Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File Restore Virus


  • This topic is locked This topic is locked
28 replies to this topic

#1 tri-mike

tri-mike

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 25 October 2012 - 08:31 AM

I have gone through the instructions best I can, ran Malware 4 times, the first 2 times is caught torjans and redirects, but FIle Restore still shows as a program running on the program bar below and still shows on the desktop. All help is appreciated.

DDS (Ver_2012-10-19.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Tracey at 8:33:15 on 2012-10-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2654 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20121043,17117,0,18,0
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080712
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [PDckxwbyiexT.exe] c:\programdata\PDckxwbyiexT.exe
uRun: [j7KcOvKtsrMwvj] c:\programdata\j7KcOvKtsrMwvj.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.dositey.com/muldiv/mul1ss5.htm"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\users\tracey\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{50F115F3-EE13-465D-A92D-DB107EA70994} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{9E297A9F-DC6F-4773-ADF8-2ED13A682F82} : DHCPNameServer = 10.61.32.1 1.1.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-7-12 179712]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-7-12 214664]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-7-11 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-24 399432]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-24 676936]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 250808]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-11-25 19456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-12 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-24 22856]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-7-12 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-7-12 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-12 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-12 40552]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-25 12:11:14 54016 ----a-w- c:\windows\system32\drivers\vbwhj.sys
2012-10-25 03:05:06 -------- d-----w- c:\program files\Yahoo!
2012-10-25 00:43:38 -------- d-----w- c:\users\tracey\appdata\roaming\Malwarebytes
2012-10-25 00:43:23 -------- d-----w- c:\programdata\Malwarebytes
2012-10-25 00:43:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-25 00:43:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-24 21:22:17 344064 ---ha-w- c:\programdata\j7KcOvKtsrMwvj.exe
2012-10-24 19:57:54 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0fd08acc-f1b9-40df-a4a1-b35aeb310afe}\mpengine.dll
2012-10-23 19:27:42 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-21 01:38:12 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2c4cca83-9a75-4fd7-91a5-6d544a9228e6}\gapaengine.dll
.
==================== Find3M ====================
.
2012-10-09 19:04:51 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 19:04:50 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 02:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-29 00:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 8:34:51.64 ===============


Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.25.01

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Tracey :: TRACEY-SMALLLAP [administrator]

Protection: Disabled

10/25/2012 9:11:54 AM
mbam-log-2012-10-25 (09-11-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208089
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:27 AM

Posted 25 October 2012 - 10:46 AM

Hello tri-mike and welcome to BC.

I will review your logs and post the necessary instructions afterward. :)

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:27 AM

Posted 25 October 2012 - 10:57 AM

Hi,


:step1: Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.





:step2: Please run DDS again and post the new log, no need to attach the " attach.txt".


Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#4 tri-mike

tri-mike
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 25 October 2012 - 03:34 PM

I really hope you can help me. The virus will not let me log into bleeping computer now and so I have to transfer everything back and forth on a USB. I am scanning the USB each time i put it on the other computer, should I be safe?

Thanks again and here are the two logs.

ComboFix 12-10-25.01 - Tracey 10/25/2012 13:11:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1891 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\Program Files\TotalRecipeSearch_14EI
C:\ProgramData\j7KcOvKtsrMwvj.exe
C:\Windows\Fonts\8514fixe.fon
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\simsunb.ttf
C:\Windows\security\Database\tmp.edb


((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))


2012-10-25 17:21:09 . 2012-10-25 17:21:09 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-10-25 16:42:23 . 2012-10-25 17:21:20 -------- d-----w- C:\Users\Tracey\AppData\Local\temp
2012-10-25 03:19:30 . 2012-10-25 03:19:30 -------- d-----w- C:\Program Files\7-zip
2012-10-25 03:05:06 . 2012-10-25 03:05:10 -------- d-----w- C:\Program Files\Yahoo!
2012-10-25 03:05:06 . 2012-10-25 03:05:06 -------- d-----w- C:\Users\Tracey\AppData\Roaming\Yahoo!
2012-10-25 00:43:38 . 2012-10-25 00:43:38 -------- d-----w- C:\Users\Tracey\AppData\Roaming\Malwarebytes
2012-10-25 00:43:21 . 2012-10-25 00:43:30 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-10-25 00:43:21 . 2012-09-29 23:54:26 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-10-24 19:57:54 . 2012-10-12 05:56:01 6918632 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FD08ACC-F1B9-40DF-A4A1-B35AEB310AFE}\mpengine.dll ERROR(0x00000005)
2012-10-23 19:27:42 . 2012-10-12 05:56:01 6918632 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-10-21 01:38:12 . 2012-10-03 16:30:52 740784 ------w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C4CCA83-9A75-4FD7-91A5-6D544A9228E6}\gapaengine.dll ERROR(0x00000005)
2012-09-28 10:38:04 . 2012-09-28 10:38:04 -------- d-----w- C:\Windows\Sun
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-10-09 19:04:51 . 2012-04-08 12:35:35 696760 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-10-09 19:04:50 . 2011-05-20 14:13:54 73656 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 16:30:52 . 2011-03-26 12:19:32 740784 ------w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll ERROR(0x00000005)
2012-08-31 02:03:50 . 2012-08-31 02:03:50 193552 ----a-w- C:\Windows\system32\drivers\MpFilter.sys
2012-08-31 02:03:50 . 2010-10-25 02:25:38 99272 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
2012-08-29 00:24:56 . 2012-07-01 14:28:12 477168 ----a-w- C:\Windows\system32\npdeployJava1.dll
2012-08-29 00:24:53 . 2012-01-10 16:42:22 473072 ----a-w- C:\Windows\system32\deployJava1.dll
2012-08-21 17:01:22 . 2012-09-19 16:01:20 26840 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 . 2009-10-01 02:10:53 106928 ----a-w- C:\Windows\system32\GEARAspi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 06:28:23 2153472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-12 09:08:13 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [BU]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 09:40:32 218032]
"MobileDocuments"="C:\Program Files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 16:30:40 59240]
"PDckxwbyiexT.exe"="C:\ProgramData\PDckxwbyiexT.exe" [BU]
"j7KcOvKtsrMwvj"="C:\ProgramData\j7KcOvKtsrMwvj.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-29 04:18:02 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 09:27:30 159744]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-04-22 06:11:42 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-04-22 06:11:32 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-04-22 06:11:36 133656]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-05-19 06:26:20 3444736]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-12 23:53:41 30192]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 15:58:06 184320]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [BU]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 06:52:06 59240]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 06:04:34 39792]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 04:37:16 405504]
"Monitor"="C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-07-28 19:14:04 554328]
"Conime"="C:\Windows\system32\conime.exe" [2009-04-11 06:27:28 69120]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 01:32:54 59280]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2012-09-12 21:19:44 947176]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-04-19 00:56:22 421888]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 19:02:04 254696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-09-10 03:30:34 421776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" [BU]

C:\Users\Tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-7-12 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-12 09:16:22 10536 ----a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Contents of the 'Scheduled Tasks' folder

2012-10-25 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 12:35:36 . 2012-10-09 19:04:52]

2012-10-25 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 19:39:39 . 2010-01-31 19:39:20]

2012-10-25 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 19:39:39 . 2010-01-31 19:39:20]


------- Supplementary Scan -------

uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20121043,17117,0,18,0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Tracey at 16:26:28 on 2012-10-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2074 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\uaclauncher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20121043,17117,0,18,0
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [PDckxwbyiexT.exe] c:\programdata\PDckxwbyiexT.exe
uRun: [j7KcOvKtsrMwvj] c:\programdata\j7KcOvKtsrMwvj.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\users\tracey\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{50F115F3-EE13-465D-A92D-DB107EA70994} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{9E297A9F-DC6F-4773-ADF8-2ED13A682F82} : DHCPNameServer = 10.61.32.1 1.1.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-7-12 214664]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-7-11 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-24 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-24 676936]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-7-12 179712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-24 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-8 250808]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2008-11-25 19456]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-12 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-7-12 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-7-12 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-12 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-12 40552]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-25 20:14:49 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{89ddca9f-9f5e-426c-b23f-c4294d244dbc}\mpengine.dll
2012-10-25 17:23:15 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-25 17:08:58 -------- d-----w- C:\ComboFix
2012-10-25 16:42:23 -------- d-----w- c:\users\tracey\appdata\local\temp
2012-10-25 16:27:22 98816 ----a-w- c:\windows\sed.exe
2012-10-25 16:27:22 256000 ----a-w- c:\windows\PEV.exe
2012-10-25 16:27:22 208896 ----a-w- c:\windows\MBR.exe
2012-10-25 03:05:06 -------- d-----w- c:\program files\Yahoo!
2012-10-25 00:43:38 -------- d-----w- c:\users\tracey\appdata\roaming\Malwarebytes
2012-10-25 00:43:23 -------- d-----w- c:\programdata\Malwarebytes
2012-10-25 00:43:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-25 00:43:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-24 19:57:54 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-21 01:38:12 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2c4cca83-9a75-4fd7-91a5-6d544a9228e6}\gapaengine.dll
.
==================== Find3M ====================
.
2012-10-09 19:04:51 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 19:04:50 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 02:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-29 00:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 16:27:52.86 ===============

#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:27 AM

Posted 25 October 2012 - 07:04 PM

We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

KillAll::

File::
C:\ProgramData\PDckxwbyiexT.exe
C:\ProgramData\j7KcOvKtsrMwvj.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDckxwbyiexT.exe"=- 
"j7KcOvKtsrMwvj"=-


4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you which I will require in your next reply.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 tri-mike

tri-mike
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 26 October 2012 - 01:45 PM

Thanks again, sorry for the delay, it kept hanging up while running, but 3rd time was the charm.

ComboFix 12-10-26.01 - Tracey 10/26/2012 14:16:04.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.3014 [GMT -4:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"C:\ProgramData\j7KcOvKtsrMwvj.exe"
"C:\ProgramData\PDckxwbyiexT.exe"


((((((((((((((((((((((((( Files Created from 2012-09-26 to 2012-10-26 )))))))))))))))))))))))))))))))


2012-10-26 18:30:07 . 2012-10-26 18:33:11 -------- d-----w- C:\Users\Tracey\AppData\Local\temp
2012-10-25 03:19:30 . 2012-10-25 03:19:30 -------- d-----w- C:\Program Files\7-zip
2012-10-25 03:05:06 . 2012-10-25 03:05:10 -------- d-----w- C:\Program Files\Yahoo!
2012-10-25 03:05:06 . 2012-10-25 03:05:06 -------- d-----w- C:\Users\Tracey\AppData\Roaming\Yahoo!
2012-10-25 00:43:38 . 2012-10-25 00:43:38 -------- d-----w- C:\Users\Tracey\AppData\Roaming\Malwarebytes
2012-10-25 00:43:21 . 2012-10-25 00:43:30 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-10-25 00:43:21 . 2012-09-29 23:54:26 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-10-24 19:57:54 . 2012-10-12 05:56:01 6918632 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-10-21 01:38:12 . 2012-10-03 16:30:52 740784 ------w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C4CCA83-9A75-4FD7-91A5-6D544A9228E6}\gapaengine.dll ERROR(0x00000005)
2012-09-28 10:38:04 . 2012-09-28 10:38:04 -------- d-----w- C:\Windows\Sun
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-10-09 19:04:51 . 2012-04-08 12:35:35 696760 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-10-09 19:04:50 . 2011-05-20 14:13:54 73656 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 16:30:52 . 2011-03-26 12:19:32 740784 ------w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll ERROR(0x00000005)
2012-08-31 02:03:50 . 2012-08-31 02:03:50 193552 ----a-w- C:\Windows\system32\drivers\MpFilter.sys
2012-08-31 02:03:50 . 2010-10-25 02:25:38 99272 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
2012-08-29 00:24:56 . 2012-07-01 14:28:12 477168 ----a-w- C:\Windows\system32\npdeployJava1.dll
2012-08-29 00:24:53 . 2012-01-10 16:42:22 473072 ----a-w- C:\Windows\system32\deployJava1.dll
2012-08-21 17:01:22 . 2012-09-19 16:01:20 26840 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 . 2009-10-01 02:10:53 106928 ----a-w- C:\Windows\system32\GEARAspi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 06:28:23 2153472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-12 09:08:13 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [BU]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 09:40:32 218032]
"MobileDocuments"="C:\Program Files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 16:30:40 59240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-29 04:18:02 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 09:27:30 159744]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-04-22 06:11:42 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-04-22 06:11:32 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-04-22 06:11:36 133656]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-05-19 06:26:20 3444736]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-12 23:53:41 30192]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 15:58:06 184320]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [BU]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 06:52:06 59240]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 06:04:34 39792]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 04:37:16 405504]
"Monitor"="C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-07-28 19:14:04 554328]
"Conime"="C:\Windows\system32\conime.exe" [2009-04-11 06:27:28 69120]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 01:32:54 59280]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2012-09-12 21:19:44 947176]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-04-19 00:56:22 421888]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 19:02:04 254696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-09-10 03:30:34 421776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" [BU]

C:\Users\Tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-7-12 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-12 09:16:22 10536 ----a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Contents of the 'Scheduled Tasks' folder

2012-10-26 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 12:35:36 . 2012-10-09 19:04:52]

2012-10-26 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 19:39:39 . 2010-01-31 19:39:20]

2012-10-26 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 19:39:39 . 2010-01-31 19:39:20]


------- Supplementary Scan -------

uStart Page = hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20121043,17117,0,18,0
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1

#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:27 AM

Posted 26 October 2012 - 06:38 PM

How's the computer running?


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, but make sure you copy the logfile first.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#8 tri-mike

tri-mike
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 28 October 2012 - 11:11 AM

Thanks again for your help. Couple things, it still wont let me log into bleeping computer from that laptop. ALso, history will not record anything in Internet Explorer. ESET did catch another trojan. Here is that log

C:\Qoobox\Quarantine\C\ProgramData\j7KcOvKtsrMwvj.exe.vir a variant of Win32/Kryptik.ANSB trojan

Also, file_restore icons still shows on the the laptop.

#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:27 AM

Posted 28 October 2012 - 12:56 PM

Hi again tri-mike,

What ESET found is just a back-up created by Combofix, it's harmless.


Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.

Edited by sempai, 28 October 2012 - 01:06 PM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#10 tri-mike

tri-mike
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 28 October 2012 - 05:54 PM

Thanks Sempai, TDSSkiller found nothing.

#11 tri-mike

tri-mike
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 28 October 2012 - 06:06 PM

Should I delete the file_restore icons now both on the tool bar and on the desktop? And do the unhide instructions from the other post?

And I really feel like it still has something going on because:
1. It still wont let me log into bleeping computer from it in Explorer
2. My wife wanted to see if her pictures were still on the laptop, once I found the folder and saw they were there, all of a sudden without me doing anything else, the computer went through two clicks and the pictures were gone then. I am sure just hidden, but now I cant find them.

Edited by tri-mike, 28 October 2012 - 06:16 PM.


#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:27 AM

Posted 28 October 2012 - 09:46 PM

Hi,

Combofix will also unhidden those files being hidden by malware, but since you still have those hidden files... using it is necessary.


:step1: Please delete your copy of Combofix (do not uninstall) and download a new copy, save it to your desktop. Boot your computer in safe mode with networking and run it from there, kindly monitor it while running and when it reboots your computer during its run... make sure to boot it again in safe mode to complete the process. Post the new log afterward.



:step2: Please download unhide.exe and save it to your desktop.
  • Double click on it to run the tool (Run as administrator for Windows Vista/7).
  • You will receive a message "Your files should now be visible" once completed.
  • Click OK.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 tri-mike

tri-mike
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 29 October 2012 - 09:07 AM

Okay, so unhide seems to have worked. I think we can live with what we see back, thank you!

Crazy though, I still cannot log into bleeping computer to post the logs. Why would that be? And that makes me very hesitant to try and log into any other website using a password.

HEre are the logs:
ComboFix 12-10-29.02 - Tracey 10/29/2012 9:45:14.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.3004 [GMT -4:00]
Running from: C:\Users\Tracey\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))


2012-10-29 13:56:19 . 2012-10-29 13:56:27 -------- d-----w- C:\Users\Tracey\AppData\Local\temp
2012-10-29 13:56:19 . 2012-10-29 13:56:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-10-28 13:44:11 . 2012-10-28 13:44:11 -------- d-----w- C:\found.003
2012-10-28 12:47:42 . 2012-10-12 05:56:01 6918632 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F644AD2A-C94D-4EA0-A7EC-DB1B68B1FA38}\mpengine.dll ERROR(0x00000005)
2012-10-25 20:14:49 . 2012-10-12 05:56:01 6918632 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-10-25 03:19:30 . 2012-10-25 03:19:30 -------- d-----w- C:\Program Files\7-zip
2012-10-25 03:05:06 . 2012-10-25 03:05:10 -------- d-----w- C:\Program Files\Yahoo!
2012-10-25 03:05:06 . 2012-10-25 03:05:06 -------- d-----w- C:\Users\Tracey\AppData\Roaming\Yahoo!
2012-10-25 00:43:38 . 2012-10-25 00:43:38 -------- d-----w- C:\Users\Tracey\AppData\Roaming\Malwarebytes
2012-10-25 00:43:21 . 2012-10-25 00:43:30 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-10-25 00:43:21 . 2012-09-29 23:54:26 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-10-21 01:38:12 . 2012-10-03 16:30:52 740784 ------w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C4CCA83-9A75-4FD7-91A5-6D544A9228E6}\gapaengine.dll ERROR(0x00000005)
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-10-09 19:04:51 . 2012-04-08 12:35:35 696760 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-10-09 19:04:50 . 2011-05-20 14:13:54 73656 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 16:30:52 . 2011-03-26 12:19:32 740784 ------w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll ERROR(0x00000005)
2012-08-31 02:03:50 . 2012-08-31 02:03:50 193552 ----a-w- C:\Windows\system32\drivers\MpFilter.sys
2012-08-31 02:03:50 . 2010-10-25 02:25:38 99272 ----a-w- C:\Windows\system32\drivers\NisDrvWFP.sys
2012-08-29 00:24:56 . 2012-07-01 14:28:12 477168 ----a-w- C:\Windows\system32\npdeployJava1.dll
2012-08-29 00:24:53 . 2012-01-10 16:42:22 473072 ----a-w- C:\Windows\system32\deployJava1.dll
2012-08-21 17:01:22 . 2012-09-19 16:01:20 26840 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 . 2009-10-01 02:10:53 106928 ----a-w- C:\Windows\system32\GEARAspi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 06:28:23 2153472]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-12 09:08:13 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [BU]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 09:40:32 218032]
"MobileDocuments"="C:\Program Files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 16:30:40 59240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-29 04:18:02 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 09:27:30 159744]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-04-22 06:11:42 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-04-22 06:11:32 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-04-22 06:11:36 133656]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-05-19 06:26:20 3444736]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-12 23:53:41 30192]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 15:58:06 184320]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [BU]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 06:52:06 59240]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 06:04:34 39792]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 04:37:16 405504]
"Monitor"="C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-07-28 19:14:04 554328]
"Conime"="C:\Windows\system32\conime.exe" [2009-04-11 06:27:28 69120]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 01:32:54 59280]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2012-09-12 21:19:44 947176]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-04-19 00:56:22 421888]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 19:02:04 254696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-09-10 03:30:34 421776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" [BU]

C:\Users\Tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-7-12 50688]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-12 09:16:22 10536 ----a-w- C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Contents of the 'Scheduled Tasks' folder

2012-10-29 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 12:35:36 . 2012-10-09 19:04:52]

2012-10-29 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 19:39:39 . 2010-01-31 19:39:20]

2012-10-29 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-31 19:39:39 . 2010-01-31 19:39:20]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1

- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)




Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 10/29/2012 09:21:11 AM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 207936 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 12069 files processed.

The C:\Users\Tracey\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Restarting Explorer.exe in order to apply changes.

Program finished at: 10/29/2012 09:30:56 AM
Execution time: 0 hours(s), 9 minute(s), and 45 seconds(s)

#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:27 AM

Posted 29 October 2012 - 12:25 PM

Hi,

Do you experience any other issue[s] aside from you cannot log in to bleepingcomputer?


:step1: Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note: Do not install Avast anti virus when offered.



:step2: Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 tri-mike

tri-mike
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 29 October 2012 - 03:51 PM

Okay, dumb me, I had the security settings to high and IE would not accept cookies so it wouldnt log in. Sorry!

Please advise what you would like me to do next. Here are the last 3 scans you requested.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-29 16:18:05
-----------------------------
16:18:05.594 OS Version: Windows 6.0.6002 Service Pack 2
16:18:05.594 Number of processors: 2 586 0xF0D
16:18:05.594 ComputerName: TRACEY-SMALLLAP UserName: Tracey
16:18:07.903 Initialize success
16:18:24.787 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:18:24.787 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
16:18:24.834 Disk 0 MBR read successfully
16:18:24.850 Disk 0 MBR scan
16:18:24.850 Disk 0 Windows VISTA default MBR code
16:18:24.850 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
16:18:24.881 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 178176
16:18:24.912 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225586 MB offset 21149696
16:18:24.912 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 483151872
16:18:24.975 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 483153920
16:18:24.990 Disk 0 scanning sectors +488394752
16:18:25.053 Disk 0 scanning C:\Windows\system32\drivers
16:18:34.335 Service scanning
16:18:42.197 Service MpKslcc6e75a8 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8BCB9447-FFED-4641-B9C4-2C2EC365C21C}\MpKslcc6e75a8.sys **LOCKED** 32
16:18:52.134 Modules scanning
16:18:57.703 Disk 0 trace - called modules:
16:18:57.766 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
16:18:57.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863293b0]
16:18:57.781 3 CLASSPNP.SYS[8b7a08b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8589a030]
16:18:57.797 Scan finished successfully
16:19:23.599 Disk 0 MBR has been saved successfully to "C:\Users\Tracey\Desktop\MBR.dat"
16:19:23.615 The log file has been saved successfully to "C:\Users\Tracey\Desktop\aswMBR.txt"

OTL logfile created on: 10/29/2012 4:20:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracey\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 61.10% Memory free
7.19 Gb Paging File | 5.76 Gb Available in Paging File | 80.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.30 Gb Total Space | 137.12 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.26 Gb Free Space | 52.62% Space Free | Partition Type: NTFS

Computer Name: TRACEY-SMALLLAP | User Name: Tracey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/29 16:17:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracey\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,280,088 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2010/07/28 15:14:04 | 000,554,328 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/07/28 14:39:22 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/13 17:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/02 00:37:16 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/02 00:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/02 00:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/24 05:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 05:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 05:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 05:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 09:29:44 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/15 09:29:30 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\09921757c265f71e2458696d7f64cc5e\VistaBridgeLibrary.ni.dll
MOD - [2012/06/15 09:29:29 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\cbaab9a3d542f178ef9f4ed2998b6347\DellDock.ni.exe
MOD - [2012/06/15 09:29:27 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\7c673f0e46d9d52167ee9ae5d1e73a7a\MyDock.Util.ni.dll
MOD - [2012/06/15 09:27:32 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/15 09:27:21 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/16 16:15:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/16 16:15:36 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/16 16:15:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/16 16:13:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/16 16:12:13 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/16 16:11:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/12 19:53:41 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2008/05/19 02:25:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2012/10/09 15:04:52 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/07/28 14:39:22 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/12 05:16:22 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/02 00:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/02 00:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cztqpytr.sys -- (cztqpytr)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cumfoehc.sys -- (cumfoehc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tracey\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Tracey\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/10/29 16:18:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8BCB9447-FFED-4641-B9C4-2C2EC365C21C}\MpKslcc6e75a8.sys -- (MpKslcc6e75a8)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/17 17:26:40 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020200}_0)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/11/25 13:39:02 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/01/02 00:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/24 05:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/27 03:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 03:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 03:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm002ADus&ptb=8068AFF6-E74B-4104-B5D4-13C06CE8766C&psa=&ind=2011112821&ptnrS=YKxdm002ADus&si=CMqQrM_k2qwCFYqA5QodPVNPrQ&st=sb&n=77df2575&searchfor={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-431974098-496421991-3974863122-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-431974098-496421991-3974863122-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-431974098-496421991-3974863122-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-431974098-496421991-3974863122-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-431974098-496421991-3974863122-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-431974098-496421991-3974863122-1003\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=GirgaGxJFuRPTlKCp_MA7KKylRY?q={searchTerms}
IE - HKU\S-1-5-21-431974098-496421991-3974863122-1003\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm002ADus&ptb=8068AFF6-E74B-4104-B5D4-13C06CE8766C&psa=&ind=2011112821&ptnrS=YKxdm002ADus&si=CMqQrM_k2qwCFYqA5QodPVNPrQ&st=sb&n=77df2575&searchfor={searchTerms}
IE - HKU\S-1-5-21-431974098-496421991-3974863122-1003\..\SearchScopes\{E09BD351-F569-422E-92B6-847A23871D50}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20121043,17118,0,18,0
IE - HKU\S-1-5-21-431974098-496421991-3974863122-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-431974098-496421991-3974863122-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tracey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2012/10/26 14:31:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKU\S-1-5-21-431974098-496421991-3974863122-1003..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKU\S-1-5-21-431974098-496421991-3974863122-1003..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-431974098-496421991-3974863122-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-431974098-496421991-3974863122-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-431974098-496421991-3974863122-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-431974098-496421991-3974863122-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-431974098-496421991-3974863122-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50F115F3-EE13-465D-A92D-DB107EA70994}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E297A9F-DC6F-4773-ADF8-2ED13A682F82}: DhcpNameServer = 10.61.32.1 1.1.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/29 16:17:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tracey\Desktop\OTL.exe
[2012/10/29 16:17:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tracey\Desktop\aswMBR.exe
[2012/10/29 15:24:21 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/10/29 15:24:21 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/10/29 15:24:21 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/10/29 09:58:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/29 09:56:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/29 09:56:19 | 000,000,000 | ---D | C] -- C:\Users\Tracey\AppData\Local\temp
[2012/10/29 09:42:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/29 08:55:35 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Tracey\Desktop\unhide.exe
[2012/10/28 09:44:11 | 000,000,000 | ---D | C] -- C:\found.003
[2012/10/25 12:27:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/25 12:27:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/25 12:27:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/25 12:26:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/25 12:26:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/24 23:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/10/24 23:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/10/24 23:05:06 | 000,000,000 | ---D | C] -- C:\Users\Tracey\AppData\Roaming\Yahoo!
[2012/10/24 23:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/10/24 20:43:38 | 000,000,000 | ---D | C] -- C:\Users\Tracey\AppData\Roaming\Malwarebytes
[2012/10/24 20:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/24 20:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/24 20:43:21 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/24 20:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/24 17:22:21 | 000,000,000 | ---D | C] -- C:\Users\Tracey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Restore
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/29 16:19:23 | 000,000,512 | ---- | M] () -- C:\Users\Tracey\Desktop\MBR.dat
[2012/10/29 16:17:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tracey\Desktop\OTL.exe
[2012/10/29 16:17:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tracey\Desktop\aswMBR.exe
[2012/10/29 15:41:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/29 15:34:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/29 15:15:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/29 15:15:44 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/29 15:15:44 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/29 15:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/29 15:15:27 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/29 11:10:17 | 409,688,287 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/29 08:55:23 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Tracey\Desktop\unhide.exe
[2012/10/29 08:53:19 | 000,000,586 | ---- | M] () -- C:\Users\Tracey\Desktop\ComboFix - Shortcut.lnk
[2012/10/28 18:54:56 | 000,545,368 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/28 18:54:56 | 000,122,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/26 14:31:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/24 20:43:29 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/24 20:25:44 | 000,000,672 | ---- | M] () -- C:\Users\Tracey\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/24 20:25:44 | 000,000,648 | ---- | M] () -- C:\Users\Tracey\Desktop\File_Restore.lnk
[2012/10/24 17:25:05 | 000,000,144 | ---- | M] () -- C:\ProgramData\-j7KcOvKtsrMwvj
[2012/10/24 17:25:02 | 000,000,368 | ---- | M] () -- C:\ProgramData\j7KcOvKtsrMwvj
[2012/10/24 17:23:52 | 000,000,168 | ---- | M] () -- C:\ProgramData\-j7KcOvKtsrMwvjr
[2012/10/09 15:04:51 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 15:04:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/04 17:22:51 | 000,005,972 | ---- | M] () -- C:\Users\Tracey\AppData\Local\d3d9caps.dat
[2012/10/02 21:53:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/29 16:19:23 | 000,000,512 | ---- | C] () -- C:\Users\Tracey\Desktop\MBR.dat
[2012/10/29 09:59:43 | 3747,655,680 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/29 08:53:19 | 000,000,586 | ---- | C] () -- C:\Users\Tracey\Desktop\ComboFix - Shortcut.lnk
[2012/10/25 12:27:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/25 12:27:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/25 12:27:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/25 12:27:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/25 12:27:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/24 20:43:29 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/24 20:25:44 | 000,000,672 | ---- | C] () -- C:\Users\Tracey\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/24 20:25:44 | 000,000,648 | ---- | C] () -- C:\Users\Tracey\Desktop\File_Restore.lnk
[2012/10/24 17:22:22 | 000,000,168 | ---- | C] () -- C:\ProgramData\-j7KcOvKtsrMwvjr
[2012/10/24 17:22:22 | 000,000,144 | ---- | C] () -- C:\ProgramData\-j7KcOvKtsrMwvj
[2012/10/24 17:22:17 | 000,000,368 | ---- | C] () -- C:\ProgramData\j7KcOvKtsrMwvj
[2012/05/28 09:35:20 | 000,001,046 | ---- | C] () -- C:\Windows\System32\EKaio2WiaCoInst.ini
[2008/08/07 13:08:26 | 000,005,972 | ---- | C] () -- C:\Users\Tracey\AppData\Local\d3d9caps.dat
[2008/07/16 20:21:29 | 000,020,992 | ---- | C] () -- C:\Users\Tracey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

OTL Extras logfile created on: 10/29/2012 4:20:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tracey\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 61.10% Memory free
7.19 Gb Paging File | 5.76 Gb Available in Paging File | 80.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.30 Gb Total Space | 137.12 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.26 Gb Free Space | 52.62% Space Free | Partition Type: NTFS

Computer Name: TRACEY-SMALLLAP | User Name: Tracey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06500DE1-085D-4664-A9A8-4FF7DF1B0C74}" = lport=5353 | protocol=6 | dir=in | name=printer |
"{0E128522-34FE-4DB7-A218-E71CBB27AB92}" = lport=137 | protocol=17 | dir=in | app=system |
"{4387A909-56DD-4301-B412-DB6C39124A6F}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{4C36AC5A-BA5B-4526-9F12-5DAD1F3534CA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{51519A7E-1699-4493-951F-4D89B283BC9C}" = rport=137 | protocol=17 | dir=out | app=system |
"{6973C247-8D9E-4819-9523-772C8AD45597}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6EC36EB7-B1C0-4B55-A0B3-51E128E9776E}" = lport=445 | protocol=6 | dir=in | app=system |
"{75749C12-6604-45CE-9E31-D29F56994536}" = lport=139 | protocol=6 | dir=in | app=system |
"{8AC7F7F2-7B1F-4D25-B095-5376209E6059}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{9EC6C48F-618E-45A6-9FFE-62D86B04EF4C}" = lport=138 | protocol=17 | dir=in | app=system |
"{A688E9C2-4C76-44B7-B902-E70C0FA95A94}" = rport=445 | protocol=6 | dir=out | app=system |
"{EB03B083-98E8-4FFD-A294-4254DF7B4F35}" = rport=138 | protocol=17 | dir=out | app=system |
"{EB8276B6-40ED-447F-AD6D-731C13CE4C2F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F4F28BE3-DF33-49A8-A773-2FA6C172C29E}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0133E96F-2B90-43BD-B51D-393600F528E7}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{0392B2EF-E90A-41F9-A826-4F5A7F5EC0A4}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{07C602A2-A6F6-4719-8153-ECB1D25EBEBC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09144D7B-2C78-4FAA-9FEE-A7F165D74C69}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{110FE7EC-6683-45DB-9CE6-A8E237485C35}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{1EF5DDBF-4CC2-4D74-BF6D-A26305B8D0BB}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{22788B57-9A54-4DA6-882B-8BC38FD78958}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{25DF9285-6E80-49B7-8759-76F47E7B3DFF}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{27C9FA04-B84F-45BB-A8D6-2EDFC2191BA0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{336B4F02-A874-48A0-9A93-5B582D12BC17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40D077D2-DDD6-427B-9083-9A152BAF6882}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{4E111F7F-BCF6-4A55-9F9F-766D57BF8A0E}" = protocol=17 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{50953872-736A-4162-8A36-BE584D783F66}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{63D04C1B-1BF2-453C-BA1D-05976880727B}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{71E196D2-7820-493B-887B-7F1B57478A49}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{7EFEB2A9-518C-4888-91D5-122F5201EA2D}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{851C356D-0A52-4FD2-BEFA-AA87232FB44F}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{887091D1-5E8E-49F1-9D36-12CD9BD2E56C}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{9F346318-B9D4-4B4D-AA17-2EF27C7BCBC8}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{A1511B8B-458E-4769-A2F4-5617EF85623D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A5A6FBAF-10B1-4588-863F-2C81ED45B888}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B27266A0-686F-4A47-AD36-AFBFE63F867D}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{C259D2C6-040B-4227-AE7D-447337B0C592}" = protocol=6 | dir=in | app=c:\program files\roxio\digital home 9\roxioupnprenderer9.exe |
"{C2BE0950-BB51-4B0B-A044-392D7A930778}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{C8A923B3-FF76-46CB-BAD4-1A1F35D76E80}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D90C2720-978C-4FE9-BB59-F58E9A660933}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{DED2A77D-12FE-47E8-A642-7C9859D27A11}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{E9D5D28A-A7E3-403E-BC60-FDB769467278}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F95DF101-36A1-4AAD-A225-F92213847639}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B0EB18-51D2-4302-B92C-BBAE869FFBBF}" = BlackBerry Device Software Updater
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6E4CF694-BD0C-45EB-9602-9D6D46941250}" = LeapFrog Connect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{840F3441-EEBC-4A34-8CFE-9603580929F1}" = LeapFrog Tag Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"0E5906722E3ECA13747F1633D3F55E9F47120424" = Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PC-Doctor for Windows" = Dell Support Center
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-431974098-496421991-3974863122-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2012 9:39:38 AM | Computer Name = Tracey-smalllap | Source = EventSystem | ID = 4609
Description =

Error - 10/29/2012 9:40:32 AM | Computer Name = Tracey-smalllap | Source = WinMgmt | ID = 10
Description =

Error - 10/29/2012 9:58:34 AM | Computer Name = Tracey-smalllap | Source = EventSystem | ID = 4609
Description =

Error - 10/29/2012 10:00:16 AM | Computer Name = Tracey-smalllap | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 10.0.0.3:5353 25 3.0.0.10.in-addr.arpa.
PTR Tracey-smalllap-2.local.

Error - 10/29/2012 10:00:16 AM | Computer Name = Tracey-smalllap | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 3.0.0.10.in-addr.arpa.
PTR Tracey-smalllap.local.

Error - 10/29/2012 10:00:59 AM | Computer Name = Tracey-smalllap | Source = WinMgmt | ID = 10
Description =

Error - 10/29/2012 11:06:09 AM | Computer Name = Tracey-smalllap | Source = Perflib | ID = 1010
Description =

Error - 10/29/2012 11:06:12 AM | Computer Name = Tracey-smalllap | Source = Perflib | ID = 1008
Description =

Error - 10/29/2012 11:12:01 AM | Computer Name = Tracey-smalllap | Source = WinMgmt | ID = 10
Description =

Error - 10/29/2012 3:16:29 PM | Computer Name = Tracey-smalllap | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 9/20/2008 8:07:02 AM | Computer Name = Tracey-smalllap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 56
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/5/2009 6:41:05 PM | Computer Name = Tracey-smalllap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/5/2009 6:42:25 PM | Computer Name = Tracey-smalllap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/5/2009 6:43:21 PM | Computer Name = Tracey-smalllap | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/29/2012 11:12:03 AM | Computer Name = Tracey-smalllap | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2012 11:12:56 AM | Computer Name = Tracey-smalllap | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2012 11:12:57 AM | Computer Name = Tracey-smalllap | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2012 3:16:30 PM | Computer Name = Tracey-smalllap | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2012 3:16:30 PM | Computer Name = Tracey-smalllap | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2012 3:16:30 PM | Computer Name = Tracey-smalllap | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2012 3:16:30 PM | Computer Name = Tracey-smalllap | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2012 3:16:30 PM | Computer Name = Tracey-smalllap | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2012 3:16:30 PM | Computer Name = Tracey-smalllap | Source = Service Control Manager | ID = 7000
Description =

Error - 10/29/2012 3:16:30 PM | Computer Name = Tracey-smalllap | Source = Service Control Manager | ID = 7000
Description =


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users