Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

feeling a little bit blank


  • This topic is locked This topic is locked
32 replies to this topic

#1 ivanhoew

ivanhoew

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 30 April 2012 - 02:22 AM

hello all ,

i appear to have got myself infected with a bit of about:blank ness . i wonder if anyone would be good enough to have a look at this log and tell me if i should be walking around with a bell on a stick shouting ''unclean''?

thanks you
regards
robert


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:40 AM, on 4/30/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Robert\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [FexHpukv] C:\Users\Robert\AppData\Local\wxgufuef\fexhpukv.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {49CD73D5-CBE2-4FAA-B70F-0252C74809AB} (PLANET IPCamera Control) - http://192.168.1.108/classes/PLANETCamV.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6977 bytes

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:39 PM

Posted 30 April 2012 - 12:47 PM

Hi,

I see a couple of items I can fix with HJT, but the tool doesn't give us enough of an indepth diagnosis, so I will need you to run further diagnostic logs, so I can see what else may be lurking:

Please do the following:

  • Open HiJackThis
  • Click on Do a system scan only
  • Check the boxes next to ONLY the entries listed below (if still present):


O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKCU\..\Run: [FexHpukv] C:\Users\Robert\AppData\Local\wxgufuef\fexhpukv.exe

  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.


NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ivanhoew

ivanhoew
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 30 April 2012 - 02:16 PM

thank you very much catbyte ,i hope i have done this correctly .



Attached File  MBR.zip   543bytes   1 downloads



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Robert at 19:16:25 on 2012-04-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1388 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Robert\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {49CD73D5-CBE2-4FAA-B70F-0252C74809AB} - hxxp://192.168.1.108/classes/PLANETCamV.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{76E98B36-2AC2-4ACE-9C1B-A51CB8493071} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 171064]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-11-22 21504]
R2 MD110032;MD110032;c:\windows\system32\drivers\MD110032.sys [2011-12-18 7424]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2009-11-19 5120]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2010-12-18 847392]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-4-28 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253088]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 Ser2at;ATEN USB to Serial port driver;c:\windows\system32\drivers\ser2at.sys [2011-7-7 76288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-30 11:15:37 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4b960716-fa7f-4a48-a293-eee4c26dcd43}\mpengine.dll
2012-04-30 07:52:40 -------- d-----w- c:\users\robert\appdata\local\{0AE4FBCF-BE23-4292-B790-FFFEE634D6C3}
2012-04-30 07:52:28 -------- d-----w- c:\users\robert\appdata\local\{CBBE5A85-AC39-47F3-8C61-2D2B628468DE}
2012-04-29 19:58:32 6734704 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-04-28 19:39:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-28 19:39:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-28 09:08:50 388096 ----a-r- c:\users\robert\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-28 09:08:48 -------- d-----w- c:\program files\Trend Micro
2012-04-27 05:06:32 -------- d-----w- c:\users\robert\appdata\local\wxgufuef
2012-04-26 20:50:43 -------- d-----w- c:\programdata\F4D55EFF000485B20023F27A570F1C8B
2012-04-26 19:39:26 -------- d-----w- c:\users\robert\appdata\local\{726ABC6E-30C5-4D6E-B1FD-705EEEE34313}
2012-04-26 19:39:14 -------- d-----w- c:\users\robert\appdata\local\{4B31A4AA-6CE6-48A7-A8E8-76682AB01BFB}
2012-04-25 12:39:41 -------- d-----w- c:\users\robert\appdata\local\{AB82603D-806F-45FB-ADFD-E732A324CCBC}
2012-04-25 12:39:24 -------- d-----w- c:\users\robert\appdata\local\{1E9163BC-D0BF-4118-A753-3299C13B400A}
2012-04-25 06:23:17 -------- d-----w- c:\users\robert\appdata\local\EasyBits
2012-04-24 19:51:28 -------- d-----w- c:\users\robert\appdata\local\{63882AEB-15FE-4FAB-AE8F-E895DD54DB00}
2012-04-24 19:51:13 -------- d-----w- c:\users\robert\appdata\local\{74326946-78F3-454F-BCA7-57459C9FA97D}
2012-04-18 18:51:14 -------- d-----w- c:\users\robert\appdata\local\{83A5F271-9B28-4FA9-94D3-7FE805AA24CD}
2012-04-18 18:51:02 -------- d-----w- c:\users\robert\appdata\local\{0537F66A-385A-4B0C-B8C1-A3DF8BA8D091}
2012-04-18 08:04:28 -------- d-----w- c:\users\robert\appdata\local\Apps
2012-04-18 06:44:36 -------- d-----w- c:\users\robert\appdata\local\{B7AD0873-4140-427A-9323-691DC795E43C}
2012-04-18 06:44:20 -------- d-----w- c:\users\robert\appdata\local\{BDA4AD6A-8BEF-42C3-90B4-3C3193CA37DE}
2012-04-17 18:23:21 -------- d-----w- c:\users\robert\appdata\local\{5C64D663-2EF4-4729-87BB-B5939389330E}
2012-04-17 18:23:10 -------- d-----w- c:\users\robert\appdata\local\{E6125D3D-2583-4CD7-BF0E-9D120D279A72}
2012-04-17 06:22:56 -------- d-----w- c:\users\robert\appdata\local\{29C1716B-EC1B-40B2-A1BB-5EABBC8E3B26}
2012-04-17 06:22:44 -------- d-----w- c:\users\robert\appdata\local\{7EE92F0C-C261-4C4D-B367-8373D7853A3A}
2012-04-16 16:43:07 -------- d-----w- c:\users\robert\appdata\local\{DC21A1F9-1BD4-484A-8FD8-78D8B98654BA}
2012-04-16 16:42:56 -------- d-----w- c:\users\robert\appdata\local\{452444E3-4060-404A-B457-99F2519C40B4}
2012-04-15 05:07:05 -------- d-----w- c:\users\robert\appdata\local\{AAF67B0D-FB57-492A-B151-ABD219B8FA96}
2012-04-15 05:06:54 -------- d-----w- c:\users\robert\appdata\local\{6E1D2379-EA57-4380-8F3F-EB6C4437BD45}
2012-04-13 20:16:00 -------- d-----w- c:\users\robert\appdata\local\{9096001D-E4CD-43C0-ACCF-7274A2F953F9}
2012-04-13 20:15:49 -------- d-----w- c:\users\robert\appdata\local\{02C2E868-5B4C-4786-809C-8949D68A667E}
2012-04-12 07:39:55 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:39:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:39:55 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:39:55 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:38:47 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 07:38:47 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:10:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-10 06:38:16 -------- d-----w- c:\users\robert\appdata\local\{B35DB25C-179B-4502-AFAB-F549FF696D27}
2012-04-10 06:38:04 -------- d-----w- c:\users\robert\appdata\local\{81F5EF21-7FBF-467A-823C-A230B20FFE31}
2012-04-09 18:37:51 -------- d-----w- c:\users\robert\appdata\local\{78A83A30-7C5F-4DE9-918A-45755A3E69A8}
2012-04-09 18:37:40 -------- d-----w- c:\users\robert\appdata\local\{42D75317-0857-4808-969F-7C7C51C59AE4}
2012-04-09 06:37:24 -------- d-----w- c:\users\robert\appdata\local\{4CB4AEB7-4334-4A7B-9F9E-F993B1E5A862}
2012-04-09 06:37:10 -------- d-----w- c:\users\robert\appdata\local\{E015B626-9043-42C9-9EC0-D29961FD8DF0}
2012-04-08 10:41:07 -------- d-----w- c:\users\robert\appdata\local\{83777B52-DEE1-4935-863D-06829D64CD74}
2012-04-08 10:40:47 -------- d-----w- c:\users\robert\appdata\local\{0B57B753-64E7-49B1-A419-E810F1C8E0C6}
2012-04-07 20:19:08 -------- d-----w- c:\users\robert\appdata\local\{2AE7D552-1F1D-4E56-A082-1FD3085C1F37}
2012-04-07 20:18:56 -------- d-----w- c:\users\robert\appdata\local\{126F234B-2C6F-489C-9694-9A7064D290C9}
2012-04-07 08:18:40 -------- d-----w- c:\users\robert\appdata\local\{27B8EE5C-08E6-4EC7-86B6-BC82D0B01F8B}
2012-04-07 08:18:28 -------- d-----w- c:\users\robert\appdata\local\{424FBA5F-419B-4370-B3BF-A02F625CF50D}
2012-04-06 18:11:16 -------- d-----w- c:\windows\en
2012-04-06 18:10:06 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-06 18:00:54 15712 ----a-w- c:\program files\common files\windows live\.cache\359717311cd141f03\MeshBetaRemover.exe
2012-04-06 18:00:53 537432 ----a-w- c:\program files\common files\windows live\.cache\34be6a711cd141f02\DXSETUP.exe
2012-04-06 18:00:52 89944 ----a-w- c:\program files\common files\windows live\.cache\34be6a711cd141f02\DSETUP.dll
2012-04-06 18:00:52 1801048 ----a-w- c:\program files\common files\windows live\.cache\34be6a711cd141f02\dsetup32.dll
2012-04-06 17:55:32 -------- d-----w- c:\users\robert\appdata\local\{AAC76054-8003-424C-B215-C1843F9B0FB7}
2012-04-06 17:55:20 -------- d-----w- c:\users\robert\appdata\local\{22CA948D-DFED-4982-BE5C-4CD0AE084F14}
2012-04-06 12:42:38 -------- d-----w- c:\users\robert\appdata\local\{3581612D-75BF-4661-B540-0E3A08532AFB}
2012-04-06 12:42:18 -------- d-----w- c:\users\robert\appdata\local\{4EF768D0-4E85-4CC9-A1FC-F517A6F8DA51}
2012-04-06 08:35:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 08:35:37 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-05 07:55:57 -------- d-----w- c:\users\robert\appdata\local\{4050042A-137F-405C-8AE4-DEF3FA59C92B}
2012-04-05 07:55:44 -------- d-----w- c:\users\robert\appdata\local\{730AE1C4-32AF-443F-9A57-C91EC4803A29}
2012-04-05 07:21:02 -------- d-----w- c:\users\robert\appdata\local\{E7BDBA10-A263-48ED-A3A2-B540E856649F}
2012-04-05 07:20:42 -------- d-----w- c:\users\robert\appdata\local\{343920C2-1614-40E9-B194-020CF1677786}
2012-04-03 16:20:54 -------- d-----w- c:\users\robert\appdata\local\{94BF372B-6CE8-41B4-96A0-C5957E876AC1}
2012-04-02 07:12:30 -------- d-----w- c:\users\robert\appdata\local\{98A5C466-1936-488F-A56E-20A1C3E46530}
2012-04-01 18:05:21 -------- d-----w- c:\users\robert\appdata\local\{2675DFC1-DFE2-4AD3-BA1D-4CB4278793FA}
2012-04-01 13:19:04 -------- d-----w- c:\users\robert\appdata\local\ej-technologies
2012-04-01 06:00:58 -------- d-----w- c:\users\robert\appdata\local\{DC9E9FE2-609D-4057-BB26-3A34427929FF}
.
==================== Find3M ====================
.
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 19:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-08 17:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 17:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45:30 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 15:16:25 2044416 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:17:07.93 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/17/2010 11:04:02 PM
System Uptime: 4/29/2012 2:47:19 PM (29 hours ago)
.
Motherboard: Acer | | Grapevine
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | U1 | 1667/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 13.307 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP507: 4/22/2012 9:20:34 PM - Windows Update
RP508: 4/23/2012 8:38:04 PM - Scheduled Checkpoint
RP509: 4/24/2012 6:15:58 AM - Windows Update
RP510: 4/25/2012 6:44:56 AM - Windows Update
RP511: 4/26/2012 7:39:03 AM - Windows Update
RP512: 4/26/2012 7:43:14 PM - Windows Update
RP513: 4/27/2012 2:36:43 PM - Removed GOM Player + Ask Toolbar.
RP514: 4/28/2012 10:07:59 AM - Installed HiJackThis
RP515: 4/28/2012 11:32:00 AM - Windows Update
RP516: 4/29/2012 11:50:25 AM - Windows Update
RP517: 4/29/2012 8:57:48 PM - Windows Update
RP518: 4/30/2012 12:14:40 PM - Windows Update
.
==== Installed Programs ======================
.
Acer Camera Driver
Acer OrbiCam Application
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
BitTorrent
Canon iP2600 series
Canon iP2600 series User Registration
Canon My Printer
Canon Utilities Solution Menu
CCleaner
D3DX10
DOSPRN 1.79
Dropbox
DynoPlot
ES-595
Fanatic PASS 1.0
Flow Quik
Flow Quik Update
GOM Player
Gtech PASS RR 2.0
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
Java Auto Updater
Java™ 6 Update 30
Junk Mail filter update
K-Lite Mega Codec Pack 8.2.0
Logitech Video Enumerator
LogWorks3
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
NVIDIA Drivers
NVIDIA PhysX
OBDwiz
OpenOffice.org 3.3
PL-2303 USB-to-Serial
PL-2303 Vista Driver Installer
PL-2303 Vista Driver Installer-ATEN
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)
Segoe UI
Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
Skype Click to Call
Skype™ 5.5
Smart Fortress 2012
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Synaptics Pointing Device Driver
System Requirements Lab for Intel
T5SuiteII
T7Suite
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinSU v2.6
Xilisoft MOV Converter
YouTube Downloader 3.5
.
==== Event Viewer Messages From Past Week ========
.
4/28/2012 7:37:18 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
4/28/2012 6:18:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 6:18:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/28/2012 6:18:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/28/2012 6:18:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/28/2012 6:18:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/28/2012 6:18:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/28/2012 6:18:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/28/2012 6:17:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/28/2012 6:14:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 6:14:31 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/27/2012 8:54:41 AM, Error: EventLog [6008] - The previous system shutdown at 8:50:57 AM on 4/27/2012 was unexpected.
4/25/2012 7:20:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/Obfuscator.PN&threatid=2147646169 Name: VirTool:Win32/Obfuscator.PN ID: 2147646169 Severity: Severe Category: Tool Path: file:_C:\Users\Robert\AppData\Local\Temp\ha32.exe Detection Origin: Local machine Detection Type: Heuristics Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\CCleaner\CCleaner.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.125.372.0, AS: 1.125.372.0, NIS: 11.0.0.0 Engine Version: AM: 1.1.8304.0, NIS: 2.0.8001.0
4/25/2012 1:36:36 PM, Error: EventLog [6008] - The previous system shutdown at 10:28:39 AM on 4/25/2012 was unexpected.
.
==== End Of File ===========================






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 19:25:05
-----------------------------
19:25:05.901 OS Version: Windows 6.0.6002 Service Pack 2
19:25:05.902 Number of processors: 2 586 0xF06
19:25:05.903 ComputerName: ROBERT-PC UserName: Robert
19:25:15.297 Initialize success
19:27:13.489 AVAST engine defs: 12043000
19:27:54.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:27:54.426 Disk 0 Vendor: WDC_WD1600BEVS-22RST0 04.01G04 Size: 152627MB BusType: 3
19:27:54.450 Disk 0 MBR read successfully
19:27:54.455 Disk 0 MBR scan
19:27:54.487 Disk 0 Windows VISTA default MBR code
19:27:54.525 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
19:27:54.557 Disk 0 scanning sectors +312578048
19:27:54.673 Disk 0 scanning C:\Windows\system32\drivers
19:28:23.409 Service scanning
19:28:39.670 Service MpKsl7ae5ce94 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B960716-FA7F-4A48-A293-EEE4C26DCD43}\MpKsl7ae5ce94.sys **LOCKED** 32
19:29:22.078 Modules scanning
19:29:42.492 Disk 0 trace - called modules:
19:29:42.517 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
19:29:42.868 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85477620]
19:29:42.875 3 CLASSPNP.SYS[87fa58b3] -> nt!IofCallDriver -> [0x84dee5d0]
19:29:42.882 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84dee6f8]
19:29:43.816 AVAST engine scan C:\Windows
19:29:59.314 AVAST engine scan C:\Windows\system32
19:36:41.889 AVAST engine scan C:\Windows\system32\drivers
19:37:16.467 AVAST engine scan C:\Users\Robert
20:04:38.399 AVAST engine scan C:\ProgramData
20:06:04.736 Scan finished successfully
20:06:57.794 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Desktop\MBR.dat"
20:06:57.853 The log file has been saved successfully to "C:\Users\Robert\Desktop\aswMBR.txt"

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:39 PM

Posted 30 April 2012 - 02:39 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ivanhoew

ivanhoew
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 30 April 2012 - 03:20 PM

hows this ..



ComboFix 12-04-31.02 - Robert 04/30/2012 20:48:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1200 [GMT 1:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Robert\AppData\Local\hvfmmtar.log
c:\users\Robert\AppData\Local\isufkbah.log
c:\users\Robert\AppData\Local\loswvpjm.log
c:\users\Robert\AppData\Local\suydkmbi.log
c:\users\Robert\AppData\Local\unpawlfl.log
c:\users\Robert\AppData\Local\ycipcufj.log
c:\users\Robert\Documents\flowbench fan startup
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 19:56 . 2012-04-30 19:59 -------- d-----w- c:\users\Robert\AppData\Local\temp
2012-04-30 19:56 . 2012-04-30 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 19:56 . 2012-04-30 19:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-30 11:15 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B960716-FA7F-4A48-A293-EEE4C26DCD43}\mpengine.dll
2012-04-29 19:58 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-28 19:39 . 2012-04-28 20:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-28 19:39 . 2012-04-28 19:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-28 09:08 . 2012-04-28 09:08 388096 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-28 09:08 . 2012-04-28 09:08 -------- d-----w- c:\program files\Trend Micro
2012-04-27 05:06 . 2012-04-27 18:32 -------- d-----w- c:\users\Robert\AppData\Local\wxgufuef
2012-04-26 20:56 . 2012-04-26 20:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-04-26 20:50 . 2012-04-26 21:07 -------- d-----w- c:\programdata\F4D55EFF000485B20023F27A570F1C8B
2012-04-25 06:23 . 2012-04-27 18:32 -------- d-----w- c:\users\Robert\AppData\Local\EasyBits
2012-04-18 08:04 . 2012-04-18 08:04 -------- d-----w- c:\users\Robert\AppData\Local\Apps
2012-04-12 07:39 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:39 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:39 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:39 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:38 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 07:38 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:10 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-06 18:11 . 2012-04-06 18:11 -------- d-----w- c:\windows\en
2012-04-06 18:10 . 2012-03-08 17:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-06 18:00 . 2012-04-06 18:00 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\359717311cd141f03\MeshBetaRemover.exe
2012-04-06 18:00 . 2012-04-06 18:00 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\34be6a711cd141f02\DXSETUP.exe
2012-04-06 18:00 . 2012-04-06 18:00 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\34be6a711cd141f02\dsetup32.dll
2012-04-06 18:00 . 2012-04-06 18:00 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\34be6a711cd141f02\DSETUP.dll
2012-04-06 08:35 . 2012-04-14 07:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 08:35 . 2012-04-14 07:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 13:19 . 2012-04-06 17:40 -------- d-----w- c:\users\Robert\AppData\Local\ej-technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 14:56 . 2011-10-12 16:39 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 19:44 . 2010-10-24 21:25 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2010-03-26 05:30 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 09:18 . 2010-11-18 02:35 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 15:45 . 2012-03-13 19:21 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 19:21 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 19:21 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 19:21 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 19:21 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 15:15 . 2012-02-10 15:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55BC2320-D2C0-424A-A860-E2C5166CF440}\gapaengine.dll
2012-02-02 15:16 . 2012-03-13 19:21 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"RtHDVCpl"="RtHDVCpl.exe" [2011-01-18 4186112]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-29 244512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Robert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Robert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
2006-11-29 02:43 754712 ----a-w- c:\program files\Acer\OrbiCam10\OrbiCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 20:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2012-03-04 16:29 650104 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-14 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2012-03-08 17:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-30 17:12 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 09:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 13:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-01-18 21:07 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 07:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.1.254
DPF: {49CD73D5-CBE2-4FAA-B70F-0252C74809AB} - hxxp://192.168.1.108/classes/PLANETCamV.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-FexHpukv - c:\users\Robert\AppData\Local\wxgufuef\fexhpukv.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Smart Fortress 2012 - c:\programdata\F4D55EFF000485B20023F27A570F1C8B\F4D55EFF000485B20023F27A570F1C8B.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2312)
c:\users\Robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-04-30 21:08:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 20:06
.
Pre-Run: 14,019,760,128 bytes free
Post-Run: 14,105,853,952 bytes free
.
- - End Of File - - CAD331680D0F8A67F14582F2B3021BB7

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:39 PM

Posted 30 April 2012 - 03:59 PM

Hi

Please run the following:

  • Press WinKey + R to open a run box and type in notepad and hit OK.
  • Then copy and paste the content of the following codebox into Notepad:

    @echo off
    if exist %%g echo.%%~g>>"%temp%\log.txt"
    for %%g in (
    "c:\users\Robert\AppData\Local\wxgufuef"
    "c:\programdata\F4D55EFF000485B20023F27A570F1C8B"
    ) do (
    rd /s/q %%g >nul 2>&1
    if exist %%g echo.%%~g>>"%temp%\log.txt"
    )
    if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
    ) else echo.Deleted Successfully !!
    nircmd wait 7000
    del %0 
    
  • Save the file to your DESKTOP as "find.bat". Make sure to save it with the quotes.
  • Once saved, the icon to click should look like this on your desktop:

    Posted Image
  • Double click find.bat. to run it. A small black box should open and close - this is normal.



NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 ivanhoew

ivanhoew
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 01 May 2012 - 06:32 AM

here is my mbam log ..


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Robert :: ROBERT-PC [administrator]

5/1/2012 8:38:39 AM
mbam-log-2012-05-01 (08-38-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211174
Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

and there was nothing found by the eset scan ,so no report to save ,it did 128869 files ,zero infected ,scan time 1 hour 21,min 40 s .

interstingly the about :blank ,appears to have changed inot about:tab,on this occasion of it appearing .it does this in the address bar ,if i go to search in google ,just for a momment ,then it goes to where i want . but thee is a delay on it all .

regards
robert

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:39 PM

Posted 01 May 2012 - 07:29 AM

Hi,

Let's have another look with a different tool

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download scan.txt and save it to your Desktop. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Edited by CatByte, 01 May 2012 - 07:29 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 ivanhoew

ivanhoew
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 01 May 2012 - 09:34 AM

hi catbyte ,


if i click on the scan.txt link , it takes me to a website and a problem with this file page . i joined the site incase it would help but stil got the same page , so i then did a searcg on that site for the file ,all the links failed .

i am just runnning the other program 'otl' to see if anything turns up .hope thats ok ?

thanks
robert

#10 ivanhoew

ivanhoew
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 01 May 2012 - 11:26 AM

otl results..



OTL logfile created on: 5/1/2012 3:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Robert\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.00% Memory free
4.23 Gb Paging File | 3.12 Gb Available in Paging File | 73.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 13.24 Gb Free Space | 8.88% Space Free | Partition Type: NTFS

Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Robert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Robert\AppData\Local\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (bzkkjjfn) -- C:\Windows\system32\drivers\bzkkjjfn.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\Windows\System32\drivers\lv321av.sys (Logitech Inc.)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (Ser2at) -- C:\Windows\System32\drivers\ser2at.sys (Prolific Technology Inc.)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (MD110032) -- C:\Windows\System32\drivers\MD110032.sys ()
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={B22D3DFE-DA52-467A-8D6D-29F25F6F8B62}&mid=4d0df7e0859547d089ffd15f924bd499-94ce9e0f3b471cea564e504e3074d37820c9a131&lang=en&ds=gm011&pr=sa&d=2012-05-01 14:12:12&v=11.0.0.9&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 ED AB B8 10 E7 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B22D3DFE-DA52-467A-8D6D-29F25F6F8B62}&mid=4d0df7e0859547d089ffd15f924bd499-94ce9e0f3b471cea564e504e3074d37820c9a131&lang=en&ds=gm011&pr=sa&d=2012-05-01 14:12:12&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/09 11:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2012/04/30 20:59:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {49CD73D5-CBE2-4FAA-B70F-0252C74809AB} http://192.168.1.108/classes/PLANETCamV.cab (PLANET IPCamera Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76E98B36-2AC2-4ACE-9C1B-A51CB8493071}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 15:21:40 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/05/01 14:10:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/01 08:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/30 21:08:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/30 21:08:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\temp
[2012/04/30 21:05:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/30 20:46:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/30 20:46:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/30 20:46:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/30 20:46:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/30 20:46:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/30 20:41:18 | 004,479,582 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe
[2012/04/30 19:24:03 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Robert\Desktop\aswMBR.exe
[2012/04/30 19:15:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\dds.com
[2012/04/30 08:52:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0AE4FBCF-BE23-4292-B790-FFFEE634D6C3}
[2012/04/30 08:52:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{CBBE5A85-AC39-47F3-8C61-2D2B628468DE}
[2012/04/28 20:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/28 20:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/28 20:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/04/28 10:08:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/28 10:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/28 09:33:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\dynertia
[2012/04/28 09:32:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\RWD-028
[2012/04/26 21:55:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
[2012/04/26 20:39:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{726ABC6E-30C5-4D6E-B1FD-705EEEE34313}
[2012/04/26 20:39:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4B31A4AA-6CE6-48A7-A8E8-76682AB01BFB}
[2012/04/25 13:39:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{AB82603D-806F-45FB-ADFD-E732A324CCBC}
[2012/04/25 13:39:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1E9163BC-D0BF-4118-A753-3299C13B400A}
[2012/04/25 07:41:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Use a PC Power Supply as a Bench Supply with the ATX PS Adapter_files
[2012/04/25 07:37:12 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\ATX to Lab Bench Power Supply Conversion mbeckler_org_files
[2012/04/25 07:23:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\EasyBits
[2012/04/24 20:51:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{63882AEB-15FE-4FAB-AE8F-E895DD54DB00}
[2012/04/24 20:51:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{74326946-78F3-454F-BCA7-57459C9FA97D}
[2012/04/18 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{83A5F271-9B28-4FA9-94D3-7FE805AA24CD}
[2012/04/18 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0537F66A-385A-4B0C-B8C1-A3DF8BA8D091}
[2012/04/18 09:04:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Apps
[2012/04/18 07:44:36 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B7AD0873-4140-427A-9323-691DC795E43C}
[2012/04/18 07:44:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BDA4AD6A-8BEF-42C3-90B4-3C3193CA37DE}
[2012/04/17 19:23:21 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5C64D663-2EF4-4729-87BB-B5939389330E}
[2012/04/17 19:23:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E6125D3D-2583-4CD7-BF0E-9D120D279A72}
[2012/04/17 07:22:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{29C1716B-EC1B-40B2-A1BB-5EABBC8E3B26}
[2012/04/17 07:22:44 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{7EE92F0C-C261-4C4D-B367-8373D7853A3A}
[2012/04/16 17:43:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DC21A1F9-1BD4-484A-8FD8-78D8B98654BA}
[2012/04/16 17:42:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{452444E3-4060-404A-B457-99F2519C40B4}
[2012/04/15 06:07:05 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{AAF67B0D-FB57-492A-B151-ABD219B8FA96}
[2012/04/15 06:06:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{6E1D2379-EA57-4380-8F3F-EB6C4437BD45}
[2012/04/13 21:16:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{9096001D-E4CD-43C0-ACCF-7274A2F953F9}
[2012/04/13 21:15:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{02C2E868-5B4C-4786-809C-8949D68A667E}
[2012/04/12 08:40:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/12 08:40:19 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/12 08:40:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/12 08:40:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/12 08:40:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/12 08:40:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/12 08:38:47 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/12 08:38:47 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/10 07:38:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B35DB25C-179B-4502-AFAB-F549FF696D27}
[2012/04/10 07:38:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{81F5EF21-7FBF-467A-823C-A230B20FFE31}
[2012/04/09 19:37:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{78A83A30-7C5F-4DE9-918A-45755A3E69A8}
[2012/04/09 19:37:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{42D75317-0857-4808-969F-7C7C51C59AE4}
[2012/04/09 07:37:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4CB4AEB7-4334-4A7B-9F9E-F993B1E5A862}
[2012/04/09 07:37:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E015B626-9043-42C9-9EC0-D29961FD8DF0}
[2012/04/08 11:41:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{83777B52-DEE1-4935-863D-06829D64CD74}
[2012/04/08 11:40:47 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0B57B753-64E7-49B1-A419-E810F1C8E0C6}
[2012/04/07 21:19:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2AE7D552-1F1D-4E56-A082-1FD3085C1F37}
[2012/04/07 21:18:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{126F234B-2C6F-489C-9694-9A7064D290C9}
[2012/04/07 09:18:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{27B8EE5C-08E6-4EC7-86B6-BC82D0B01F8B}
[2012/04/07 09:18:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{424FBA5F-419B-4370-B3BF-A02F625CF50D}
[2012/04/06 19:11:16 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/06 18:55:32 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{AAC76054-8003-424C-B215-C1843F9B0FB7}
[2012/04/06 18:55:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{22CA948D-DFED-4982-BE5C-4CD0AE084F14}
[2012/04/06 13:42:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{3581612D-75BF-4661-B540-0E3A08532AFB}
[2012/04/06 13:42:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4EF768D0-4E85-4CC9-A1FC-F517A6F8DA51}
[2012/04/06 09:35:37 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/06 09:35:37 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/05 08:55:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4050042A-137F-405C-8AE4-DEF3FA59C92B}
[2012/04/05 08:55:44 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{730AE1C4-32AF-443F-9A57-C91EC4803A29}
[2012/04/05 08:21:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E7BDBA10-A263-48ED-A3A2-B540E856649F}
[2012/04/05 08:20:42 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{343920C2-1614-40E9-B194-020CF1677786}
[2012/04/03 17:20:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{94BF372B-6CE8-41B4-96A0-C5957E876AC1}
[2012/04/02 08:12:30 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{98A5C466-1936-488F-A56E-20A1C3E46530}
[2012/04/01 19:05:21 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2675DFC1-DFE2-4AD3-BA1D-4CB4278793FA}

========== Files - Modified Within 30 Days ==========

[2012/05/01 15:22:05 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/05/01 15:21:22 | 000,144,654 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/05/01 14:53:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/01 14:12:31 | 000,001,014 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2012/05/01 14:12:31 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012/05/01 14:09:48 | 000,005,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/01 14:09:48 | 000,005,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/01 14:03:04 | 000,144,654 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/05/01 14:03:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 21:15:50 | 2145,509,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 21:05:39 | 000,717,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/30 21:05:39 | 000,148,882 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/30 20:59:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/30 20:43:28 | 004,479,582 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe
[2012/04/30 20:07:42 | 000,000,543 | ---- | M] () -- C:\Users\Robert\Desktop\MBR.zip
[2012/04/30 20:06:57 | 000,000,512 | ---- | M] () -- C:\Users\Robert\Desktop\MBR.dat
[2012/04/30 19:24:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Robert\Desktop\aswMBR.exe
[2012/04/30 19:15:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\dds.com
[2012/04/30 09:54:25 | 000,230,912 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/30 07:58:21 | 000,002,525 | ---- | M] () -- C:\Users\Robert\Desktop\HiJackThis.lnk
[2012/04/28 20:40:12 | 000,001,079 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/28 20:40:12 | 000,001,055 | ---- | M] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk
[2012/04/28 18:38:41 | 000,000,680 | ---- | M] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2012/04/28 10:26:58 | 000,251,944 | ---- | M] () -- C:\Users\Robert\AppData\Local\census.cache
[2012/04/28 10:26:35 | 000,185,705 | ---- | M] () -- C:\Users\Robert\AppData\Local\ars.cache
[2012/04/28 10:10:28 | 000,000,036 | ---- | M] () -- C:\Users\Robert\AppData\Local\housecall.guid.cache
[2012/04/26 23:06:10 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2012/04/26 22:22:29 | 000,003,542 | ---- | M] () -- C:\Users\Robert\Documents\fb1.eml
[2012/04/25 07:41:33 | 000,006,685 | ---- | M] () -- C:\Users\Robert\Documents\Use a PC Power Supply as a Bench Supply with the ATX PS Adapter.htm
[2012/04/25 07:37:12 | 000,016,778 | ---- | M] () -- C:\Users\Robert\Documents\ATX to Lab Bench Power Supply Conversion mbeckler_org.htm
[2012/04/25 06:47:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/22 17:50:40 | 000,016,836 | ---- | M] () -- C:\Users\Robert\Documents\ammeter test.ods
[2012/04/20 20:22:22 | 001,675,162 | ---- | M] () -- C:\Users\Robert\Documents\Emerald%20K3%20Manual%20v057.pdf
[2012/04/18 08:57:24 | 000,000,943 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/14 08:55:37 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/14 08:55:37 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/13 21:12:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/13 08:32:18 | 000,000,525 | ---- | M] () -- C:\Users\Robert\Desktop\2011-01-25 garage - Shortcut.lnk
[2012/04/10 08:39:54 | 002,110,799 | ---- | M] () -- C:\Users\Robert\Documents\bt modem gateway 2wire 2701_installation_guide.pdf
[2012/04/07 16:14:48 | 007,444,956 | ---- | M] () -- C:\Users\Robert\Documents\epia_manual_v1.1.pdf
[2012/04/06 18:41:48 | 000,261,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/06 09:17:41 | 001,421,689 | ---- | M] () -- C:\Users\Robert\Documents\Brize%20Norton.pdf
[2012/04/05 18:36:02 | 000,069,351 | ---- | M] () -- C:\Users\Robert\Documents\santa pod 09 13.93 ..csv
[2012/04/05 09:12:22 | 000,103,703 | ---- | M] () -- C:\Users\Robert\Documents\santa pod 09 13.93 .-santa pod 09 13.93s.csv
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/05/01 14:12:31 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2012/04/30 20:46:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/30 20:46:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/30 20:46:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/30 20:46:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/30 20:46:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/30 20:07:42 | 000,000,543 | ---- | C] () -- C:\Users\Robert\Desktop\MBR.zip
[2012/04/30 20:06:57 | 000,000,512 | ---- | C] () -- C:\Users\Robert\Desktop\MBR.dat
[2012/04/28 20:40:12 | 000,001,079 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/28 20:40:12 | 000,001,055 | ---- | C] () -- C:\Users\Robert\Desktop\Spybot - Search & Destroy.lnk
[2012/04/28 19:36:52 | 2145,509,376 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/28 18:38:41 | 000,000,680 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2012/04/28 10:26:58 | 000,251,944 | ---- | C] () -- C:\Users\Robert\AppData\Local\census.cache
[2012/04/28 10:26:35 | 000,185,705 | ---- | C] () -- C:\Users\Robert\AppData\Local\ars.cache
[2012/04/28 10:10:28 | 000,000,036 | ---- | C] () -- C:\Users\Robert\AppData\Local\housecall.guid.cache
[2012/04/28 10:08:49 | 000,002,525 | ---- | C] () -- C:\Users\Robert\Desktop\HiJackThis.lnk
[2012/04/26 23:06:10 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012/04/26 22:22:28 | 000,003,542 | ---- | C] () -- C:\Users\Robert\Documents\fb1.eml
[2012/04/25 07:41:33 | 000,006,685 | ---- | C] () -- C:\Users\Robert\Documents\Use a PC Power Supply as a Bench Supply with the ATX PS Adapter.htm
[2012/04/25 07:37:10 | 000,016,778 | ---- | C] () -- C:\Users\Robert\Documents\ATX to Lab Bench Power Supply Conversion mbeckler_org.htm
[2012/04/25 06:47:23 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/22 17:50:38 | 000,016,836 | ---- | C] () -- C:\Users\Robert\Documents\ammeter test.ods
[2012/04/20 20:22:22 | 001,675,162 | ---- | C] () -- C:\Users\Robert\Documents\Emerald%20K3%20Manual%20v057.pdf
[2012/04/13 08:32:18 | 000,000,525 | ---- | C] () -- C:\Users\Robert\Desktop\2011-01-25 garage - Shortcut.lnk
[2012/04/10 08:39:54 | 002,110,799 | ---- | C] () -- C:\Users\Robert\Documents\bt modem gateway 2wire 2701_installation_guide.pdf
[2012/04/07 16:14:48 | 007,444,956 | ---- | C] () -- C:\Users\Robert\Documents\epia_manual_v1.1.pdf
[2012/04/06 09:35:38 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/06 09:17:41 | 001,421,689 | ---- | C] () -- C:\Users\Robert\Documents\Brize%20Norton.pdf
[2012/04/05 09:12:22 | 000,103,703 | ---- | C] () -- C:\Users\Robert\Documents\santa pod 09 13.93 .-santa pod 09 13.93s.csv
[2012/02/05 12:39:10 | 000,270,848 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2012/02/04 22:07:33 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/02/04 22:07:33 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/02/04 22:07:22 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/12/18 17:24:13 | 000,007,424 | ---- | C] () -- C:\Windows\System32\drivers\MD110032.sys
[2011/11/30 12:03:58 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2011/08/15 15:39:18 | 000,126,133 | ---- | C] () -- C:\Windows\LogWorks3 Uninstaller.exe
[2011/07/13 20:39:33 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/01/25 19:03:20 | 000,230,912 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/18 21:49:01 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2011/01/18 21:30:47 | 000,027,503 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\UserTile.png
[2011/01/18 21:18:22 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2010/12/20 16:47:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/19 18:35:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/19 15:49:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/19 15:49:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/18 22:13:16 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/11/23 00:57:41 | 000,144,654 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/11/22 09:01:57 | 000,144,654 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 624 bytes -> C:\Users\Robert\Documents\fb1.eml:OECustomProperty

< End of report >









OTL Extras logfile created on: 5/1/2012 3:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Robert\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.00% Memory free
4.23 Gb Paging File | 3.12 Gb Available in Paging File | 73.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 13.24 Gb Free Space | 8.88% Space Free | Partition Type: NTFS

Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D5C85BE-E70B-440C-8E5C-D2F80473D0B5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{19C85120-FD10-401E-9184-A7105016339D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{227989D1-A1F3-4843-88A2-28061415C506}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{352E9751-3094-4CE4-93FE-C3A19169957B}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{42798736-5478-4442-ADB1-71B40CF9E6EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51688517-B718-444F-B187-B81077FEC2C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F5AAD95-74DD-4F4B-8649-3C1F232377CD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{6872DDE6-BE38-4BE8-9BCB-A0D62D734DA9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6D8B9C12-2C6A-4EB6-9D58-3D21D5A8BA79}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7409F167-E766-4C85-8127-AE52C92F3051}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79FAEF16-E42E-4D84-8875-D3289D0829FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DAC5B43-A417-4CB5-A976-19D109EF7243}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81C95B78-F986-46D4-A0AB-A9458A4BA30B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B5F4094-1690-4357-8F76-DA70BEE3B60E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A04ABDFB-1BBD-46BF-A912-079072E80D4C}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C17963C7-A764-488A-AB0D-8BEA344E2E4F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CE63118E-3671-49F5-97CB-E5C9756DD1F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D16A4F3D-E915-46CA-8951-919C94B5FACB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D4489106-C4BF-415C-8E8E-FD2DCA045E77}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4B1085F-5309-4B56-90B5-53D218E356B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE2E39EB-F9D7-46B4-B44A-C667ABEE7F47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F66DCF63-EA34-4D1A-A0C9-0F7A5804E40E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{F6DB8124-C8CE-4958-9828-B70EF77897D1}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{FABAD8E4-8AD6-48EE-B0CA-BABAACAC353C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBEDAFD3-1DB4-4747-B503-631CB0982697}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00418A24-22DC-4DF0-B095-57001FAA3045}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{07829846-9651-43D1-BA61-CF5460A1353A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{120364D4-0AA4-43E1-9F64-2D8B8844CB19}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{17C993A6-8C6E-44CB-9D97-F2645B5330BC}" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{3835D169-B2D3-4246-86D2-D215CB7CA41F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{3A87925F-B34A-4EF4-B443-DEFB3C46F337}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6B9FF5E2-4A9E-4D85-A278-8C99ED394594}" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"{72E62B46-5ED1-4F6A-B757-E91660F8FBC8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{780EA3EF-F6E0-488F-8D89-3E4E331C7F91}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{785EF005-EB8B-4D97-9B88-95792856691D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{7F446CEF-E5D7-4B94-984C-9DE7842F145C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9BE908FF-F882-4896-AD18-03B78A1895B2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A1480371-F416-47EE-AA76-66BD9730D713}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B18C1493-F41A-4A05-9760-4B5BBA9F6D64}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B6C5BFBB-0D4A-4EF9-94E3-98150AA5629F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C0B3B76B-15C6-4845-B417-21243AB6BF9D}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{D23F5FA9-C7F1-4EDD-B825-07E1BCEC6EA2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{EF13CE60-786D-4A66-87D3-FE0C739F4032}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"TCP Query User{137970DE-D7CD-4EC1-82F3-F501CC32777B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2BFDE9DE-2AA3-404B-B482-2A72AB5D4843}C:\mustang\chassis\powerdynepc\powerdynepc.exe" = protocol=6 | dir=in | app=c:\mustang\chassis\powerdynepc\powerdynepc.exe |
"TCP Query User{358C57BD-4040-4355-87DB-CCF0ADE76175}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4A85FBBF-B06A-4C61-B6A1-6943EF67CFED}C:\program files\logworks3\logworks3.exe" = protocol=6 | dir=in | app=c:\program files\logworks3\logworks3.exe |
"TCP Query User{731C704C-72D8-4AA2-B2DD-B85C40625E50}C:\mustang\chassis\powerdynepc\powerdynepc.exe" = protocol=6 | dir=in | app=c:\mustang\chassis\powerdynepc\powerdynepc.exe |
"TCP Query User{AEA6D7B1-8735-4B7E-8737-392C4C3AC8BA}C:\program files\logworks3\logworks3.exe" = protocol=6 | dir=in | app=c:\program files\logworks3\logworks3.exe |
"TCP Query User{FC20296E-DCCB-4EEF-B10C-4C9A3FA22EEF}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{14D0C6F1-2A5A-45A0-82D5-7D9D99624797}C:\program files\logworks3\logworks3.exe" = protocol=17 | dir=in | app=c:\program files\logworks3\logworks3.exe |
"UDP Query User{2D56087C-33CF-4E89-947D-B9EBC3A79CFC}C:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{78FE97B8-A8BA-490F-B84B-D47FCDF85091}C:\program files\logworks3\logworks3.exe" = protocol=17 | dir=in | app=c:\program files\logworks3\logworks3.exe |
"UDP Query User{7A3F71B1-C760-43AC-8623-DCE377A83299}C:\mustang\chassis\powerdynepc\powerdynepc.exe" = protocol=17 | dir=in | app=c:\mustang\chassis\powerdynepc\powerdynepc.exe |
"UDP Query User{D765AC17-CAF9-4DB4-BFE1-674694458E17}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E208E370-2861-47D8-BA28-8A518519C5ED}C:\mustang\chassis\powerdynepc\powerdynepc.exe" = protocol=17 | dir=in | app=c:\mustang\chassis\powerdynepc\powerdynepc.exe |
"UDP Query User{FEB673EE-8DD8-46C5-84C8-F28DE18BB808}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23C08587-19F4-4BBC-9078-26CF8EB02256}" = PL-2303 Vista Driver Installer-ATEN
"{2466ABED-9FFB-472C-8F9C-64227E4D6FF5}" = Gtech PASS RR 2.0
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 30
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5B633E42-FFA0-440C-9EF4-0C57A506141E}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{898D0CD8-FF87-4404-AB19-DDC7878949CD}" = T5SuiteII
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90965304-B83F-4F4E-B104-265076C9BB3B}" = T7Suite
"{916C6331-3C12-4645-84B3-DFFDED7C0C96}" = OBDwiz
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D314BB-D626-4FCA-B8C8-EFCADA16FCC0}" = WinSU v2.6
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1EE797B-0027-4FC9-BB5A-5B4C183325A5}" = WinSU v2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FD8DE42D-99FE-4FA5-BA72-E9B129922B41}" = Fanatic PASS 1.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"076A5638850BB660C9206283848DD0A114C03B7F" = Windows Driver Package - Innovate Motorsports Innovate USB Driver (10/12/2009 1.4.1.0)
"AcerOrbiCamDrv" = Acer Camera Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BitTorrent" = BitTorrent
"Canon iP2600 series User Registration" = Canon iP2600 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DOSPRN_is1" = DOSPRN 1.79
"ES-5953.0" = ES-595
"ESET Online Scanner" = ESET Online Scanner v3
"Fanatic PASS 1.0" = Fanatic PASS 1.0
"Flow Quik" = Flow Quik
"Flow Quik Update" = Flow Quik Update
"GOM Player" = GOM Player
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.2.0
"LogWorks3" = LogWorks3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"ST6UNST #1" = DynoPlot
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xilisoft MOV Converter" = Xilisoft MOV Converter

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2012 8:22:21 AM | Computer Name = Robert-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1768 Start Time: 01cd246f7c6eac10 Termination Time: 29

Error - 4/27/2012 9:32:43 AM | Computer Name = Robert-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: dcc Start Time: 01cd2479f569b240 Termination Time: 36

Error - 4/27/2012 9:37:44 AM | Computer Name = Robert-PC | Source = MsiInstaller | ID = 11905
Description =

Error - 4/28/2012 5:05:53 AM | Computer Name = Robert-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: dec Start Time: 01cd2519ddf4258b Termination Time: 30

Error - 4/28/2012 12:42:47 PM | Computer Name = Robert-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1170 Start Time: 01cd255d2cb8b0a0 Termination Time: 160

Error - 4/28/2012 1:13:46 PM | Computer Name = Robert-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/28/2012 1:18:00 PM | Computer Name = Robert-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/29/2012 7:18:54 AM | Computer Name = Robert-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1620 Start Time: 01cd25f8fda94b20 Termination Time: 53

Error - 4/30/2012 10:18:24 AM | Computer Name = Robert-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 15.4.3555.308, time stamp
0x4f596cbb, faulting module MSHTML.dll, version 9.0.8112.16443, time stamp 0x4f4c3300,
exception code 0xc00000fd, fault offset 0x002494c4, process id 0x128, application
start time 0x01cd26a625f6a480.

Error - 5/1/2012 7:40:51 AM | Computer Name = Robert-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: cf8 Start Time: 01cd276cbf146af0 Termination Time: 0

[ System Events ]
Error - 4/28/2012 1:18:34 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/28/2012 2:37:18 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/30/2012 3:47:35 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/30/2012 3:48:15 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 4/30/2012 3:52:22 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 4/30/2012 3:57:43 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 4/30/2012 3:59:22 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/30/2012 4:05:05 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 4/30/2012 4:16:05 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/1/2012 3:09:47 AM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:39 PM

Posted 01 May 2012 - 05:11 PM

Hi,

Please do the following:


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    DRV - (bzkkjjfn) -- C:\Windows\system32\drivers\bzkkjjfn.sys File not found
    DRV - (MD110032) -- C:\Windows\System32\drivers\MD110032.sys ()
    [2012/04/30 08:52:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0AE4FBCF-BE23-4292-B790-FFFEE634D6C3}
    [2012/04/30 08:52:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{CBBE5A85-AC39-47F3-8C61-2D2B628468DE}
    [2012/04/26 20:39:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4B31A4AA-6CE6-48A7-A8E8-76682AB01BFB}
    [2012/04/25 13:39:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{AB82603D-806F-45FB-ADFD-E732A324CCBC}
    [2012/04/25 13:39:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1E9163BC-D0BF-4118-A753-3299C13B400A}
    [2012/04/24 20:51:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{63882AEB-15FE-4FAB-AE8F-E895DD54DB00}
    [2012/04/24 20:51:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{74326946-78F3-454F-BCA7-57459C9FA97D}
    [2012/04/18 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{83A5F271-9B28-4FA9-94D3-7FE805AA24CD}
    [2012/04/18 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0537F66A-385A-4B0C-B8C1-A3DF8BA8D091}
    [2012/04/18 07:44:36 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B7AD0873-4140-427A-9323-691DC795E43C}
    [2012/04/18 07:44:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BDA4AD6A-8BEF-42C3-90B4-3C3193CA37DE}
    [2012/04/17 19:23:21 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5C64D663-2EF4-4729-87BB-B5939389330E}
    [2012/04/17 19:23:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E6125D3D-2583-4CD7-BF0E-9D120D279A72}
    [2012/04/17 07:22:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{29C1716B-EC1B-40B2-A1BB-5EABBC8E3B26}
    [2012/04/17 07:22:44 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{7EE92F0C-C261-4C4D-B367-8373D7853A3A}
    [2012/04/16 17:43:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DC21A1F9-1BD4-484A-8FD8-78D8B98654BA}
    [2012/04/16 17:42:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{452444E3-4060-404A-B457-99F2519C40B4}
    [2012/04/15 06:07:05 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{AAF67B0D-FB57-492A-B151-ABD219B8FA96}
    [2012/04/15 06:06:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{6E1D2379-EA57-4380-8F3F-EB6C4437BD45}
    [2012/04/13 21:16:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{9096001D-E4CD-43C0-ACCF-7274A2F953F9}
    [2012/04/13 21:15:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{02C2E868-5B4C-4786-809C-8949D68A667E}
    [2012/04/10 07:38:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B35DB25C-179B-4502-AFAB-F549FF696D27}
    [2012/04/10 07:38:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{81F5EF21-7FBF-467A-823C-A230B20FFE31}
    [2012/04/09 19:37:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{78A83A30-7C5F-4DE9-918A-45755A3E69A8}
    [2012/04/09 19:37:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{42D75317-0857-4808-969F-7C7C51C59AE4}
    [2012/04/09 07:37:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4CB4AEB7-4334-4A7B-9F9E-F993B1E5A862}
    [2012/04/09 07:37:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E015B626-9043-42C9-9EC0-D29961FD8DF0}
    [2012/04/08 11:41:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{83777B52-DEE1-4935-863D-06829D64CD74}
    [2012/04/08 11:40:47 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0B57B753-64E7-49B1-A419-E810F1C8E0C6}
    [2012/04/07 21:19:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2AE7D552-1F1D-4E56-A082-1FD3085C1F37}
    [2012/04/07 21:18:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{126F234B-2C6F-489C-9694-9A7064D290C9}
    [2012/04/07 09:18:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{27B8EE5C-08E6-4EC7-86B6-BC82D0B01F8B}
    [2012/04/07 09:18:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{424FBA5F-419B-4370-B3BF-A02F625CF50D}
    [2012/04/06 18:55:32 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{AAC76054-8003-424C-B215-C1843F9B0FB7}
    [2012/04/06 18:55:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{22CA948D-DFED-4982-BE5C-4CD0AE084F14}
    [2012/04/06 13:42:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{3581612D-75BF-4661-B540-0E3A08532AFB}
    [2012/04/06 13:42:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4EF768D0-4E85-4CC9-A1FC-F517A6F8DA51}
    [2012/04/05 08:55:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4050042A-137F-405C-8AE4-DEF3FA59C92B}
    [2012/04/05 08:55:44 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{730AE1C4-32AF-443F-9A57-C91EC4803A29}
    [2012/04/05 08:21:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E7BDBA10-A263-48ED-A3A2-B540E856649F}
    [2012/04/05 08:20:42 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{343920C2-1614-40E9-B194-020CF1677786}
    [2012/04/03 17:20:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{94BF372B-6CE8-41B4-96A0-C5957E876AC1}
    [2012/04/02 08:12:30 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{98A5C466-1936-488F-A56E-20A1C3E46530}
    [2012/04/01 19:05:21 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2675DFC1-DFE2-4AD3-BA1D-4CB4278793FA}
    [2011/12/18 17:24:13 | 000,007,424 | ---- | C] () -- C:\Windows\System32\drivers\MD110032.sys
    [2011/11/30 12:03:58 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


Please advise how your computer is running now

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 ivanhoew

ivanhoew
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 02 May 2012 - 09:48 AM

hello catbyte ,


computer seems faster ,and so far no blank ness !

did you find any virus's through this process ?

here is the log ,it did require a reboot .

thanks
robert







All processes killed
========== OTL ==========
Service bzkkjjfn stopped successfully!
Service bzkkjjfn deleted successfully!
File C:\Windows\system32\drivers\bzkkjjfn.sys File not found not found.
Service MD110032 stopped successfully!
Service MD110032 deleted successfully!
C:\Windows\System32\drivers\MD110032.sys moved successfully.
C:\Users\Robert\AppData\Local\{0AE4FBCF-BE23-4292-B790-FFFEE634D6C3} folder moved successfully.
C:\Users\Robert\AppData\Local\{CBBE5A85-AC39-47F3-8C61-2D2B628468DE} folder moved successfully.
C:\Users\Robert\AppData\Local\{4B31A4AA-6CE6-48A7-A8E8-76682AB01BFB} folder moved successfully.
C:\Users\Robert\AppData\Local\{AB82603D-806F-45FB-ADFD-E732A324CCBC} folder moved successfully.
C:\Users\Robert\AppData\Local\{1E9163BC-D0BF-4118-A753-3299C13B400A} folder moved successfully.
C:\Users\Robert\AppData\Local\{63882AEB-15FE-4FAB-AE8F-E895DD54DB00} folder moved successfully.
C:\Users\Robert\AppData\Local\{74326946-78F3-454F-BCA7-57459C9FA97D} folder moved successfully.
C:\Users\Robert\AppData\Local\{83A5F271-9B28-4FA9-94D3-7FE805AA24CD} folder moved successfully.
C:\Users\Robert\AppData\Local\{0537F66A-385A-4B0C-B8C1-A3DF8BA8D091} folder moved successfully.
C:\Users\Robert\AppData\Local\{B7AD0873-4140-427A-9323-691DC795E43C} folder moved successfully.
C:\Users\Robert\AppData\Local\{BDA4AD6A-8BEF-42C3-90B4-3C3193CA37DE} folder moved successfully.
C:\Users\Robert\AppData\Local\{5C64D663-2EF4-4729-87BB-B5939389330E} folder moved successfully.
C:\Users\Robert\AppData\Local\{E6125D3D-2583-4CD7-BF0E-9D120D279A72} folder moved successfully.
C:\Users\Robert\AppData\Local\{29C1716B-EC1B-40B2-A1BB-5EABBC8E3B26} folder moved successfully.
C:\Users\Robert\AppData\Local\{7EE92F0C-C261-4C4D-B367-8373D7853A3A} folder moved successfully.
C:\Users\Robert\AppData\Local\{DC21A1F9-1BD4-484A-8FD8-78D8B98654BA} folder moved successfully.
C:\Users\Robert\AppData\Local\{452444E3-4060-404A-B457-99F2519C40B4} folder moved successfully.
C:\Users\Robert\AppData\Local\{AAF67B0D-FB57-492A-B151-ABD219B8FA96} folder moved successfully.
C:\Users\Robert\AppData\Local\{6E1D2379-EA57-4380-8F3F-EB6C4437BD45} folder moved successfully.
C:\Users\Robert\AppData\Local\{9096001D-E4CD-43C0-ACCF-7274A2F953F9} folder moved successfully.
C:\Users\Robert\AppData\Local\{02C2E868-5B4C-4786-809C-8949D68A667E} folder moved successfully.
C:\Users\Robert\AppData\Local\{B35DB25C-179B-4502-AFAB-F549FF696D27} folder moved successfully.
C:\Users\Robert\AppData\Local\{81F5EF21-7FBF-467A-823C-A230B20FFE31} folder moved successfully.
C:\Users\Robert\AppData\Local\{78A83A30-7C5F-4DE9-918A-45755A3E69A8} folder moved successfully.
C:\Users\Robert\AppData\Local\{42D75317-0857-4808-969F-7C7C51C59AE4} folder moved successfully.
C:\Users\Robert\AppData\Local\{4CB4AEB7-4334-4A7B-9F9E-F993B1E5A862} folder moved successfully.
C:\Users\Robert\AppData\Local\{E015B626-9043-42C9-9EC0-D29961FD8DF0} folder moved successfully.
C:\Users\Robert\AppData\Local\{83777B52-DEE1-4935-863D-06829D64CD74} folder moved successfully.
C:\Users\Robert\AppData\Local\{0B57B753-64E7-49B1-A419-E810F1C8E0C6} folder moved successfully.
C:\Users\Robert\AppData\Local\{2AE7D552-1F1D-4E56-A082-1FD3085C1F37} folder moved successfully.
C:\Users\Robert\AppData\Local\{126F234B-2C6F-489C-9694-9A7064D290C9} folder moved successfully.
C:\Users\Robert\AppData\Local\{27B8EE5C-08E6-4EC7-86B6-BC82D0B01F8B} folder moved successfully.
C:\Users\Robert\AppData\Local\{424FBA5F-419B-4370-B3BF-A02F625CF50D} folder moved successfully.
C:\Users\Robert\AppData\Local\{AAC76054-8003-424C-B215-C1843F9B0FB7} folder moved successfully.
C:\Users\Robert\AppData\Local\{22CA948D-DFED-4982-BE5C-4CD0AE084F14} folder moved successfully.
C:\Users\Robert\AppData\Local\{3581612D-75BF-4661-B540-0E3A08532AFB} folder moved successfully.
C:\Users\Robert\AppData\Local\{4EF768D0-4E85-4CC9-A1FC-F517A6F8DA51} folder moved successfully.
C:\Users\Robert\AppData\Local\{4050042A-137F-405C-8AE4-DEF3FA59C92B} folder moved successfully.
C:\Users\Robert\AppData\Local\{730AE1C4-32AF-443F-9A57-C91EC4803A29} folder moved successfully.
C:\Users\Robert\AppData\Local\{E7BDBA10-A263-48ED-A3A2-B540E856649F} folder moved successfully.
C:\Users\Robert\AppData\Local\{343920C2-1614-40E9-B194-020CF1677786} folder moved successfully.
C:\Users\Robert\AppData\Local\{94BF372B-6CE8-41B4-96A0-C5957E876AC1} folder moved successfully.
C:\Users\Robert\AppData\Local\{98A5C466-1936-488F-A56E-20A1C3E46530} folder moved successfully.
C:\Users\Robert\AppData\Local\{2675DFC1-DFE2-4AD3-BA1D-4CB4278793FA} folder moved successfully.
File C:\Windows\System32\drivers\MD110032.sys not found.
C:\Windows\System32\ZSHP1020.EXE moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Robert\Desktop\cmd.bat deleted successfully.
C:\Users\Robert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294887 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Robert
->Temp folder emptied: 24036929 bytes
->Temporary Internet Files folder emptied: 280424425 bytes
->Java cache emptied: 1808057 bytes
->FireFox cache emptied: 16814017 bytes
->Flash cache emptied: 4448 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26506 bytes
RecycleBin emptied: 367683432 bytes

Total Files Cleaned = 659.00 mb


OTL by OldTimer - Version 3.2.42.2 log created on 05022012_142035

Files\Folders moved on Reboot...
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UTQFPN4Q\viewtopic[1].htm moved successfully.
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:39 PM

Posted 02 May 2012 - 05:33 PM

Hi,

Yes, you were infected with a few trojans,

please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date.
Java™ 6 Update 30 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


NEXT


Please advise if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 ivanhoew

ivanhoew
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 03 May 2012 - 12:56 AM

ok i have done that .
the laptop seems to be fine now , i have not seen the blank thing .!! hurrah .!!!

should i keep spybot ? is there anything other than my ms security essentials i should use instead ? and i thought i would put all the software i have downloaded through this brilliant problem solving session ,and run them now and again ,good idea , or a path to personal disaster ??:-)

thank you catbyte ,a really clear and helpfull set of directions ,for someone not really skilled with computers ,like me , it was a revelation .

regards
robert

#15 ivanhoew

ivanhoew
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 03 May 2012 - 02:55 AM

oh no !! i spoke too soon ..

its still here ..

Posted Image

this came up when back clicking to google after going to a searched item on dos and windows 98 problems . .




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users