Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unable to log on internet


  • This topic is locked This topic is locked
70 replies to this topic

#1 one2855

one2855

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 22 June 2012 - 07:12 PM

i can only get online in safemode ive tried spybot malware ran virus scans nothing seems to work still cant get on line need help thanks

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 27 June 2012 - 07:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/458030 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 one2855

one2855
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 29 June 2012 - 04:09 AM

still unable to connect to internet except in safe mode
heres the ddr log and the gamer log with the other files attached as a zip file
thank you for the help

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Rumblefish at 3:17:23 on 2012-06-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.736 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\AOL\1340861117\ee\aolsoftware.exe
C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [HostManager] c:\program files\common files\aol\1340861117\ee\AOLSoftware.exe
StartupFolder: c:\users\rumble~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\3b software\registry repair pro\RegistryRepairPro.exe
StartupFolder: c:\users\rumble~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\schedu~1.lnk - c:\program files\3b software\common\scheduler\wcomschd.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks\norton cleanup\WCQuick.lnk
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxps://www.ove.com/plugin_assets/aurigma/ImageUploader5.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://las.mlxchange.com/5.5.08.25119/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{DDDA441A-A34C-448E-ADBA-713B21C1D92B} : DhcpNameServer = 66.233.169.12 64.13.115.12
TCP: Interfaces\{E5E6D866-0EC5-4448-99A4-60949AD13835} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{EC302945-AED3-4D1F-96C8-3D97C28F4FC1} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\program files\common files\g7ps\shared files\g7psdll\G7PS.dll
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\common files\binarysense\hlAPP.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\system32\drivers\Achernar.sys [2009-1-17 18432]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070108.003\IDSvix86.sys [2007-5-14 212280]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-31 21504]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\common files\binarysense\hldasvc.exe [2010-6-8 832832]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-3-3 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-7 654408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-22 1153368]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-7 22344]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-8-3 38448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-25 253088]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2011-4-1 340480]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2011-4-1 48768]
S3 CACLEARWIRE;Clearwire Con App Svc;"c:\program files\clearwire\connection manager\conappssvc.exe" /n "caclearwire" --> c:\program files\clearwire\connection manager\ConAppsSvc.exe [?]
S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;"c:\program files\clearwire\connection manager\rcappsvc.exe" /n "clearwirercappsvc" --> c:\program files\clearwire\connection manager\RcAppSvc.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 ISD200;USB Storage Adapter V2;c:\windows\system32\drivers\ISD200.SYS [2008-10-30 26930]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2007-3-12 256000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-5-31 16896]
.
=============== Created Last 30 ================
.
2012-06-28 05:59:11 -------- d-----w- c:\users\rumblefish\appdata\roaming\AOL
2012-06-28 05:26:53 -------- d-----w- c:\programdata\Viewpoint
2012-06-28 05:26:52 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2012-06-28 05:26:52 -------- d-----w- c:\program files\Viewpoint
2012-06-28 05:26:49 -------- d-----w- c:\programdata\AOL Toolbar
2012-06-28 05:26:49 -------- d-----w- c:\program files\AOL Toolbar
2012-06-28 05:26:48 -------- d-----w- c:\program files\common files\Software Update Utility
2012-06-28 05:25:40 -------- d-----w- c:\windows\LastGood.Tmp
2012-06-28 05:25:37 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2012-06-28 05:25:27 -------- d-----w- c:\users\rumblefish\appdata\local\AOL
2012-06-28 05:25:14 -------- d-----w- c:\program files\common files\AOL
2012-06-28 05:25:14 -------- d-----w- c:\program files\AOL Desktop 9.7
2012-06-28 05:25:13 -------- d-----w- c:\program files\common files\aolshare
2012-06-26 08:28:14 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b370904e-d046-4ca7-90b3-544a777398ea}\mpengine.dll
2012-06-22 17:55:04 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 17:54:36 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 17:54:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 17:54:24 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-20 23:04:25 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-20 23:04:02 -------- d-----w- c:\users\rumblefish\appdata\local\temp
2012-06-20 22:29:05 256000 ----a-w- c:\windows\PEV.exe
2012-06-20 22:28:18 -------- d-----w- C:\ComboFix
2012-06-18 10:08:18 -------- d-----w- c:\program files\IEPro
2012-06-14 11:29:06 -------- d-----w- C:\found.001
2012-06-13 23:03:28 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 23:03:27 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 23:03:26 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 23:03:09 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:02:26 2045440 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-05-22 05:14:07 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 05:14:07 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-05-22 05:14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-05-22 05:14:06 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-26 04:49:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-26 04:49:57 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-20 22:50:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-20 22:50:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-04-16 08:29:58 871936 ----a-w- c:\windows\system32\GeacView.dll
2012-04-16 08:27:40 254464 ----a-w- c:\windows\system32\missouri.dll
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 3:19:06.19 ===============


gammer log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-29 01:58:55
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\RUMBLE~1\AppData\Local\Temp\fwlirkoc.sys


---- System - GMER 1.0.15 ----

SSDT 881C8858 ZwConnectPort

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1C1 82AC5884 4 Bytes [58, 88, 1C, 88] {POP EAX; MOV [EAX+ECX*4], BL}

---- Devices - GMER 1.0.15 ----

Device \Driver\PnpManager \Device\00000040 Achernar.sys (Achernar.sys/NewSoft Technology Corporation)

---- EOF - GMER 1.0.15 ----

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 29 June 2012 - 02:12 PM

Hello, one2855.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!




Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case Registry Repair Pro). Here at BC, we do not recommend using registry cleaners. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578













Step 1

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Avira
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Note: Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 one2855

one2855
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 02 July 2012 - 06:03 AM

ive been trying to remove that regestry repair now for a while now but i cant get rid of it,

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rumblefish :: RUMBLEFISH-PC [administrator]

Protection: Enabled

6/30/2012 6:34:50 AM
mbam-log-2012-06-30 (06-34-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245541
Time elapsed: 12 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Farbar Service Scanner Version: 25-06-2012 01
Ran by Rumblefish (administrator) on 30-06-2012 at 06:49:36
Running from "H:\"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-07-02 07:54] - [2011-04-21 06:58] - 0273408 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-11 21:24] - [2012-03-30 05:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-13 16:03] - [2012-04-23 09:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

still not able to access interenet
think you

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 02 July 2012 - 07:39 PM

Hello, one2855.


Step 1

OK, you can ping the websites, so you are connected...let's try resetting Internet Explorer then. Sometimes it gets corrupted.

Follow the instructions here. First, try without deleting personal settings. If that doesn't work, then check it and reset again.
http://windows.microsoft.com/en-us/windows7/Reset-Internet-Explorer-settings-in-Internet-Explorer-9




Step 2

We need to create an OTL report,
  • Please download OTL from this link.
  • (If that link doesn't work, try this alternate link
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT


  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 one2855

one2855
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 02 July 2012 - 09:55 PM

heres the list any idea on why its says that i'm conected to the internet but unable to load a page from the internet ? i not sure what the other list would be ?

thank you
OTL logfile created on: 7/2/2012 7:29:55 PM - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = H:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.39% Memory free
4.21 Gb Paging File | 2.85 Gb Available in Paging File | 67.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.60 Gb Total Space | 51.37 Gb Free Space | 22.87% Space Free | Partition Type: NTFS
Drive D: | 7.17 Gb Total Space | 0.71 Gb Free Space | 9.89% Space Free | Partition Type: NTFS
Drive E: | 14.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.11 Gb Total Space | 1.07 Gb Free Space | 96.92% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 273.43 Gb Free Space | 58.71% Space Free | Partition Type: NTFS

Computer Name: RUMBLEFISH-PC | User Name: Rumblefish | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/02 18:49:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2012/06/28 05:51:53 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/28 05:51:51 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/05/21 22:14:29 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/05/21 22:14:06 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/08 22:59:04 | 017,659,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\NDP40-KB2600217-x86.exe
PRC - [2011/11/21 21:19:58 | 000,079,112 | ---- | M] (Microsoft Corporation) -- h:\5e9abc7f0ff2805b381e402a5afd3c\Setup.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 16:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/06/08 15:44:00 | 000,832,832 | ---- | M] (BinarySense, Inc.) -- C:\Program Files\Common Files\BinarySense\hldasvc.exe
PRC - [2010/04/29 02:10:54 | 000,464,312 | ---- | M] (3B Software, Inc.) -- C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe
PRC - [2010/03/08 00:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\AOL\1340861117\ee\aolsoftware.exe
PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/01 08:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll -- (LiveUpdate Notice Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Clearwire\Connection Manager\RcAppSvc.exe /n CLEARWIRERcAppSvc -- (CLEARWIRERcAppSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Clearwire\Connection Manager\ConAppsSvc.exe /n CACLEARWIRE -- (CACLEARWIRE)
SRV - [2012/06/28 05:51:53 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/05/21 22:14:29 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/05/21 22:14:06 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/04/25 21:49:57 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/15 10:52:14 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/08 15:44:00 | 000,832,832 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service)
SRV - [2010/03/23 15:28:20 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/03 11:51:46 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/08/01 08:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 08:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\RUMBLE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/06/28 05:52:42 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/06/28 05:52:42 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/06/28 05:52:37 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/06/28 05:52:37 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/06/28 05:52:37 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/06/28 05:52:36 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/05/21 22:14:07 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/01 05:52:22 | 000,340,480 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2011/04/01 05:52:20 | 000,048,768 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/08/03 19:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2009/08/03 19:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009/08/03 19:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2009/08/03 19:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symids.sys -- (SYMIDS)
DRV - [2009/08/03 19:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/08/03 19:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2009/04/12 14:07:10 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/25 00:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/18 23:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/08/08 20:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/03/12 10:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2007/03/01 05:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/05 12:15:26 | 000,018,432 | ---- | M] (NewSoft Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Achernar.sys -- (Achernar)
DRV - [2006/12/28 05:48:26 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86)
DRV - [2006/11/30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/29 15:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 00:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/09 13:47:58 | 000,981,504 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2000/08/29 18:05:00 | 000,026,930 | ---- | M] (In-System Design, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ISD200.SYS -- (ISD200)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{266B0F19-BF0E-4E12-8518-86D59D5A63A5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9EECE930-EA06-477C-A728-406A4A40B9C1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{B0F2BB51-91F8-46C6-AB21-953BC6C7B8D7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BT2&o=14983&src=crm&q={searchTerms}&locale=en_US
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\..\SearchScopes\{266B0F19-BF0E-4E12-8518-86D59D5A63A5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=76C4499001CAFD8A0DB95E9B&install_time=2010-05-27T10:50:51Z&src_id=11511&camp_id=-3&tb_version=2.5.9001.490
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\..\SearchScopes\{63668477-D84B-4A52-BE98-FBB7C8C6C50E}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBR_enUS483
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\..\SearchScopes\{98E4AB24-137B-49A2-AD84-B4591C5FFEE5}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\..\SearchScopes\{9EECE930-EA06-477C-A728-406A4A40B9C1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\..\SearchScopes\{B0F2BB51-91F8-46C6-AB21-953BC6C7B8D7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Rumblefish\AppData\Roaming\nprhapengine.dll File not found


[2009/11/25 14:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rumblefish\AppData\Roaming\Mozilla\Extensions
[2009/11/25 14:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rumblefish\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/18 02:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rumblefish\AppData\Roaming\Mozilla\Firefox\extensions
[2012/01/18 02:28:12 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Rumblefish\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: avast! WebRep = C:\Users\Rumblefish\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1451_0\
CHR - Extension: BitTorrentBar = C:\Users\Rumblefish\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.2.4_0\
CHR - Extension: BitTorrentBar = C:\Users\Rumblefish\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.7.1_0\

O1 HOSTS File: ([2012/06/20 15:57:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-3969756316-1153428865-1733902480-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} https://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab (Simulcast Plugin (ActiveX) v1)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab (YInstStarter Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} https://www.ove.com/plugin_assets/aurigma/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://las.mlxchange.com/5.5.08.25119/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDDA441A-A34C-448E-ADBA-713B21C1D92B}: DhcpNameServer = 66.233.169.12 64.13.115.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5E6D866-0EC5-4448-99A4-60949AD13835}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC302945-AED3-4D1F-96C8-3D97C28F4FC1}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\HPWave.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\HPWave.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/14 05:10:42 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/10/16 12:29:58 | 000,000,089 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe - (WDC)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe - (Western Digital)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK32.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk - C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe - (BinarySense, Inc.)
MsConfig - StartUpFolder: C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)
MsConfig - StartUpFolder: C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registry Repair Pro.lnk - C:\Program Files\3B Software\Registry Repair Pro\RegistryRepairPro.exe - (3B Software, Inc.)
MsConfig - StartUpFolder: C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler.lnk - C:\Program Files\3B Software\Common\Scheduler\wcomschd.exe - (3B Software, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ALUAlert - hkey= - key= - C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
MsConfig - StartUpReg: Anonymizer - hkey= - key= - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: Clearwire Connection Manager - hkey= - key= - File not found
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: EPSON NX410 Series - hkey= - key= - File not found
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1340861117\ee\aolsoftware.exe (AOL Inc.)
MsConfig - StartUpReg: hpWirelessAssistant - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg: LTCM Client - hkey= - key= - C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: MMTray - hkey= - key= - C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe (MusicMatch)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NortonUpdateAgent - hkey= - key= - C:\ProgramData\Norton\NUA.exe (Symantec Corporation)
MsConfig - StartUpReg: NswUiTray - hkey= - key= - C:\Program Files\Norton SystemWorks\NswUiTray.exe (Symantec Corporation)
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/29 19:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/29 19:19:29 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/06/29 19:19:28 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/06/29 19:19:22 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/06/29 19:19:21 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/06/29 19:19:18 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/06/29 19:19:16 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/06/29 19:18:30 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/29 19:18:28 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/06/29 19:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/29 19:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/28 05:37:57 | 000,100,864 | ---- | C] (GMER) -- C:\fwlirkoc.sys
[2012/06/28 05:27:49 | 000,000,000 | ---D | C] -- C:\c2882c812f6613ac80f14c
[2012/06/27 22:59:11 | 000,000,000 | ---D | C] -- C:\Users\Rumblefish\AppData\Roaming\AOL
[2012/06/27 22:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2012/06/27 22:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
[2012/06/27 22:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2012/06/27 22:26:52 | 000,058,696 | ---- | C] (AOL Inc.) -- C:\Windows\System32\AOLParconLink.exe
[2012/06/27 22:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2012/06/27 22:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Toolbar
[2012/06/27 22:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2012/06/27 22:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2012/06/27 22:26:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads
[2012/06/27 22:25:37 | 000,033,588 | ---- | C] (America Online, Inc.) -- C:\Windows\System32\drivers\wanatw4.sys
[2012/06/27 22:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2012/06/27 22:25:27 | 000,000,000 | ---D | C] -- C:\Users\Rumblefish\AppData\Local\AOL
[2012/06/27 22:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
[2012/06/27 22:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.7
[2012/06/27 22:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2012/06/27 22:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2012/06/27 22:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2012/06/27 22:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
[2012/06/22 10:55:05 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 10:55:04 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 10:54:36 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 10:54:36 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 10:54:36 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 10:54:24 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 10:54:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/20 16:15:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/20 16:04:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/20 16:04:02 | 000,000,000 | ---D | C] -- C:\Users\Rumblefish\AppData\Local\temp
[2012/06/20 15:28:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/18 03:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\IEPro
[2012/06/14 04:29:06 | 000,000,000 | ---D | C] -- C:\found.001
[2012/06/14 03:09:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/14 03:09:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/14 03:09:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/14 03:09:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/14 03:09:02 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/14 03:09:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/14 03:09:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/13 16:02:26 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/09 05:56:58 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Users\Rumblefish\Desktop\cnet_jv16pt_setup_hb_exe.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rumblefish\*.tmp files -> C:\Users\Rumblefish\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/02 19:14:21 | 000,594,076 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/02 19:14:21 | 000,099,998 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/02 19:11:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc994744315fe0.job
[2012/07/02 19:10:04 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/07/02 19:08:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 19:08:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 19:08:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/02 19:06:50 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/02 15:29:23 | 000,136,877 | ---- | M] () -- C:\Users\Rumblefish\Desktop\mayham3.jpg
[2012/07/02 15:21:49 | 000,136,877 | ---- | M] () -- C:\Users\Rumblefish\Desktop\mayham.jpg
[2012/06/30 06:21:36 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/29 19:19:30 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/29 19:19:16 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/06/28 07:18:50 | 239,806,877 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/28 05:52:42 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/06/28 05:52:42 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/06/28 05:52:37 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/06/28 05:52:37 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/06/28 05:52:37 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/06/28 05:52:36 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/06/28 05:52:20 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/28 05:51:49 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/06/28 05:37:57 | 000,100,864 | ---- | M] (GMER) -- C:\fwlirkoc.sys
[2012/06/28 02:37:06 | 000,002,554 | -H-- | M] () -- C:\IPH.PH
[2012/06/27 22:27:04 | 000,000,818 | ---- | M] () -- C:\Users\Rumblefish\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
[2012/06/27 22:27:03 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
[2012/06/27 22:24:32 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Windows\System32\AOLParconLink.exe
[2012/06/27 22:22:26 | 000,000,335 | ---- | M] () -- C:\Windows\nsreg.dat
[2012/06/22 17:10:04 | 000,342,835 | ---- | M] () -- C:\Users\Rumblefish\Desktop\cars7.jpg
[2012/06/22 17:08:26 | 000,514,098 | ---- | M] () -- C:\Users\Rumblefish\Desktop\car6.jpg
[2012/06/22 17:07:29 | 000,499,599 | ---- | M] () -- C:\Users\Rumblefish\Desktop\car5.jpg
[2012/06/22 17:06:40 | 000,473,382 | ---- | M] () -- C:\Users\Rumblefish\Desktop\car4.jpg
[2012/06/22 17:05:36 | 000,428,512 | ---- | M] () -- C:\Users\Rumblefish\Desktop\car3.jpg
[2012/06/22 17:03:48 | 000,312,501 | ---- | M] () -- C:\Users\Rumblefish\Desktop\car2.jpg
[2012/06/22 17:02:49 | 000,451,663 | ---- | M] () -- C:\Users\Rumblefish\Desktop\car1.jpg
[2012/06/20 15:57:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/15 17:00:22 | 000,049,704 | ---- | M] () -- C:\Users\Rumblefish\Documents\cc_20120615_170009.reg
[2012/06/14 05:15:49 | 000,425,593 | ---- | M] () -- C:\Users\Rumblefish\Desktop\fed ex.jpg
[2012/06/14 05:12:07 | 000,000,680 | ---- | M] () -- C:\Users\Rumblefish\AppData\Local\d3d9caps.dat
[2012/06/14 04:44:53 | 001,700,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 05:55:20 | 000,551,416 | ---- | M] () -- C:\Users\Rumblefish\Desktop\ffdp3
[2012/06/10 23:13:55 | 003,407,872 | ---- | M] () -- C:\Users\Rumblefish\Documents\My Money.mny
[2012/06/09 23:43:51 | 003,702,784 | ---- | M] () -- C:\Users\Rumblefish\Documents\money june.mny
[2012/06/09 16:45:27 | 003,433,664 | R--- | M] () -- C:\Users\Rumblefish\Documents\My Money Backup 1.mbf
[2012/06/09 05:57:04 | 000,463,080 | ---- | M] (CNET Download.com) -- C:\Users\Rumblefish\Desktop\cnet_jv16pt_setup_hb_exe.exe
[2012/06/04 11:52:37 | 000,596,587 | ---- | M] () -- C:\Users\Rumblefish\Desktop\bill of sell.jpg
[2012/06/04 08:17:44 | 000,546,674 | ---- | M] () -- C:\Users\Rumblefish\Desktop\forecloe1r.jpg
[2012/06/04 08:16:36 | 000,504,191 | ---- | M] () -- C:\Users\Rumblefish\Desktop\blue chi1p.jpg
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Rumblefish\*.tmp files -> C:\Users\Rumblefish\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/02 18:57:55 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/02 15:29:20 | 000,136,877 | ---- | C] () -- C:\Users\Rumblefish\Desktop\mayham3.jpg
[2012/07/02 15:21:46 | 000,136,877 | ---- | C] () -- C:\Users\Rumblefish\Desktop\mayham.jpg
[2012/06/29 19:19:30 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/28 07:18:50 | 239,806,877 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/27 22:27:04 | 000,000,818 | ---- | C] () -- C:\Users\Rumblefish\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
[2012/06/27 22:27:03 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
[2012/06/27 22:22:26 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/06/27 22:14:45 | 000,002,554 | -H-- | C] () -- C:\IPH.PH
[2012/06/22 17:10:01 | 000,342,835 | ---- | C] () -- C:\Users\Rumblefish\Desktop\cars7.jpg
[2012/06/22 17:08:23 | 000,514,098 | ---- | C] () -- C:\Users\Rumblefish\Desktop\car6.jpg
[2012/06/22 17:07:27 | 000,499,599 | ---- | C] () -- C:\Users\Rumblefish\Desktop\car5.jpg
[2012/06/22 17:06:38 | 000,473,382 | ---- | C] () -- C:\Users\Rumblefish\Desktop\car4.jpg
[2012/06/22 17:05:33 | 000,428,512 | ---- | C] () -- C:\Users\Rumblefish\Desktop\car3.jpg
[2012/06/22 17:03:46 | 000,312,501 | ---- | C] () -- C:\Users\Rumblefish\Desktop\car2.jpg
[2012/06/22 17:02:47 | 000,451,663 | ---- | C] () -- C:\Users\Rumblefish\Desktop\car1.jpg
[2012/06/20 15:29:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/15 17:00:12 | 000,049,704 | ---- | C] () -- C:\Users\Rumblefish\Documents\cc_20120615_170009.reg
[2012/06/14 05:15:46 | 000,425,593 | ---- | C] () -- C:\Users\Rumblefish\Desktop\fed ex.jpg
[2012/06/13 05:55:20 | 000,551,416 | ---- | C] () -- C:\Users\Rumblefish\Desktop\ffdp3
[2012/06/09 23:39:14 | 003,702,784 | ---- | C] () -- C:\Users\Rumblefish\Documents\money june.mny
[2012/06/09 16:45:27 | 003,433,664 | R--- | C] () -- C:\Users\Rumblefish\Documents\My Money Backup 1.mbf
[2012/05/28 21:49:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/28 21:49:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/28 21:49:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/28 21:49:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/16 01:27:40 | 000,254,464 | ---- | C] () -- C:\Windows\System32\missouri.dll
[2011/06/24 17:10:56 | 000,000,273 | ---- | C] () -- C:\Windows\System32\initparams.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/01 05:52:22 | 001,899,232 | ---- | C] () -- C:\Windows\System32\drivers\macxvi200.bin
[2011/03/17 09:14:05 | 000,000,036 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/03/01 16:35:32 | 247,443,295 | ---- | C] () -- C:\Users\Rumblefish\WC77xx_06109022019700.zip
[2010/11/04 05:42:25 | 000,000,000 | ---- | C] () -- C:\Users\Rumblefish\defogger_reenable
[2010/11/04 05:17:25 | 000,000,680 | ---- | C] () -- C:\Users\Rumblefish\AppData\Local\d3d9caps.dat
[2010/10/06 16:47:37 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/10/06 16:47:08 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/10/06 16:47:00 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/10/06 16:46:53 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010/03/23 20:52:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/05/01 12:58:53 | 000,060,802 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/04/16 05:39:47 | 000,031,007 | ---- | C] () -- C:\Users\Rumblefish\AppData\Roaming\UserTile.png
[2009/03/21 07:36:58 | 000,000,008 | ---- | C] () -- C:\Users\Rumblefish\AppData\Roaming\usb.dat.bin
[2009/02/03 09:20:53 | 000,000,838 | ---- | C] () -- C:\Users\Rumblefish\AppData\Roaming\wklnhst.dat
[2008/10/30 11:02:20 | 000,870,128 | ---- | C] () -- C:\Users\Rumblefish\AppData\Roaming\mcs.rma
[2008/10/05 07:45:24 | 000,000,480 | ---- | C] () -- C:\Users\Rumblefish\Desktop.lnk
[2008/06/16 22:46:23 | 000,000,104 | ---- | C] () -- C:\Users\Rumblefish\E-mail - Shortcut.lnk

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/03/03 15:28:09 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/04/02 06:46:26 | 000,103,484 | ---- | M] () -- C:\aaw7boot.log
[2007/05/14 05:10:42 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012/06/20 16:03:58 | 000,017,406 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/20 05:06:43 | 000,236,033 | ---- | M] () -- C:\drivers.log
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2012/06/28 05:37:57 | 000,100,864 | ---- | M] (GMER) -- C:\fwlirkoc.sys
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/07/02 19:06:50 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2012/06/27 22:27:24 | 000,030,899 | ---- | M] () -- C:\INSTALL.LOG
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/11/23 10:14:28 | 000,000,548 | ---- | M] () -- C:\InstallHelper.log
[2009/03/14 14:24:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/06/28 02:37:06 | 000,002,554 | -H-- | M] () -- C:\IPH.PH
[2009/03/14 14:24:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/07/02 19:06:45 | 2451,238,912 | -HS- | M] () -- C:\pagefile.sys
[2012/06/09 08:05:06 | 000,000,462 | ---- | M] () -- C:\rkill.log
[2010/05/27 03:49:08 | 000,009,748 | ---- | M] () -- C:\scramble.log
[2012/06/09 08:08:17 | 000,130,984 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_09.06.2012_08.07.29_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/01 13:00:16 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\hpzpp5jy.dll
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2012/05/21 22:14:07 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
[2009/01/29 14:45:12 | 000,010,752 | ---- | M] (Xerox Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\x5print.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >
[2012/05/15 12:51:08 | 002,045,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32k.sys
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\* >
[2008/10/06 02:26:50 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: \accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: \accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: \accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: \aol.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 01:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 01:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 01:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/06/07 01:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/14 15:48:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/14 15:48:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/14 15:48:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: \accdef.exe -rb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: \accdef.exe -hb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: \accdef.exe -sb
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: \aol.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/07 01:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/07 01:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/07 01:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/06/07 01:14:45 | 001,239,576 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/14 15:48:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/14 15:48:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/14 15:48:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 16:00:18 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:2BE9FEFC
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:C895616B

< End of report >

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 02 July 2012 - 10:10 PM

Did you try to reset internet explorer? Did that help?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 one2855

one2855
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 03 July 2012 - 01:02 PM

yes i did reset and no it did not help

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 03 July 2012 - 07:52 PM

Hello, one2855.

OK, let's check your DNS resolution.

  • Please open Notepad.
  • Copy and paste the text in the box below into Notepad.
    @ECHO OFF
    nslookup www.google.com > "%USERPROFILE%\Desktop\DNSTest.txt"
    start "%USERPROFILE%\Desktop\DNSTest.txt"
    del %0
    This fix is custom made for this user's computer.
  • Select File-->Save As
  • Select File as Type: All Types (*.*)
  • Save it to your desktop as fixme.bat
  • Right-click on fixme.bat on your desktop and select "Run As Administrator". If Windows asks, click YES to allow it to proceed.
  • A window will briefly pop up then close.
  • A log will open, please copy and paste it into your response.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 one2855

one2855
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 06 July 2012 - 07:43 AM

here the log
thanks
Server: cdns1.cox.net
Address: 68.105.28.11

Name: www.l.google.com
Addresses: 2607:f8b0:4000:800::1011
74.125.227.20
74.125.227.16
74.125.227.17
74.125.227.18
74.125.227.19
Aliases: www.google.com

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 06 July 2012 - 03:26 PM

Hello, one2855.


Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 one2855

one2855
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 08 July 2012 - 12:46 AM

ComboFix 12-07-07.04 - Rumblefish 07/07/2012 22:26:47.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1422 [GMT -7:00]
Running from: c:\users\Rumblefish\Downloads\etavaresCF.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 05:39 . 2012-07-08 05:40 -------- d-----w- c:\users\Rumblefish\AppData\Local\temp
2012-07-08 05:39 . 2012-07-08 05:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-08 05:39 . 2012-07-08 05:39 -------- d-----w- c:\users\ebay account\AppData\Local\temp
2012-07-08 05:39 . 2012-07-08 05:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 15:06 . 2012-07-06 15:06 -------- d-----w- c:\windows\Sun
2012-06-30 02:17 . 2012-06-30 02:17 -------- d-----w- c:\programdata\AVAST Software
2012-06-30 02:17 . 2012-06-30 02:17 -------- d-----w- c:\program files\AVAST Software
2012-06-29 14:16 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34981A14-D21A-4CE4-9076-87F2F9421D26}\mpengine.dll
2012-06-28 12:37 . 2012-06-28 12:37 100864 ----a-w- C:\fwlirkoc.sys
2012-06-28 12:27 . 2012-06-28 12:27 -------- d-----w- C:\c2882c812f6613ac80f14c
2012-06-28 05:59 . 2012-06-28 05:59 -------- d-----w- c:\users\Rumblefish\AppData\Roaming\AOL
2012-06-28 05:22 . 2012-06-28 05:22 -------- d-----w- c:\programdata\AOL Downloads
2012-06-22 17:55 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 17:55 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 17:55 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 17:55 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 17:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 17:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 17:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 17:54 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 17:54 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 22:28 . 2012-07-08 05:22 -------- d-----w- C:\ComboFix
2012-06-18 10:08 . 2012-06-28 05:15 -------- d-----w- c:\program files\IEPro
2012-06-15 02:06 . 2012-07-03 03:05 -------- d-----w- c:\users\admin
2012-06-14 11:29 . 2012-06-14 11:29 -------- d-----w- C:\found.001
2012-06-13 23:03 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 23:03 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 23:03 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 23:03 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:02 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 05:14 . 2011-03-03 22:28 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-22 05:14 . 2011-03-03 22:28 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 05:14 . 2011-03-03 22:28 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 05:14 . 2011-03-03 22:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-26 04:49 . 2012-04-26 04:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-26 04:49 . 2012-04-26 04:49 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-20 22:50 . 2012-04-20 22:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-04-16 08:29 . 2012-04-16 08:29 871936 ----a-w- c:\windows\system32\GeacView.dll
2012-04-16 08:27 . 2012-04-16 08:27 254464 ----a-w- c:\windows\system32\missouri.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk]
path=c:\users\Rumblefish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Rumblefish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
path=c:\users\Rumblefish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registry Repair Pro.lnk
backup=c:\windows\pss\Registry Repair Pro.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\users\Rumblefish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 18:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert]
2008-08-01 15:30 152952 ----a-w- c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX410 Series]
2008-10-01 07:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFCA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1340861117\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-10-03 22:15 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 22:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-09-17 23:40 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTCM Client]
2008-12-24 22:39 1540288 ----a-w- c:\program files\LTCM Client\ltcmClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 22:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2000-07-20 19:55 98304 ----a-w- c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 09:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonUpdateAgent]
2010-09-07 22:40 1819504 ----a-w- c:\programdata\Norton\NUA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NswUiTray]
2008-09-25 21:52 85360 ----a-w- c:\program files\Norton SystemWorks\NswUiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 03:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-06-09 17:25 7539232 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-10-01 14:42 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-28 05:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\Drivers\Achernar.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 04:49]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc994744315fe0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 16:55]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc994749a1e440.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 16:55]
.
2011-08-19 c:\windows\Tasks\HPCeeScheduleForRumblefish.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-14 21:23]
.
2010-11-17 c:\windows\Tasks\Norton Security Scan for Rumblefish.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-12 07:04]
.
2011-08-15 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2008-09-25 21:52]
.
2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{9DDDD3C1-2D6F-4439-B54E-EB8EBA23F18B}.job
- c:\windows\system32\msfeedssync.exe [2011-08-14 22:47]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://las.mlxchange.com/5.5.08.25119/Control/IRCSharc.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-Anonymizer - c:\program files\Anonymizer\Anonymizer Software\Anonymizer.exe
MSConfigStartUp-Clearwire Connection Manager - c:\program files\Clearwire\Connection Manager\ClearwireCM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-07 22:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-07-07 22:43:46
ComboFix-quarantined-files.txt 2012-07-08 05:43
ComboFix2.txt 2012-06-20 23:03
ComboFix3.txt 2012-05-29 05:16
ComboFix4.txt 2012-05-18 13:55
ComboFix5.txt 2012-07-08 05:22
.
Pre-Run: 53,141,975,040 bytes free
Post-Run: 54,468,956,160 bytes free
.
- - End Of File - - CDB359E392C3EAC8E991C5A7B41CDE65

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 08 July 2012 - 05:43 AM

Hello, one2855.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 one2855

one2855
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 09 July 2012 - 04:26 AM

here you go thanks
ComboFix 12-07-07.04 - Rumblefish 07/09/2012 1:54.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.614 [GMT -7:00]
Running from: c:\users\Rumblefish\Downloads\ComboFix.exe
Command switches used :: c:\users\Rumblefish\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 09:09 . 2012-07-09 09:09 -------- d-----w- c:\users\Rumblefish\AppData\Local\temp
2012-07-09 09:09 . 2012-07-09 09:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-09 09:09 . 2012-07-09 09:09 -------- d-----w- c:\users\ebay account\AppData\Local\temp
2012-07-09 09:09 . 2012-07-09 09:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-09 09:05 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B45B440E-3587-455D-BF00-8E11291A2F60}\mpengine.dll
2012-07-09 08:48 . 2012-07-09 08:56 -------- d-----w- C:\cd97eb8230e97e944343bd332c2c
2012-07-08 05:22 . 2012-07-08 05:43 -------- d-----w- C:\etavaresCF
2012-07-06 15:06 . 2012-07-06 15:06 -------- d-----w- c:\windows\Sun
2012-06-30 02:17 . 2012-07-09 08:40 -------- d-----w- c:\programdata\AVAST Software
2012-06-30 02:17 . 2012-06-30 02:17 -------- d-----w- c:\program files\AVAST Software
2012-06-28 12:37 . 2012-06-28 12:37 100864 ----a-w- C:\fwlirkoc.sys
2012-06-28 12:27 . 2012-06-28 12:27 -------- d-----w- C:\c2882c812f6613ac80f14c
2012-06-28 05:59 . 2012-06-28 05:59 -------- d-----w- c:\users\Rumblefish\AppData\Roaming\AOL
2012-06-28 05:22 . 2012-06-28 05:22 -------- d-----w- c:\programdata\AOL Downloads
2012-06-22 17:55 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 17:55 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 17:55 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 17:55 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 17:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 17:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 17:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 17:54 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 17:54 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 10:08 . 2012-06-28 05:15 -------- d-----w- c:\program files\IEPro
2012-06-15 02:06 . 2012-07-03 03:05 -------- d-----w- c:\users\admin
2012-06-14 11:29 . 2012-06-14 11:29 -------- d-----w- C:\found.001
2012-06-13 23:03 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 23:03 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 23:03 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 23:03 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:02 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-22 05:14 . 2011-03-03 22:28 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-05-22 05:14 . 2011-03-03 22:28 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-22 05:14 . 2011-03-03 22:28 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-05-22 05:14 . 2011-03-03 22:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-26 04:49 . 2012-04-26 04:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-26 04:49 . 2012-04-26 04:49 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-20 22:50 . 2012-04-20 22:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-04-16 08:29 . 2012-04-16 08:29 871936 ----a-w- c:\windows\system32\GeacView.dll
2012-04-16 08:27 . 2012-04-16 08:27 254464 ----a-w- c:\windows\system32\missouri.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk]
path=c:\users\Rumblefish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Rumblefish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registry Repair Pro.lnk]
path=c:\users\Rumblefish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registry Repair Pro.lnk
backup=c:\windows\pss\Registry Repair Pro.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Rumblefish^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Scheduler.lnk]
path=c:\users\Rumblefish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scheduler.lnk
backup=c:\windows\pss\Scheduler.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 18:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert]
2008-08-01 15:30 152952 ----a-w- c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX410 Series]
2008-10-01 07:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFCA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1340861117\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-10-03 22:15 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 22:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-09-17 23:40 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTCM Client]
2008-12-24 22:39 1540288 ----a-w- c:\program files\LTCM Client\ltcmClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 22:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2000-07-20 19:55 98304 ----a-w- c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 09:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonUpdateAgent]
2010-09-07 22:40 1819504 ----a-w- c:\programdata\Norton\NUA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NswUiTray]
2008-09-25 21:52 85360 ----a-w- c:\program files\Norton SystemWorks\NswUiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 03:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-06-09 17:25 7539232 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-10-01 14:42 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-28 05:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\Drivers\Achernar.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 04:49]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc994744315fe0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 16:55]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc994749a1e440.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 16:55]
.
2011-08-19 c:\windows\Tasks\HPCeeScheduleForRumblefish.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-14 21:23]
.
2010-11-17 c:\windows\Tasks\Norton Security Scan for Rumblefish.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-12 07:04]
.
2011-08-15 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2008-09-25 21:52]
.
2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{9DDDD3C1-2D6F-4439-B54E-EB8EBA23F18B}.job
- c:\windows\system32\msfeedssync.exe [2011-08-14 22:47]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://las.mlxchange.com/5.5.08.25119/Control/IRCSharc.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-09 02:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-07-09 02:15:33
ComboFix-quarantined-files.txt 2012-07-09 09:15
ComboFix2.txt 2012-07-08 05:43
ComboFix3.txt 2012-06-20 23:03
ComboFix4.txt 2012-05-29 05:16
ComboFix5.txt 2012-07-09 08:49
.
Pre-Run: 52,506,767,360 bytes free
Post-Run: 52,451,909,632 bytes free
.
- - End Of File - - 33BA6D632D7B1A40C71576C74A298FE6




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users