74FB0540-9627-40EE-A97F-9E649F60C78C}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{86112BCB-63CC-4D63-BE54-3CF1F9C2BC22}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{89EE58E1-1FE3-4826-8ECC-78FA7E2B3676}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8A4421BA-2379-4074-AF91-B62DCA4381CE}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D2851A5-7C68-4D41-8D66-F23844BBBAAA}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{968F2DB7-91C8-4282-B473-0E82AC545028}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{985CAE56-7E15-42B0-AE1A-D0D9CB70CE4C}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A2156FDB-1075-45E2-8774-020B3A3190A2}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A4A18228-E0D9-48E0-B5E2-8672BB509A06}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A97F9118-F961-47F3-A925-1538BAD37292}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ACE7A859-A7D9-47D5-A035-A8FF1168B65A}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ADD1F0E4-2E60-4A7C-A056-6C9D57422E78}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AF8806E3-B02B-4CC7-B6DE-300EE576CF7D}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B13388AC-83E4-4C2F-8A7A-CC2EBF0A492F}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B7EC4577-F36F-464C-92D0-31D8B92171E0}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BA28A904-00AB-4620-86CE-BEF20B303078}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C1E9A802-772D-44D2-916D-5EC668B8E2F0}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB6E0066-8341-42B2-B98B-E289F409C87E}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CEFCA164-F266-45A0-B6ED-495691C4DF98}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D198A597-70CA-4123-8459-4ABAB97CC6FF}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D4F22085-BDC0-453C-9BC2-097479263035}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D79C406E-EF8A-4977-AF3C-C37CACC51F51}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D7C3EC49-0A75-4C69-9331-EE85612704F0}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E344161D-6368-47A5-B61E-4A21957AE09D}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FC34D106-5EAD-415D-9272-4FA13E3F3A66}.xps
c:\users\kingterp\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FFC2A82F-4238-4F83-9ADE-7AC7A8F1938D}.xps
c:\users\kingterp\AppData\Roaming\Adobe\plugs
c:\users\kingterp\AppData\Roaming\Adobe\shed
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\twain.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
.
.
2011-07-16 21:17 . 2011-07-16 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-16 21:08 . 2011-07-16 21:08 -------- d-----w- C:\32788R22FWJFW
2011-07-14 02:48 . 2011-07-14 02:48 -------- d-----w- c:\program files (x86)\ESET
2011-07-13 19:20 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-13 19:20 . 2011-07-13 19:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-13 00:35 . 2011-07-14 19:58 -------- d-----w- c:\users\kingterp\AppData\Roaming\FreeFileViewer
2011-07-04 01:53 . 2011-07-04 01:53 -------- d-----w- c:\windows\Sun
2011-07-04 01:35 . 2011-07-04 01:35 201728 --sha-r- c:\windows\SysWow64\winrma.dll
2011-07-03 20:52 . 2011-07-03 20:52 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-07-03 20:52 . 2011-07-03 20:52 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-07-03 19:42 . 2011-07-03 19:42 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-03 19:41 . 2011-07-03 19:42 -------- d-----w- c:\program files\iTunes
2011-07-03 19:41 . 2011-07-03 19:42 -------- d-----w- c:\program files (x86)\iTunes
2011-07-03 19:41 . 2011-07-03 19:41 -------- d-----w- c:\program files\iPod
2011-07-01 06:07 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1190E99-015E-4800-B9AC-1970668A9C37}\mpengine.dll
2011-06-28 23:09 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 23:09 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-28 23:09 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-28 23:09 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-28 23:09 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-27 22:57 . 2011-07-04 00:34 -------- d-----w- c:\program files (x86)\FreeFileViewer
2011-06-26 20:15 . 2011-06-27 20:17 -------- d-----w- c:\users\kingterp\AppData\Roaming\FinalTorrent
2011-06-26 20:14 . 2011-07-04 00:35 -------- d-----w- c:\program files (x86)\File Type Assistant
2011-06-26 20:14 . 2011-06-26 20:14 -------- d-----w- c:\program files (x86)\FinalTorrent
2011-06-26 20:14 . 2011-06-26 20:14 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2011-06-26 20:14 . 2011-06-26 20:14 -------- d-----w- c:\programdata\W3i
2011-06-26 20:14 . 2011-06-26 20:14 -------- d-----w- c:\program files (x86)\W3i
2011-06-26 20:14 . 2011-06-26 20:14 -------- d-----w- c:\users\kingterp\AppData\Roaming\NetAssistant
2011-06-26 05:49 . 2011-06-26 16:52 -------- d-----w- C:\Depositfiles
2011-06-26 05:40 . 2009-02-20 23:07 52224 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{10289AD8-241D-406C-8168-6508B4D257D6}\components\IDfXpCom.dll
2011-06-26 05:40 . 2011-06-26 05:40 -------- d-----w- c:\program files (x86)\DepositFiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-26 23:59 . 2010-01-10 02:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-26 23:58 . 2010-01-10 02:39 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-26 23:58 . 2010-08-23 16:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-26 23:57 . 2010-01-12 19:54 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-06-13 01:47 . 2010-01-12 19:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-06-13 01:46 . 2010-09-10 15:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-29 13:11 . 2010-01-13 01:48 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 03:25 . 2011-06-16 05:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:07 . 2011-06-16 05:00 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 03:00 . 2011-06-16 05:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 23:14 . 2009-12-25 17:33 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-04 02:51 . 2011-06-16 05:00 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-16 05:00 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-16 05:00 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-16 04:58 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-16 04:58 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-16 04:58 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-16 04:58 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-16 04:58 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-16 05:00 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 05:32 . 2011-06-16 05:00 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:44 . 2011-06-16 05:00 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 20:18 . 2011-05-24 22:48 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 20:18 . 2011-06-16 05:00 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 20:14 . 2011-06-16 05:00 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 19:31 . 2011-06-16 05:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-22 19:31 . 2011-06-16 05:00 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-22 18:49 . 2011-06-16 05:00 482816 ----a-w- c:\windows\system32\html.iec
2011-04-22 18:23 . 2011-06-16 05:00 386048 ----a-w- c:\windows\SysWow64\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
2011-01-21 21:38 81920 ----a-w- c:\program files (x86)\oovootoolbar\oovootoolbarX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9DFE2FE9-CF99-4ADF-A28E-9B5ADB8DC74F}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files (x86)\oovootoolbar\oovootoolbarX.dll" [2011-01-21 81920]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-14 39408]
"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2007-03-07 1629184]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-01-25 22504120]
"DF Manager"="c:\program files (x86)\DepositFiles\DF Manager\dfmanager.exe" [2010-06-23 2068992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 295600]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\users\kingterp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2010-2-28 3207072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2007-06-20 566448]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-07-16 648432]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-16 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-06-26 20:50]
.
2011-07-16 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-06-27 19:24]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 22:26]
.
2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 22:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"lxcymon.exe"="c:\program files (x86)\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
"EzPrint"="c:\program files (x86)\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]
"LXCYCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCYtime.dll" [2006-11-21 31744]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\kingterp\AppData\Roaming\Mozilla\Firefox\Profiles\qeo72d8f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110627,16900,0,15,0
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z015&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: <em:name >Depositfiles plugin: {10289AD8-241D-406C-8168-6508B4D257D6} - c:\program files (x86)\Mozilla Firefox\extensions\{10289AD8-241D-406C-8168-6508B4D257D6}
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: PopupMaster: {35106bca-6c78-48c7-ac28-56df30b51d2d} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: NoRedirect: {c1970c0d-dbe6-4d91-804f-c9c0de643a57} - %profile%\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Zoom toolbar: {FBFB7597-9E32-46b4-A500-8B6B0412777F} - %profile%\extensions\{FBFB7597-9E32-46b4-A500-8B6B0412777F}
FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\users\kingterp\AppData\Roaming\NetAssistant
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{6AA40521-14E7-4B1D-B1B4-98528C1388C9} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-07-16 17:25:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-16 21:25
.
Pre-Run: 159,961,903,104 bytes free
Post-Run: 160,288,800,768 bytes free
.
- - End Of File - - 21EA0E10BDC84F9DD900704DF818BC32



aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-16 17:36:29
-----------------------------
17:36:29.679 OS Version: Windows x64 6.1.7600
17:36:29.679 Number of processors: 2 586 0x170A
17:36:29.680 ComputerName: KINGTERP-PC UserName: kingterp
17:36:30.881 Initialize success
17:40:56.270 AVAST engine defs: 11070901
17:43:09.806 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:43:09.806 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
17:43:09.853 Disk 0 MBR read successfully
17:43:09.853 Disk 0 MBR scan
17:43:09.853 Disk 0 unknown MBR code
17:43:09.868 Service scanning
17:43:10.976 Disk 0 trace - called modules:
17:43:10.976 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:43:10.976 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032b8060]
17:43:10.976 3 CLASSPNP.SYS[fffff8800195643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e53050]
17:43:12.083 AVAST engine scan C:\Windows
18:00:29.407 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
18:00:29.860 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
18:00:29.953 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
18:00:30.109 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
18:00:30.203 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
18:00:30.374 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
18:00:37.472 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
18:08:48.998 File: C:\Windows\SysWOW64\winrma.dll **INFECTED** Win32:Trojan-gen
18:47:19.175 AVAST engine scan C:\Users\kingterp
18:58:47.526 AVAST engine scan C:\ProgramData
19:01:53.198 Scan finished successfully
19:06:40.535 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
19:06:40.566 The log file has been saved successfully to "F:\aswMBR.txt"

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:56 PM

Posted 09 July 2011 - 09:31 PM

Hello,


Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.


How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 10 July 2011 - 12:44 AM

Everything seems to be fine now with the computer. I no longer get redirected from sites like yours and I can open programs That I could not open or use outside of self mode.


aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-16 23:37:00
-----------------------------
23:37:00.024 OS Version: Windows x64 6.1.7600
23:37:00.024 Number of processors: 2 586 0x170A
23:37:00.024 ComputerName: KINGTERP-PC UserName: kingterp
23:37:01.069 Initialize success
23:42:23.553 AVAST engine defs: 11070901
23:46:56.288 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:46:56.288 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
23:46:56.335 Disk 0 MBR read successfully
23:46:56.335 Disk 0 MBR scan
23:46:56.335 Disk 0 unknown MBR code
23:46:56.335 Service scanning
23:46:57.645 Disk 0 trace - called modules:
23:46:57.692 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:46:57.692 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032ba060]
23:46:57.692 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e33050]
23:46:58.534 AVAST engine scan C:\Windows
00:04:18.479 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
00:04:19.758 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
00:04:19.898 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
00:04:20.054 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
00:04:20.148 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
00:04:20.257 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
00:04:27.355 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
00:12:17.306 File: C:\Windows\SysWOW64\winrma.dll **INFECTED** Win32:Trojan-gen
00:50:03.928 AVAST engine scan C:\Users\kingterp
01:01:31.249 AVAST engine scan C:\ProgramData
01:04:37.888 Scan finished successfully
01:22:30.203 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
01:22:30.234 The log file has been saved successfully to "F:\ssshg.txt"
01:25:56.466 Disk 0 Windows 601 MBR fixed successfully
01:27:11.175 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
01:27:11.206 The log file has been saved successfully to "F:\sdddff.txt"

#6 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 10 July 2011 - 02:11 AM

Everything seems to be fine now with the computer. I no longer get redirected from most sites like yours and I can open programs That I could not open or use outside of self mode.

I was just on amazon and I got redirected from the site.


aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-16 23:37:00
-----------------------------
23:37:00.024 OS Version: Windows x64 6.1.7600
23:37:00.024 Number of processors: 2 586 0x170A
23:37:00.024 ComputerName: KINGTERP-PC UserName: kingterp
23:37:01.069 Initialize success
23:42:23.553 AVAST engine defs: 11070901
23:46:56.288 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:46:56.288 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
23:46:56.335 Disk 0 MBR read successfully
23:46:56.335 Disk 0 MBR scan
23:46:56.335 Disk 0 unknown MBR code
23:46:56.335 Service scanning
23:46:57.645 Disk 0 trace - called modules:
23:46:57.692 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:46:57.692 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032ba060]
23:46:57.692 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e33050]
23:46:58.534 AVAST engine scan C:\Windows
00:04:18.479 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
00:04:19.758 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
00:04:19.898 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
00:04:20.054 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
00:04:20.148 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
00:04:20.257 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
00:04:27.355 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
00:12:17.306 File: C:\Windows\SysWOW64\winrma.dll **INFECTED** Win32:Trojan-gen
00:50:03.928 AVAST engine scan C:\Users\kingterp
01:01:31.249 AVAST engine scan C:\ProgramData
01:04:37.888 Scan finished successfully
01:22:30.203 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
01:22:30.234 The log file has been saved successfully to "F:\ssshg.txt"
01:25:56.466 Disk 0 Windows 601 MBR fixed successfully
01:27:11.175 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
01:27:11.206 The log file has been saved successfully to "F:\sdddff.txt"

Edited by BIGBOYTERP, 10 July 2011 - 02:12 AM.


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:56 PM

Posted 10 July 2011 - 10:13 AM

Hello,


Please do the following.
1.

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

2.
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Windows\SysWOW64\winrma.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



Things to include in your next reply::
aswMBR log
Jotti Results
Are you able to burn Cd's and have a USB Flash Drive you can use?
How is your machine running now?

Edited by fireman4it, 10 July 2011 - 10:15 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 10 July 2011 - 10:10 PM

Winrma.dll the file is locked and it wont let me open the file I keep on getting this message. You don't have permission to open this file contact the file owner or an administrator to obtain permission.And i thinking its stopping me form using aswmbr also because after I ran the scan I clicked the Fixmbr button and waited for like 2 or 3 hours. I cant click the regular fix button maybe I'm doing something wrong but here is the log.

Are you able to burn Cd's and have a USB Flash Drive you can use? Yes

How is your machine running now.Same




aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-17 17:46:35
-----------------------------
17:46:35.615 OS Version: Windows x64 6.1.7600
17:46:35.615 Number of processors: 2 586 0x170A
17:46:35.615 ComputerName: KINGTERP-PC UserName: kingterp
17:46:36.613 Initialize success
17:56:45.716 AVAST engine defs: 11071001
17:58:46.414 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:58:46.414 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
17:58:46.460 Disk 0 MBR read successfully
17:58:46.476 Disk 0 MBR scan
17:58:46.476 Disk 0 Windows 7 default MBR code
17:58:46.476 Service scanning
17:58:47.584 Disk 0 trace - called modules:
17:58:47.584 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:58:47.584 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032ba060]
17:58:47.584 3 CLASSPNP.SYS[fffff880013b743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e33050]
17:58:48.348 AVAST engine scan C:\Windows
18:16:07.638 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
18:16:08.090 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
18:16:08.215 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
18:16:08.371 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
18:16:08.464 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
18:16:08.636 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
18:16:15.656 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
18:23:58.056 File: C:\Windows\SysWOW64\winrma.dll **INFECTED** Win32:Trojan-gen
19:02:09.170 AVAST engine scan C:\Users\kingterp
19:13:25.728 AVAST engine scan C:\ProgramData
19:16:23.786 Scan finished successfully
19:18:33.547 Disk 0 Windows 601 MBR fixed successfully
22:13:30.244 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
22:13:30.275 The log file has been saved successfully to "F:\bbnmm.txt"

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:56 PM

Posted 10 July 2011 - 10:21 PM

Hello,

We need to create a System Recovery Disc

How to Create a Windows 7 Repair Disc if You Don’t Have One


Let me know when you have made this recovery disc. Just make the disc don't use it. We will use it in my next post.

Lets also scan that file.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\SysWow64\winrma.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Edited by fireman4it, 10 July 2011 - 10:25 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 11 July 2011 - 01:52 AM

I made the disc.

How to see hidden files in Windows. Did it all step by step

But the winrma.dll file still wont open it wont let me scan it the file has a lock next to it I think the virus wont let me open it.

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:56 PM

Posted 11 July 2011 - 07:09 PM

Hello,

1. Start PC, Insert Windows 7 DVD you just made and hit a key when asked to. You may have to change your boot order to boot from DVD!

2. Click on “Repair your computer“:

Posted Image

3.The installer will scan your PC for previous Windows installations:


Posted Image


Posted Image

4. Click on Command Prompt

Posted Image


5. Enter the following command on one line:
bootrec.exe /fixmbr

How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 11 July 2011 - 10:52 PM

Hello, I've used the system repair disc on my computer and it didn't work I'm still being redirected. Is the malware still active on my computer or just some components of it. Is it possible for me to use my computer to fill out some application for nursing school. I worry that my personal information is at risk.

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:56 PM

Posted 12 July 2011 - 04:35 PM

Hello,

Using your machine period on the internet would put your machine and personal information at risk till we get it cleaned up.

1.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Killall::

Rootkit::
C:\Windows\SysWOW64\winrma.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


2.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

3.
Are you connected to the internet through a Router? If so we need to reset that router.
How to reset your Router.

Things to include in your next reply::
Combofix.txt
aswMBr log
How is your machine running now?

Edited by fireman4it, 12 July 2011 - 04:40 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 BIGBOYTERP

BIGBOYTERP
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 12 July 2011 - 08:24 PM

How is your machine running now same

ComboFix 11-07-12.09 - kingterp 07/19/2011 18:55:59.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3032.1679 [GMT -4:00]
Running from: c:\users\kingterp\Desktop\ComboFix.exe
Command switches used :: c:\users\kingterp\Desktop\CFScript.txt,.txt
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 23:09 . 2011-07-19 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-19 22:53 . 2011-07-19 22:54 -------- d-----w- C:\32788R22FWJFW
2011-07-14 02:48 . 2011-07-14 02:48 -------- d-----w- c:\program files (x86)\ESET
2011-07-13 19:20 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-13 19:20 . 2011-07-13 19:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-13 00:35 . 2011-07-14 19:58 -------- d-----w- c:\users\kingterp\AppData\Roaming\FreeFileViewer
2011-07-04 01:53 . 2011-07-04 01:53 -------- d-----w- c:\windows\Sun
2011-07-04 01:35 . 2011-07-04 01:35 201728 --sha-r- c:\windows\SysWow64\winrma.dll
2011-07-03 20:52 . 2011-07-03 20:52 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-07-03 20:52 . 2011-07-03 20:52 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-07-03 19:42 . 2011-07-03 19:42 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-03 19:41 . 2011-07-03 19:42 -------- d-----w- c:\program files\iTunes
2011-07-03 19:41 . 2011-07-03 19:42 -------- d-----w- c:\program files (x86)\iTunes
2011-07-03 19:41 . 2011-07-03 19:41 -------- d-----w- c:\program files\iPod
2011-07-01 06:07 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1190E99-015E-4800-B9AC-1970668A9C37}\mpengine.dll
2011-06-28 23:09 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 23:09 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-28 23:09 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-28 23:09 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-28 23:09 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-27 22:57 . 2011-07-04 00:34 -------- d-----w- c:\program files (x86)\FreeFileViewer
2011-06-26 20:15 . 2011-06-27 20:17 -------- d-----w- c:\users\kingterp\AppData\Roaming\FinalTorrent
2011-06-26 20:14 . 2011-07-04 00:35 -------- d-----w- c:\program files (x86)\File Type Assistant
2011-06-26 20:14 . 2011-06-26 20:14 -------- d-----w- c:\program files (x86)\FinalTorrent
2011-06-26 20:14 . 2011-06-26 20:14 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2011-06-26 20:14 . 2011-06-26 20:14 -------- d-----w- c:\programdata\W3i
2011-06-26 20:14 . 2011-06-26 20:14 -------- d-----w- c:\program files (x86)\W3i
2011-06-26 20:14 . 2011-06-26 20:14 -------- d-----w- c:\users\kingterp\AppData\Roaming\NetAssistant
2011-06-26 05:49 . 2011-06-26 16:52 -------- d-----w- C:\Depositfiles
2011-06-26 05:40 . 2009-02-20 23:07 52224 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{10289AD8-241D-406C-8168-6508B4D257D6}\components\IDfXpCom.dll
2011-06-26 05:40 . 2011-06-26 05:40 -------- d-----w- c:\program files (x86)\DepositFiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-26 23:59 . 2010-01-10 02:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-26 23:58 . 2010-01-10 02:39 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-26 23:58 . 2010-08-23 16:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-26 23:57 . 2010-01-12 19:54 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-06-13 01:47 . 2010-01-12 19:56 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-06-13 01:46 . 2010-09-10 15:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-29 13:11 . 2010-01-13 01:48 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 03:25 . 2011-06-16 05:00 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 03:07 . 2011-06-16 05:00 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-05-28 03:00 . 2011-06-16 05:00 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 23:14 . 2009-12-25 17:33 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-04 02:51 . 2011-06-16 05:00 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:51 . 2011-06-16 05:00 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-04 02:51 . 2011-06-16 05:00 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-03 05:21 . 2011-06-16 04:58 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:50 . 2011-06-16 04:58 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13 . 2011-06-16 04:58 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:12 . 2011-06-16 04:58 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:12 . 2011-06-16 04:58 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:57 . 2011-06-16 05:00 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 05:32 . 2011-06-16 05:00 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:44 . 2011-06-16 05:00 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 20:18 . 2011-05-24 22:48 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 20:18 . 2011-06-16 05:00 1197056 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 20:14 . 2011-06-16 05:00 57856 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 19:31 . 2011-06-16 05:00 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-22 19:31 . 2011-06-16 05:00 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-22 18:49 . 2011-06-16 05:00 482816 ----a-w- c:\windows\system32\html.iec
2011-04-22 18:23 . 2011-06-16 05:00 386048 ----a-w- c:\windows\SysWow64\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_21.18.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-07-16 21:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-19 23:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-19 23:11 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 21:18 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 21:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-19 23:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-16 18:28 . 2011-07-19 03:35 64518 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-19 23:13 44170 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-26 20:05 . 2011-07-19 23:13 20160 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2232725799-1762004791-505105929-1000_UserData.bin
- 2011-02-20 02:33 . 2011-07-13 02:56 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-02-20 02:33 . 2011-07-19 03:26 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2009-12-25 17:16 . 2011-07-19 23:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 17:16 . 2011-07-16 21:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 17:16 . 2011-07-16 21:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-25 17:16 . 2011-07-19 23:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-16 21:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-19 23:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-25 17:24 . 2011-07-19 23:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 17:24 . 2011-07-16 21:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 17:24 . 2011-07-16 21:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-25 17:24 . 2011-07-19 23:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-25 17:24 . 2011-07-16 21:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-25 17:24 . 2011-07-19 23:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-25 17:19 . 2011-07-16 21:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-25 17:19 . 2011-07-19 23:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-25 17:19 . 2011-07-16 21:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-25 17:19 . 2011-07-19 23:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-16 21:17 . 2011-07-16 21:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-19 23:11 . 2011-07-19 23:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-19 23:11 . 2011-07-19 23:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-16 21:17 . 2011-07-16 21:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-02 00:57 . 2011-07-19 19:20 333966 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-01-03 00:54 . 2011-07-19 20:26 326324 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-07-16 20:58 624622 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-19 03:24 624622 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-19 03:24 106708 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-07-16 20:58 106708 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-07-16 21:00 346488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-19 23:10 346488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-07-16 15:57 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-07-19 19:31 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
2011-01-21 21:38 81920 ----a-w- c:\program files (x86)\oovootoolbar\oovootoolbarX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9DFE2FE9-CF99-4ADF-A28E-9B5ADB8DC74F}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files (x86)\oovootoolbar\oovootoolbarX.dll" [2011-01-21 81920]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-14 39408]
"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2007-03-07 1629184]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-01-25 22504120]
"DF Manager"="c:\program files (x86)\DepositFiles\DF Manager\dfmanager.exe" [2010-06-23 2068992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 295600]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\users\kingterp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2010-2-28 3207072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2007-06-20 566448]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-07-16 648432]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-19 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-06-26 20:50]
.
2011-07-19 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-06-27 19:24]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 22:26]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 22:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"lxcymon.exe"="c:\program files (x86)\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
"EzPrint"="c:\program files (x86)\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]
"LXCYCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCYtime.dll" [2006-11-21 31744]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\kingterp\AppData\Roaming\Mozilla\Firefox\Profiles\qeo72d8f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110627,16900,0,15,0
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z015&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: <em:name >Depositfiles plugin: {10289AD8-241D-406C-8168-6508B4D257D6} - c:\program files (x86)\Mozilla Firefox\extensions\{10289AD8-241D-406C-8168-6508B4D257D6}
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: PopupMaster: {35106bca-6c78-48c7-ac28-56df30b51d2d} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: NoRedirect: {c1970c0d-dbe6-4d91-804f-c9c0de643a57} - %profile%\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Zoom toolbar: {FBFB7597-9E32-46b4-A500-8B6B0412777F} - %profile%\extensions\{FBFB7597-9E32-46b4-A500-8B6B0412777F}
FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\users\kingterp\AppData\Roaming\NetAssistant
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{6AA40521-14E7-4B1D-B1B4-98528C1388C9} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
c:\program files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-07-19 19:47:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-19 23:47
ComboFix2.txt 2011-07-17 06:06
ComboFix3.txt 2011-07-16 21:25
.
Pre-Run: 160,060,715,008 bytes free
Post-Run: 160,099,397,632 bytes free
.
- - End Of File - - 0C42BFCFF24617F2366EABD8EF4ADFD5




aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-19 19:51:33
-----------------------------
19:51:33.903 OS Version: Windows x64 6.1.7600
19:51:33.903 Number of processors: 2 586 0x170A
19:51:33.904 ComputerName: KINGTERP-PC UserName: kingterp
19:51:35.151 Initialize success
20:00:05.244 AVAST engine defs: 11071201
20:01:21.262 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:01:21.265 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
20:01:21.308 Disk 0 MBR read successfully
20:01:21.312 Disk 0 MBR scan
20:01:21.317 Disk 0 Windows 7 default MBR code
20:01:21.323 Service scanning
20:01:22.394 Disk 0 trace - called modules:
20:01:22.401 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:01:22.407 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002fc9650]
20:01:22.413 3 CLASSPNP.SYS[fffff880013cc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002dfe050]
20:01:23.568 AVAST engine scan C:\Windows
20:21:34.259 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
20:21:37.071 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
20:21:37.410 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
20:21:38.028 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
20:21:38.249 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
20:21:38.573 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
20:21:52.972 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
20:34:37.403 File: C:\Windows\SysWOW64\winrma.dll **INFECTED** Win32:Trojan-gen
21:05:55.291 AVAST engine scan C:\Users\kingterp
21:18:00.628 AVAST engine scan C:\ProgramData
21:20:25.383 Scan finished successfully
21:22:56.530 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
21:22:56.557 The log file has been saved successfully to "F:\gghg.txt"

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:56 PM

Posted 13 July 2011 - 06:19 AM

Hello.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Click on File
  • Expand mnt
  • Expand your USB (sdb1)
  • Confirm that you see driver.sh.
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh -f
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    winrma.dll

  • Press Enter
  • If succesful, the script will search this file.
  • After it has finished a report will be located in the USB drive as filefind.txt

Please note - all text entries are case sensitive

Copy and paste the filefind.txt for my review


2.
Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

ooVoo
ooVoo Toolbar
FinalTorrent 2011


Additional instructions can be found here if needed.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users