Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess kit


  • This topic is locked This topic is locked
41 replies to this topic

#1 john3640

john3640

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 25 January 2013 - 03:09 PM

Greetings! I have benefited greatly from reading and using the information on the site. Love it. I have a friends pc that is beyond my skills to fix. Combofix finds zeroaccess but cant remove it.

I thought I was moderately proficient in malware removal but this one is a baddie.

Would someone assist me with a fixlist for the frst log below? I would greatly appreciate it.

John

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2013 02
Ran by SYSTEM at 25-01-2013 12:36:00
Running from E:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [] [x]
HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [460784 2007-03-15] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [460784 2007-03-15] (Gteko Ltd.)
HKLM\...\Runonce: [FixTDSS] cmd /c start /D "C:\Users\Spirz Family\Desktop" /B FixTDSS.exe -postboot [x]
HKLM\...\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [443728 2010-12-20] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

==================== Services (Whitelisted) ===================

4 AERTFilters; C:\Windows\System32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
4 DSBrokerService; "C:\Program Files\DellSupport\brkrsvc.exe" [70656 2007-03-19] ()
4 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
4 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-02-26] (Google)
4 iWinGamesInstaller; C:\Program Files\iWin Games\iWinGamesInstaller.exe [78104 2008-07-21] (iWin Inc.)
4 lxcc_device; C:\Windows\system32\lxcccoms.exe -service [537520 2007-03-26] ( )
4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.)
4 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
4 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-18] (Microsoft Corporation)
4 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [x]

==================== Drivers (Whitelisted) ====================

3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
0 FixTDSS; C:\Windows\System32\drivers\FixTDSS.sys [26872 2013-01-25] (Symantec Corporation)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-11-09] (McAfee, Inc.)
3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-02-13] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-02-13] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-02-13] (LG Electronics Inc.)
3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag.sys [23168 2011-10-10] (LG Electronics Inc.)
3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm.sys [27904 2011-10-10] (LG Electronics Inc.)
3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis.sys [71040 2011-10-21] (LG Electronics Inc.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\SPIRZF~1\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
2 MCSTRM; [x]
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 vzandnetadb; C:\Windows\System32\Drivers\lgvzandnetadb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-01-25 12:35 - 2013-01-25 12:35 - 00000000 ____D C:\FRST
2013-01-25 09:34 - 2013-01-25 09:34 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2013-01-25 09:34 - 2010-12-20 16:09 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-01-25 09:34 - 2010-12-20 16:08 - 00020952 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-25 09:20 - 2013-01-25 09:20 - 00026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2013-01-25 09:20 - 2013-01-25 09:20 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\FixTDSS
2013-01-25 09:20 - 2013-01-25 09:19 - 01931088 ____A (Symantec Corporation) C:\Users\Spirz Family\Desktop\FixTDSS.exe
2013-01-25 09:20 - 2013-01-25 09:16 - 00909518 ____A (Farbar) C:\Users\Spirz Family\Desktop\FRST.exe
2013-01-25 09:12 - 2013-01-13 17:45 - 11088872 ____A (Microsoft Corporation) C:\Users\Spirz Family\Desktop\mseinstall.exe
2013-01-25 09:01 - 2013-01-25 09:07 - 00000000 ___SD C:\Combo-Fix27990C
2013-01-25 08:56 - 2013-01-25 08:57 - 00138928 ____A C:\Windows\Minidump\Mini012513-01.dmp
2013-01-25 08:56 - 2013-01-25 08:56 - 201739942 ____A C:\Windows\MEMORY.DMP
2013-01-25 08:54 - 2013-01-25 08:54 - 00001850 ____A C:\Users\Spirz Family\Desktop\aswMBR.txt
2013-01-25 08:54 - 2013-01-25 08:54 - 00000512 ____A C:\Users\Spirz Family\Desktop\MBR.dat
2013-01-25 08:46 - 2013-01-25 08:39 - 04732416 ____A (AVAST Software) C:\Users\Spirz Family\Desktop\aswMBR.exe
2013-01-25 08:46 - 2013-01-25 08:37 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Spirz Family\Desktop\tdsskiller.exe
2013-01-25 08:46 - 2013-01-25 08:34 - 03177840 ____A (McAfee, Inc.) C:\Users\Spirz Family\Desktop\MCPR.exe
2013-01-25 08:45 - 2013-01-25 08:49 - 00000000 ___SD C:\Combo-Fix6636C
2013-01-25 08:41 - 2013-01-25 09:27 - 00024187 ____A C:\Windows\WindowsUpdate.log
2013-01-25 08:41 - 2013-01-25 08:41 - 00000016 ____A C:\Users\Spirz Family\Desktop\CFScript.txt
2013-01-25 08:32 - 2013-01-25 08:37 - 00000000 ___SD C:\Combo-Fix23701C
2013-01-25 08:16 - 2013-01-25 08:21 - 00000000 ___SD C:\Combo-Fix7866C
2013-01-25 07:59 - 2013-01-25 08:08 - 00000000 ___SD C:\Combo-Fix
2013-01-25 07:59 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-01-25 07:59 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-01-25 07:59 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-01-25 07:59 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-01-25 07:59 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-01-25 07:59 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-01-25 07:59 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-01-25 07:59 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-01-25 07:56 - 2013-01-25 09:11 - 00006910 ____A C:\Windows\PFRO.log
2013-01-25 07:50 - 2013-01-25 07:50 - 00000000 ____D C:\Program Files\CCleaner
2013-01-25 07:50 - 2011-02-02 15:35 - 00388608 ____A (Trend Micro Inc.) C:\Users\Spirz Family\Desktop\HijackThis.exe
2013-01-25 07:50 - 2011-02-02 15:34 - 07734208 ____A (Malwarebytes Corporation ) C:\Users\Spirz Family\Desktop\mbam-setup.exe
2013-01-25 07:50 - 2011-02-02 15:30 - 03006368 ____A (Piriform Ltd) C:\Users\Spirz Family\Desktop\ccsetup303.exe
2013-01-25 07:45 - 2013-01-25 07:45 - 00000000 ____D C:\Windows\pss
2013-01-25 04:55 - 2013-01-25 04:46 - 00006704 ____A C:\Users\Spirz Family\Desktop\Default_EXE.reg
2013-01-25 04:55 - 2013-01-25 04:46 - 00004808 ____A C:\Users\Spirz Family\Desktop\Default_MSC.reg
2013-01-25 04:55 - 2013-01-25 04:46 - 00004464 ____A C:\Users\Spirz Family\Desktop\Default_DLL.reg
2013-01-25 04:55 - 2013-01-25 04:45 - 05026656 ____R (Swearware) C:\Users\Spirz Family\Desktop\Combo-Fix.exe
2013-01-24 14:56 - 2013-01-24 14:56 - 00000000 ____D C:\Windows\ERDNT
2013-01-24 14:56 - 2013-01-24 14:56 - 00000000 ____D C:\Qoobox
2013-01-23 18:17 - 2013-01-25 09:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-23 18:17 - 2013-01-23 18:17 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\Malwarebytes
2013-01-23 18:17 - 2013-01-23 18:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-22 16:30 - 2013-01-22 16:30 - 01374720 ____A C:\Users\Spirz Family\Downloads\ENG TM 2 Slides.ppt
2013-01-22 16:30 - 2013-01-22 16:30 - 00469124 ____A C:\Users\Spirz Family\Downloads\ENG Team 3 20130122.pptx
2013-01-22 16:27 - 2013-01-22 16:27 - 00323198 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides (1).pptx
2013-01-22 14:05 - 2013-01-22 14:05 - 00135294 ____A C:\Users\Spirz Family\Downloads\Medical Slides (1).pptx
2013-01-15 16:23 - 2013-01-15 16:23 - 01294336 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 15JAN13.ppt
2013-01-15 11:34 - 2013-01-15 11:34 - 00147744 ____A C:\Users\Spirz Family\Downloads\Medical Slides.pptx
2013-01-15 11:28 - 2013-01-15 11:51 - 01294336 ____A C:\Users\Spirz Family\Desktop\MP Team Huddle 15JAN13.ppt
2013-01-15 11:28 - 2013-01-15 11:28 - 01259520 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 17NOV2012.ppt
2013-01-15 11:26 - 2013-01-15 11:26 - 00293570 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides.pptx
2013-01-15 11:25 - 2013-01-15 11:25 - 01289728 ____A C:\Users\Spirz Family\Downloads\18 DEC_Team_Huddle_(HHC).ppt
2013-01-15 11:22 - 2013-01-15 11:22 - 03864064 ____A C:\Users\Spirz Family\Downloads\16 Oct Team Huddle.ppt
2013-01-14 07:02 - 2013-01-14 11:16 - 00080568 ____A C:\Users\Spirz Family\Desktop\lauren invite.pptx
2013-01-11 13:24 - 2013-01-11 13:24 - 00239284 ____A C:\Users\Spirz Family\Desktop\Payments 2013.pptx
2013-01-11 06:32 - 2013-01-11 06:32 - 00086383 ____A C:\Users\Spirz Family\Desktop\Haley invite.pptx
2013-01-08 14:34 - 2012-11-22 17:35 - 02048000 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-08 14:33 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-01-08 14:33 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-08 14:32 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-08 12:18 - 2013-01-08 12:18 - 00483008 ____A C:\Users\Spirz Family\Downloads\Staff Call Brief 8 JAN 13.pptx
2013-01-04 09:27 - 2013-01-04 09:27 - 00001728 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-01-04 09:26 - 2013-01-24 18:42 - 00000000 ____D C:\Program Files\QuickTime
2013-01-03 14:15 - 2013-01-08 12:38 - 00000000 ____D C:\Users\Spirz Family\Desktop\Pics from IPAD
2013-01-03 14:08 - 2013-01-08 12:35 - 00000000 ____D C:\Users\Spirz Family\Desktop\Christmas & Winter 2012

==================== One Month Modified Files and Folders ========

2013-01-25 12:35 - 2013-01-25 12:35 - 00000000 ____D C:\FRST
2013-01-25 10:29 - 2009-12-15 20:06 - 00001356 ____A C:\Users\Spirz Family\AppData\Local\d3d9caps.dat
2013-01-25 09:39 - 2006-11-02 02:33 - 00707520 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-25 09:34 - 2013-01-25 09:34 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2013-01-25 09:34 - 2013-01-23 18:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-25 09:27 - 2013-01-25 08:41 - 00024187 ____A C:\Windows\WindowsUpdate.log
2013-01-25 09:22 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-25 09:22 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-25 09:20 - 2013-01-25 09:20 - 00026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2013-01-25 09:20 - 2013-01-25 09:20 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\FixTDSS
2013-01-25 09:19 - 2013-01-25 09:20 - 01931088 ____A (Symantec Corporation) C:\Users\Spirz Family\Desktop\FixTDSS.exe
2013-01-25 09:16 - 2013-01-25 09:20 - 00909518 ____A (Farbar) C:\Users\Spirz Family\Desktop\FRST.exe
2013-01-25 09:11 - 2013-01-25 07:56 - 00006910 ____A C:\Windows\PFRO.log
2013-01-25 09:07 - 2013-01-25 09:01 - 00000000 ___SD C:\Combo-Fix27990C
2013-01-25 08:57 - 2013-01-25 08:56 - 00138928 ____A C:\Windows\Minidump\Mini012513-01.dmp
2013-01-25 08:56 - 2013-01-25 08:56 - 201739942 ____A C:\Windows\MEMORY.DMP
2013-01-25 08:56 - 2008-04-28 19:53 - 00000000 ____D C:\Windows\Minidump
2013-01-25 08:54 - 2013-01-25 08:54 - 00001850 ____A C:\Users\Spirz Family\Desktop\aswMBR.txt
2013-01-25 08:54 - 2013-01-25 08:54 - 00000512 ____A C:\Users\Spirz Family\Desktop\MBR.dat
2013-01-25 08:53 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2013-01-25 08:49 - 2013-01-25 08:45 - 00000000 ___SD C:\Combo-Fix6636C
2013-01-25 08:41 - 2013-01-25 08:41 - 00000016 ____A C:\Users\Spirz Family\Desktop\CFScript.txt
2013-01-25 08:39 - 2013-01-25 08:46 - 04732416 ____A (AVAST Software) C:\Users\Spirz Family\Desktop\aswMBR.exe
2013-01-25 08:37 - 2013-01-25 08:46 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Spirz Family\Desktop\tdsskiller.exe
2013-01-25 08:37 - 2013-01-25 08:32 - 00000000 ___SD C:\Combo-Fix23701C
2013-01-25 08:34 - 2013-01-25 08:46 - 03177840 ____A (McAfee, Inc.) C:\Users\Spirz Family\Desktop\MCPR.exe
2013-01-25 08:24 - 2006-11-02 04:47 - 00422192 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-25 08:21 - 2013-01-25 08:16 - 00000000 ___SD C:\Combo-Fix7866C
2013-01-25 08:10 - 2009-10-19 19:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-01-25 08:10 - 2009-10-19 19:37 - 00000000 ____D C:\Users\All Users\McAfee
2013-01-25 08:08 - 2013-01-25 07:59 - 00000000 ___SD C:\Combo-Fix
2013-01-25 08:03 - 2006-11-02 03:18 - 00000000 _SHDC C:\Windows\$NtUninstallKB62230$
2013-01-25 07:50 - 2013-01-25 07:50 - 00000000 ____D C:\Program Files\CCleaner
2013-01-25 07:45 - 2013-01-25 07:45 - 00000000 ____D C:\Windows\pss
2013-01-25 06:01 - 2010-07-21 04:32 - 00073581 ____A C:\Users\All Users\nvModes.001
2013-01-25 06:01 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-25 05:24 - 2006-11-02 05:01 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-25 05:12 - 2012-06-20 11:00 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877799038-3522291278-4051485918-1000UA.job
2013-01-25 04:46 - 2013-01-25 04:55 - 00006704 ____A C:\Users\Spirz Family\Desktop\Default_EXE.reg
2013-01-25 04:46 - 2013-01-25 04:55 - 00004808 ____A C:\Users\Spirz Family\Desktop\Default_MSC.reg
2013-01-25 04:46 - 2013-01-25 04:55 - 00004464 ____A C:\Users\Spirz Family\Desktop\Default_DLL.reg
2013-01-25 04:45 - 2013-01-25 04:55 - 05026656 ____R (Swearware) C:\Users\Spirz Family\Desktop\Combo-Fix.exe
2013-01-24 18:51 - 2008-04-25 16:55 - 00000000 ____D C:\users\Spirz Family
2013-01-24 18:51 - 2006-11-02 02:22 - 56360960 ____A C:\Windows\System32\config\software_previous
2013-01-24 18:51 - 2006-11-02 02:22 - 51642368 ____A C:\Windows\System32\config\system_previous
2013-01-24 18:49 - 2010-01-01 00:46 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-01-24 18:49 - 2009-12-30 21:12 - 00000000 ____D C:\Windows\System32\vi-VN
2013-01-24 18:49 - 2009-12-30 21:12 - 00000000 ____D C:\Windows\System32\eu-ES
2013-01-24 18:49 - 2009-12-30 21:12 - 00000000 ____D C:\Windows\System32\ca-ES
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\twain_32
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\ShellNew
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\DigitalLocker
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Defender
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Calendar
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Movie Maker
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 __RSD C:\Windows\Media
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-TW
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-HK
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-CN
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\uk-UA
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\tr-TR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\th-TH
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sv-SE
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\SLUI
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sl-SI
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sk-SK
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ru-RU
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ro-RO
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ras
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-PT
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-BR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pl-PL
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nl-NL
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nb-NO
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lv-LV
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lt-LT
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ko-KR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ja-JP
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\it-IT
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\icsxml
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ias
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hu-HU
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hr-HR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\he-IL
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fr-FR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fi-FI
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\et-EE
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\el-GR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\com
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\bg-BG
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ar-SA
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\L2Schemas
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\IME
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Cursors
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\Services
2013-01-24 18:44 - 2009-12-30 18:29 - 00000000 ____D C:\Windows\System32\EventProviders
2013-01-24 18:44 - 2008-04-22 01:30 - 00000000 ____D C:\Windows\System32\RTCOM
2013-01-24 18:44 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\restore
2013-01-24 18:44 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tapi
2013-01-24 18:44 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-01-24 18:44 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-01-24 18:43 - 2011-07-09 21:57 - 00000000 ____D C:\Windows\System32\(app)
2013-01-24 18:43 - 2008-04-27 18:06 - 00000000 ____D C:\Windows\Setup2K
2013-01-24 18:43 - 2006-11-02 03:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-01-24 18:43 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-01-24 18:43 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-24 18:43 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Help
2013-01-24 18:42 - 2013-01-04 09:26 - 00000000 ____D C:\Program Files\QuickTime
2013-01-24 18:42 - 2012-12-14 08:04 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-24 18:42 - 2011-07-09 21:57 - 00000000 ____D C:\Program Files\Merge
2013-01-24 18:42 - 2009-12-28 12:24 - 00000000 ____D C:\Users\Spirz Family\Documents\e-Sword
2013-01-24 18:42 - 2009-12-11 20:13 - 00000000 ___AD C:\Users\Spirz Family\Desktop\VLC
2013-01-24 18:42 - 2009-12-08 15:26 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\Move Networks
2013-01-24 18:42 - 2009-10-14 04:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-01-24 18:42 - 2009-07-30 18:55 - 00000000 ____D C:\Program Files\TomTom HOME 2
2013-01-24 18:42 - 2009-07-29 18:50 - 00000000 ____D C:\Users\Spirz Family\AppData\Local\Microsoft Help
2013-01-24 18:42 - 2009-07-29 18:50 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-24 18:42 - 2009-07-18 20:31 - 00000000 ____D C:\Program Files\V CAST Music with Rhapsody
2013-01-24 18:42 - 2009-06-15 17:26 - 00000000 ____D C:\Users\Spirz Family\Photos once home 2009
2013-01-24 18:42 - 2008-05-07 15:24 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\PeerNetworking
2013-01-24 18:42 - 2008-05-03 19:39 - 00000000 ____D C:\Users\All Users\Ezprint
2013-01-24 18:42 - 2008-05-03 19:39 - 00000000 ____D C:\Program Files\Lx_cats
2013-01-24 18:42 - 2008-04-25 12:34 - 00000000 ____D C:\Program Files\Microsoft Disk 2
2013-01-24 18:42 - 2008-04-24 20:41 - 00000000 ____D C:\Program Files\Snapshot Viewer
2013-01-24 18:42 - 2008-04-22 01:55 - 00000000 ____D C:\Program Files\Microsoft Works
2013-01-24 18:42 - 2008-04-22 01:48 - 00000000 ____D C:\Program Files\NetWaiting
2013-01-24 18:42 - 2008-04-22 01:45 - 00000000 ____D C:\Program Files\Modem Diagnostic Tool
2013-01-24 18:41 - 2012-12-14 08:04 - 00000000 ____D C:\Program Files\iTunes
2013-01-24 18:41 - 2012-11-01 11:19 - 00000000 ____D C:\Program Files\ffdshow
2013-01-24 18:41 - 2012-11-01 11:18 - 00000000 ____D C:\Program Files\Backup Assistant Plus
2013-01-24 18:41 - 2012-10-13 04:28 - 00000000 ____D C:\Program Files\Apple Software Update
2013-01-24 18:41 - 2012-10-13 04:24 - 00000000 ____D C:\Program Files\Bonjour
2013-01-24 18:41 - 2012-01-04 08:07 - 00000000 ____D C:\KA
2013-01-24 18:41 - 2009-12-28 12:46 - 00000000 ____D C:\Program Files\Common Files\EzTools
2013-01-24 18:41 - 2009-10-28 17:51 - 00000000 ____D C:\Program Files\e-Sword
2013-01-24 18:41 - 2009-07-16 11:39 - 00000000 ____D C:\Program Files\e-Sword 7.9.8 CD
2013-01-24 18:41 - 2008-07-19 13:59 - 00000000 ____D C:\Program Files\iWin Games
2013-01-24 18:41 - 2008-05-03 19:37 - 00000000 ____D C:\Program Files\Lexmark 3300 Series
2013-01-24 18:41 - 2008-04-25 13:15 - 00000000 ____D C:\Program Files\Best Buy
2013-01-24 18:41 - 2008-04-24 20:28 - 00000000 ____D C:\Program Files\Common Files\Designer
2013-01-24 18:41 - 2008-04-22 09:04 - 00000000 ____D C:\DELL
2013-01-24 18:41 - 2008-04-22 01:53 - 00000000 ____D C:\Program Files\DellSupport
2013-01-24 18:41 - 2008-04-22 01:49 - 00000000 ____D C:\Program Files\Common Files\SureThing Shared
2013-01-24 18:41 - 2008-04-22 01:49 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2013-01-24 18:41 - 2008-04-22 01:47 - 00000000 ____D C:\Program Files\Digital Line Detect
2013-01-24 18:30 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-01-24 15:06 - 2006-11-02 02:22 - 43778048 ____A C:\Windows\System32\config\components_previous
2013-01-24 15:06 - 2006-11-02 02:22 - 00786432 ____A C:\Windows\System32\config\default_previous
2013-01-24 15:06 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-01-24 15:06 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-01-24 14:56 - 2013-01-24 14:56 - 00000000 ____D C:\Windows\ERDNT
2013-01-24 14:56 - 2013-01-24 14:56 - 00000000 ____D C:\Qoobox
2013-01-23 18:17 - 2013-01-23 18:17 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\Malwarebytes
2013-01-23 18:17 - 2013-01-23 18:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-23 00:18 - 2012-04-20 12:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-22 17:47 - 2012-11-19 07:43 - 00000000 ____D C:\Users\Spirz Family\Desktop\Dave's
2013-01-22 17:25 - 2008-04-25 17:55 - 00144384 ____A C:\Users\Spirz Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-22 17:24 - 2012-11-09 13:11 - 00000000 ____D C:\Users\Spirz Family\Desktop\Pics & Videos from IPHONE
2013-01-22 16:30 - 2013-01-22 16:30 - 01374720 ____A C:\Users\Spirz Family\Downloads\ENG TM 2 Slides.ppt
2013-01-22 16:30 - 2013-01-22 16:30 - 00469124 ____A C:\Users\Spirz Family\Downloads\ENG Team 3 20130122.pptx
2013-01-22 16:27 - 2013-01-22 16:27 - 00323198 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides (1).pptx
2013-01-22 14:05 - 2013-01-22 14:05 - 00135294 ____A C:\Users\Spirz Family\Downloads\Medical Slides (1).pptx
2013-01-22 06:11 - 2012-06-20 11:00 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877799038-3522291278-4051485918-1000Core.job
2013-01-21 16:15 - 2012-11-12 16:57 - 00000000 ____D C:\Users\Spirz Family\AppData\Local\2F87D407-DB42-4E68-A96D-DB53A7957974.aplzod
2013-01-15 16:23 - 2013-01-15 16:23 - 01294336 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 15JAN13.ppt
2013-01-15 11:51 - 2013-01-15 11:28 - 01294336 ____A C:\Users\Spirz Family\Desktop\MP Team Huddle 15JAN13.ppt
2013-01-15 11:34 - 2013-01-15 11:34 - 00147744 ____A C:\Users\Spirz Family\Downloads\Medical Slides.pptx
2013-01-15 11:28 - 2013-01-15 11:28 - 01259520 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 17NOV2012.ppt
2013-01-15 11:26 - 2013-01-15 11:26 - 00293570 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides.pptx
2013-01-15 11:25 - 2013-01-15 11:25 - 01289728 ____A C:\Users\Spirz Family\Downloads\18 DEC_Team_Huddle_(HHC).ppt
2013-01-15 11:22 - 2013-01-15 11:22 - 03864064 ____A C:\Users\Spirz Family\Downloads\16 Oct Team Huddle.ppt
2013-01-14 11:16 - 2013-01-14 07:02 - 00080568 ____A C:\Users\Spirz Family\Desktop\lauren invite.pptx
2013-01-13 17:45 - 2013-01-25 09:12 - 11088872 ____A (Microsoft Corporation) C:\Users\Spirz Family\Desktop\mseinstall.exe
2013-01-11 13:24 - 2013-01-11 13:24 - 00239284 ____A C:\Users\Spirz Family\Desktop\Payments 2013.pptx
2013-01-11 06:32 - 2013-01-11 06:32 - 00086383 ____A C:\Users\Spirz Family\Desktop\Haley invite.pptx
2013-01-09 03:19 - 2012-04-20 12:06 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-01-09 03:19 - 2011-07-05 18:27 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-01-09 02:57 - 2010-07-21 04:32 - 00073581 ____A C:\Users\All Users\nvModes.dat
2013-01-08 12:38 - 2013-01-03 14:15 - 00000000 ____D C:\Users\Spirz Family\Desktop\Pics from IPAD
2013-01-08 12:35 - 2013-01-03 14:08 - 00000000 ____D C:\Users\Spirz Family\Desktop\Christmas & Winter 2012
2013-01-08 12:18 - 2013-01-08 12:18 - 00483008 ____A C:\Users\Spirz Family\Downloads\Staff Call Brief 8 JAN 13.pptx
2013-01-04 09:27 - 2013-01-04 09:27 - 00001728 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 15:06] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-15 01:00:30
Restore point made on: 2013-01-15 22:00:36
Restore point made on: 2013-01-16 01:00:29
Restore point made on: 2013-01-16 22:00:37
Restore point made on: 2013-01-17 01:00:29
Restore point made on: 2013-01-17 22:00:36
Restore point made on: 2013-01-18 01:00:30
Restore point made on: 2013-01-18 22:00:36
Restore point made on: 2013-01-19 01:00:19
Restore point made on: 2013-01-19 17:20:28
Restore point made on: 2013-01-20 01:00:23
Restore point made on: 2013-01-20 22:00:16
Restore point made on: 2013-01-21 01:00:20
Restore point made on: 2013-01-22 01:01:01
Restore point made on: 2013-01-22 22:00:46
Restore point made on: 2013-01-23 01:00:31

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 3069.56 MB
Available physical RAM: 2729.97 MB
Total Pagefile: 2967.13 MB
Available Pagefile: 2821.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.72 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:122.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.72 GB) (Free:3.54 GB) FAT32
8 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.79 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 686 KB
Disk 1 Online 3820 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

=========================================================

Partitions of Disk 1:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

=========================================================

Last Boot: 2013-01-25 10:15

==================== End Of Log ============================

BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:40 PM

Posted 29 January 2013 - 04:33 PM

Hello john3640, and welcome to Bleeping Computer! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.

==========

Step :step1:

Before we get into that FRST log, can you reboot normally and post the Combofix log located at C:\Combofix.txt please?

==========

Step :step2:

In addition to that, please run the following tool from normal boot mode:

Run RogueKiller

Download RogueKiller from here or here and save it to your desktop.

  • Close all programs and disconnect any USB or external drives before running the tool.
  • Right-click RogueKiller.exe and select Run as Administrator.
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished", click Delete.
  • When the Status box shows "Deleting Finished", click Report and then copy and paste the log in your next reply.
  • The log can also be found at RKreport[1].txt on your desktop.

==========

In your next reply, please include the following:

  • The Combofix log
  • The RogueKiller log
  • Please let me know how the machine is running currently!

bloopie

#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:40 PM

Posted 01 February 2013 - 08:28 PM

Hello again,

Are you still with me? :)

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, I will be forced to close this topic!

bloopie

#4 john3640

john3640
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 02 February 2013 - 07:43 AM

bloopie

I am still with you. I am sorry for the delay in my responses. I will be working on the tower later today following your instructions. I appreciate very much your time and effort helping me.

John

#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:40 PM

Posted 02 February 2013 - 10:21 AM

No problem! :)

And thanks for letting me know! :thumbup2:

bloopie

#6 john3640

john3640
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 03 February 2013 - 03:08 PM

bloopie,
I am not able to find the .txt log of combofix as you requested. Also RK will not run in normal boot. The associations with exe, com, msi, and some others refuse to run with "The specified service does not exist as an installed service".

I am only able to launch executables in safe mode.

How shall I proceed?

Again, I really appreciate your time and assistance.

John

#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:40 PM

Posted 03 February 2013 - 04:23 PM

Hi again,

Glad to have you back! :)

I'd like to ask you something, I see you've ran a Combofix script. First of all, why did you run one, and what was the script you ran? The file should be on your desktop called CFScript.txt.

==========

Okay, let's try running from safemode with networking. Ignore previous normal-boot instructions for now:

Important >> Right-click and delete the version of Combofix you have from your desktop and follow the next instructions to run a new scan:

Run Combofix


Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

Post the Combofix log in your next reply and let me know what problems you are still having with the machine!

bloopie

#8 john3640

john3640
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 06 February 2013 - 09:10 AM

Hello again!
Sorry about the delays between my responses. My day job gets in the way sometimes.

Regarding the script, I don't even remember why I chose to do that, but I was at the point where I was going to image the drive, and completely repartition and reinstall the OS and begin anew. I guess I was thinking...lets just throw everything at it. I also know that this was stupid. I chastise myself.

I ran a new scan with Combofix and it alerted me that I had zero access and rebooted. It never finished like normal with a log generated. I waited a loooong time too.

I ran Rkill and it found several items. See below.

Thank you for your help and patience. (3 logs)

---log 1---
RogueKiller V8.4.4 [Feb 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User : Spirz Family [Admin rights]
Mode : Scan -- Date : 02/06/2013 07:26:34
| ARK || MBR |

Bad processes : 0

Registry Entries : 6
[RUN][SUSP PATH] HKLM\[...]\RunOnce : FixTDSS (cmd /c start /D "C:\Users\Spirz Family\Desktop" /B FixTDSS.exe -postboot) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

Extern Hives:
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] ee50b3093840538b4d462dab84b99a47
[BSP] c4e7d52e38379513119716c43b50af84 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 29f3496e8be3ffb5354854360a891868
[BSP] 62e7e81d6e996fcb65ba2073baffd9e7 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 3816 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_02062013_02d0726.txt >>
RKreport[1]_S_02062013_02d0726.txt

--log 2--

RogueKiller V8.4.4 [Feb 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User : Spirz Family [Admin rights]
Mode : Remove -- Date : 02/06/2013 07:27:24
| ARK || MBR |

Bad processes : 0

Registry Entries : 6
[RUN][SUSP PATH] HKLM\[...]\RunOnce : FixTDSS (cmd /c start /D "C:\Users\Spirz Family\Desktop" /B FixTDSS.exe -postboot) -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

Extern Hives:
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] ee50b3093840538b4d462dab84b99a47
[BSP] c4e7d52e38379513119716c43b50af84 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 29f3496e8be3ffb5354854360a891868
[BSP] 62e7e81d6e996fcb65ba2073baffd9e7 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 3816 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_02062013_02d0727.txt >>
RKreport[1]_S_02062013_02d0726.txt ; RKreport[2]_D_02062013_02d0727.txt

--log 3 --

RogueKiller V8.4.4 [Feb 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User : Spirz Family [Admin rights]
Mode : Scan -- Date : 02/06/2013 07:28:00
| ARK || MBR |

Bad processes : 0

Registry Entries : 0

Particular Files / Folders:

Driver : [NOT LOADED]

Extern Hives:
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] ee50b3093840538b4d462dab84b99a47
[BSP] c4e7d52e38379513119716c43b50af84 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 29f3496e8be3ffb5354854360a891868
[BSP] 62e7e81d6e996fcb65ba2073baffd9e7 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 3816 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_S_02062013_02d0728.txt >>
RKreport[1]_S_02062013_02d0726.txt ; RKreport[2]_D_02062013_02d0727.txt ; RKreport[3]_S_02062013_02d0728.txt


---that's it---

#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:40 PM

Posted 06 February 2013 - 09:43 AM

Hello again,

No worries, as long as you don't just leave in the middle of the cleaning process. :)

==========

Glad you got RogueKiller to run, but the logs aren't showing any ZeroAccess on the machine. That may be because Combofix has cleared it up already, but without a log it's tough to tell.

RogueKiller has fixed a few entries that could've caused Combofix to hang, but there may still be one more we should fix. And I'd like to use FRST for that:

So, I'd like you to delete from your flashdrive the FRST.exe and the FRST.txt so that we can get a fresh log with the newer version of FRST. You can download the latest version from the following link:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Run the scan and post the fresh log in your next reply! :thumbup2:

bloopie

#10 john3640

john3640
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 06 February 2013 - 10:08 AM

Good morning.

Fresh FRST downloaded and run. Log below.

Thank you!

---

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-02-2013 02
Ran by Spirz Family at 06-02-2013 09:04:59
Running from C:\Users\Spirz Family\Desktop
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.
ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-02-06 09:04 - 2013-02-06 09:02 - 00909426 ____A (Farbar) C:\Users\Spirz Family\Desktop\FRST.exe
2013-02-06 07:45 - 2013-02-06 07:52 - 00000000 ___SD C:\Combo-Fix7031C
2013-02-06 07:28 - 2013-02-06 07:28 - 00001759 ____A C:\Users\Spirz Family\Desktop\RKreport[3]_S_02062013_02d0728.txt
2013-02-06 07:27 - 2013-02-06 07:27 - 00002240 ____A C:\Users\Spirz Family\Desktop\RKreport[2]_D_02062013_02d0727.txt
2013-02-06 07:26 - 2013-02-06 07:27 - 00000000 ____D C:\Users\Spirz Family\Desktop\RK_Quarantine
2013-02-06 07:26 - 2013-02-06 07:26 - 00002179 ____A C:\Users\Spirz Family\Desktop\RKreport[1]_S_02062013_02d0726.txt
2013-02-06 07:09 - 2013-02-06 07:17 - 00000000 ___SD C:\Combo-Fix16683C
2013-02-06 07:07 - 2013-02-06 07:02 - 05029686 ____R (Swearware) C:\Users\Spirz Family\Desktop\Combo-Fix.exe
2013-02-03 14:01 - 2013-02-03 13:51 - 00775680 ____A C:\Users\Spirz Family\Desktop\RogueKiller.exe
2013-01-25 14:35 - 2013-02-06 09:04 - 00000000 ____D C:\FRST
2013-01-25 14:12 - 2013-01-25 12:38 - 00602112 ____A (OldTimer Tools) C:\Users\Spirz Family\Desktop\OTL.exe
2013-01-25 14:12 - 2013-01-25 12:37 - 00027648 ____A C:\Users\Spirz Family\Desktop\RestoreBFE.exe
2013-01-25 13:51 - 2013-01-25 13:55 - 00000000 ___SD C:\Combo-Fix4099C
2013-01-25 12:52 - 2013-01-25 12:52 - 00010646 ____N C:\bootex.log
2013-01-25 12:50 - 2013-01-25 12:50 - 00000000 __SHD C:\found.000
2013-01-25 11:34 - 2010-12-20 18:09 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-01-25 11:34 - 2010-12-20 18:08 - 00020952 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-25 11:20 - 2013-01-25 11:20 - 00026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2013-01-25 11:20 - 2013-01-25 11:20 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\FixTDSS
2013-01-25 11:20 - 2013-01-25 11:19 - 01931088 ____A (Symantec Corporation) C:\Users\Spirz Family\Desktop\FixTDSS.exe
2013-01-25 11:12 - 2013-01-13 19:45 - 11088872 ____A (Microsoft Corporation) C:\Users\Spirz Family\Desktop\mseinstall.exe
2013-01-25 11:01 - 2013-01-25 11:07 - 00000000 ___SD C:\Combo-Fix27990C
2013-01-25 10:56 - 2013-01-25 10:57 - 00138928 ____A C:\Windows\Minidump\Mini012513-01.dmp
2013-01-25 10:56 - 2013-01-25 10:56 - 201739942 ____A C:\Windows\MEMORY.DMP
2013-01-25 10:54 - 2013-01-25 10:54 - 00001850 ____A C:\Users\Spirz Family\Desktop\aswMBR.txt
2013-01-25 10:54 - 2013-01-25 10:54 - 00000512 ____A C:\Users\Spirz Family\Desktop\MBR.dat
2013-01-25 10:46 - 2013-01-25 10:39 - 04732416 ____A (AVAST Software) C:\Users\Spirz Family\Desktop\aswMBR.exe
2013-01-25 10:46 - 2013-01-25 10:37 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Spirz Family\Desktop\tdsskiller.exe
2013-01-25 10:46 - 2013-01-25 10:34 - 03177840 ____A (McAfee, Inc.) C:\Users\Spirz Family\Desktop\MCPR.exe
2013-01-25 10:45 - 2013-01-25 10:49 - 00000000 ___SD C:\Combo-Fix6636C
2013-01-25 10:41 - 2013-02-06 08:02 - 00545466 ____A C:\Windows\WindowsUpdate.log
2013-01-25 10:32 - 2013-01-25 10:37 - 00000000 ___SD C:\Combo-Fix23701C
2013-01-25 10:16 - 2013-01-25 10:21 - 00000000 ___SD C:\Combo-Fix7866C
2013-01-25 09:59 - 2013-01-25 10:08 - 00000000 ___SD C:\Combo-Fix
2013-01-25 09:59 - 2011-06-26 00:45 - 00256000 ____A C:\Windows\PEV.exe
2013-01-25 09:59 - 2010-11-07 11:20 - 00208896 ____A C:\Windows\MBR.exe
2013-01-25 09:59 - 2009-04-19 22:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-01-25 09:59 - 2000-08-30 18:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-01-25 09:59 - 2000-08-30 18:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-01-25 09:59 - 2000-08-30 18:00 - 00098816 ____A C:\Windows\sed.exe
2013-01-25 09:59 - 2000-08-30 18:00 - 00080412 ____A C:\Windows\grep.exe
2013-01-25 09:59 - 2000-08-30 18:00 - 00068096 ____A C:\Windows\zip.exe
2013-01-25 09:56 - 2013-02-06 07:53 - 00008542 ____A C:\Windows\PFRO.log
2013-01-25 09:50 - 2013-01-25 09:50 - 00000000 ____D C:\Program Files\CCleaner
2013-01-25 09:50 - 2011-02-02 17:35 - 00388608 ____A (Trend Micro Inc.) C:\Users\Spirz Family\Desktop\HijackThis.exe
2013-01-25 09:45 - 2013-01-25 09:45 - 00000000 ____D C:\Windows\pss
2013-01-25 06:55 - 2013-01-25 06:46 - 00006704 ____A C:\Users\Spirz Family\Desktop\Default_EXE.reg
2013-01-25 06:55 - 2013-01-25 06:46 - 00004808 ____A C:\Users\Spirz Family\Desktop\Default_MSC.reg
2013-01-25 06:55 - 2013-01-25 06:46 - 00004464 ____A C:\Users\Spirz Family\Desktop\Default_DLL.reg
2013-01-24 16:56 - 2013-01-24 16:56 - 00000000 ____D C:\Windows\ERDNT
2013-01-24 16:56 - 2013-01-24 16:56 - 00000000 ____D C:\Qoobox
2013-01-23 20:17 - 2013-01-25 11:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-23 20:17 - 2013-01-23 20:17 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\Malwarebytes
2013-01-23 20:17 - 2013-01-23 20:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-22 18:30 - 2013-01-22 18:30 - 01374720 ____A C:\Users\Spirz Family\Downloads\ENG TM 2 Slides.ppt
2013-01-22 18:30 - 2013-01-22 18:30 - 00469124 ____A C:\Users\Spirz Family\Downloads\ENG Team 3 20130122.pptx
2013-01-22 18:27 - 2013-01-22 18:27 - 00323198 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides (1).pptx
2013-01-22 16:05 - 2013-01-22 16:05 - 00135294 ____A C:\Users\Spirz Family\Downloads\Medical Slides (1).pptx
2013-01-15 18:23 - 2013-01-15 18:23 - 01294336 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 15JAN13.ppt
2013-01-15 13:34 - 2013-01-15 13:34 - 00147744 ____A C:\Users\Spirz Family\Downloads\Medical Slides.pptx
2013-01-15 13:28 - 2013-01-15 13:51 - 01294336 ____A C:\Users\Spirz Family\Desktop\MP Team Huddle 15JAN13.ppt
2013-01-15 13:28 - 2013-01-15 13:28 - 01259520 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 17NOV2012.ppt
2013-01-15 13:26 - 2013-01-15 13:26 - 00293570 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides.pptx
2013-01-15 13:25 - 2013-01-15 13:25 - 01289728 ____A C:\Users\Spirz Family\Downloads\18 DEC_Team_Huddle_(HHC).ppt
2013-01-15 13:22 - 2013-01-15 13:22 - 03864064 ____A C:\Users\Spirz Family\Downloads\16 Oct Team Huddle.ppt
2013-01-14 09:02 - 2013-01-14 13:16 - 00080568 ____A C:\Users\Spirz Family\Desktop\lauren invite.pptx
2013-01-11 15:24 - 2013-01-11 15:24 - 00239284 ____A C:\Users\Spirz Family\Desktop\Payments 2013.pptx
2013-01-11 08:32 - 2013-01-11 08:32 - 00086383 ____A C:\Users\Spirz Family\Desktop\Haley invite.pptx
2013-01-08 16:34 - 2012-11-22 19:35 - 02048000 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-08 16:33 - 2012-11-21 21:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-01-08 16:33 - 2012-11-19 22:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-08 16:32 - 2012-11-02 04:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-08 14:18 - 2013-01-08 14:18 - 00483008 ____A C:\Users\Spirz Family\Downloads\Staff Call Brief 8 JAN 13.pptx

==================== One Month Modified Files and Folders ========

2013-02-06 09:04 - 2013-01-25 14:35 - 00000000 ____D C:\FRST
2013-02-06 09:02 - 2013-02-06 09:04 - 00909426 ____A (Farbar) C:\Users\Spirz Family\Desktop\FRST.exe
2013-02-06 08:15 - 2006-11-02 06:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-06 08:15 - 2006-11-02 06:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-06 08:02 - 2013-01-25 10:41 - 00545466 ____A C:\Windows\WindowsUpdate.log
2013-02-06 07:57 - 2006-11-02 04:33 - 00707520 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-06 07:53 - 2013-01-25 09:56 - 00008542 ____A C:\Windows\PFRO.log
2013-02-06 07:52 - 2013-02-06 07:45 - 00000000 ___SD C:\Combo-Fix7031C
2013-02-06 07:28 - 2013-02-06 07:28 - 00001759 ____A C:\Users\Spirz Family\Desktop\RKreport[3]_S_02062013_02d0728.txt
2013-02-06 07:27 - 2013-02-06 07:27 - 00002240 ____A C:\Users\Spirz Family\Desktop\RKreport[2]_D_02062013_02d0727.txt
2013-02-06 07:27 - 2013-02-06 07:26 - 00000000 ____D C:\Users\Spirz Family\Desktop\RK_Quarantine
2013-02-06 07:26 - 2013-02-06 07:26 - 00002179 ____A C:\Users\Spirz Family\Desktop\RKreport[1]_S_02062013_02d0726.txt
2013-02-06 07:17 - 2013-02-06 07:09 - 00000000 ___SD C:\Combo-Fix16683C
2013-02-06 07:02 - 2013-02-06 07:07 - 05029686 ____R (Swearware) C:\Users\Spirz Family\Desktop\Combo-Fix.exe
2013-02-04 17:11 - 2009-12-15 22:06 - 00001356 ____A C:\Users\Spirz Family\AppData\Local\d3d9caps.dat
2013-02-03 13:51 - 2013-02-03 14:01 - 00775680 ____A C:\Users\Spirz Family\Desktop\RogueKiller.exe
2013-01-25 13:55 - 2013-01-25 13:51 - 00000000 ___SD C:\Combo-Fix4099C
2013-01-25 12:52 - 2013-01-25 12:52 - 00010646 ____N C:\bootex.log
2013-01-25 12:50 - 2013-01-25 12:50 - 00000000 __SHD C:\found.000
2013-01-25 12:38 - 2013-01-25 14:12 - 00602112 ____A (OldTimer Tools) C:\Users\Spirz Family\Desktop\OTL.exe
2013-01-25 12:37 - 2013-01-25 14:12 - 00027648 ____A C:\Users\Spirz Family\Desktop\RestoreBFE.exe
2013-01-25 11:34 - 2013-01-23 20:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-25 11:20 - 2013-01-25 11:20 - 00026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2013-01-25 11:20 - 2013-01-25 11:20 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\FixTDSS
2013-01-25 11:19 - 2013-01-25 11:20 - 01931088 ____A (Symantec Corporation) C:\Users\Spirz Family\Desktop\FixTDSS.exe
2013-01-25 11:07 - 2013-01-25 11:01 - 00000000 ___SD C:\Combo-Fix27990C
2013-01-25 10:57 - 2013-01-25 10:56 - 00138928 ____A C:\Windows\Minidump\Mini012513-01.dmp
2013-01-25 10:56 - 2013-01-25 10:56 - 201739942 ____A C:\Windows\MEMORY.DMP
2013-01-25 10:56 - 2008-04-28 21:53 - 00000000 ____D C:\Windows\Minidump
2013-01-25 10:54 - 2013-01-25 10:54 - 00001850 ____A C:\Users\Spirz Family\Desktop\aswMBR.txt
2013-01-25 10:54 - 2013-01-25 10:54 - 00000512 ____A C:\Users\Spirz Family\Desktop\MBR.dat
2013-01-25 10:53 - 2006-11-02 05:18 - 00000000 ___RD C:\users\Public
2013-01-25 10:49 - 2013-01-25 10:45 - 00000000 ___SD C:\Combo-Fix6636C
2013-01-25 10:39 - 2013-01-25 10:46 - 04732416 ____A (AVAST Software) C:\Users\Spirz Family\Desktop\aswMBR.exe
2013-01-25 10:37 - 2013-01-25 10:46 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Spirz Family\Desktop\tdsskiller.exe
2013-01-25 10:37 - 2013-01-25 10:32 - 00000000 ___SD C:\Combo-Fix23701C
2013-01-25 10:34 - 2013-01-25 10:46 - 03177840 ____A (McAfee, Inc.) C:\Users\Spirz Family\Desktop\MCPR.exe
2013-01-25 10:24 - 2006-11-02 06:47 - 00422192 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-25 10:21 - 2013-01-25 10:16 - 00000000 ___SD C:\Combo-Fix7866C
2013-01-25 10:10 - 2009-10-19 21:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-01-25 10:10 - 2009-10-19 21:37 - 00000000 ____D C:\Users\All Users\McAfee
2013-01-25 10:08 - 2013-01-25 09:59 - 00000000 ___SD C:\Combo-Fix
2013-01-25 10:03 - 2006-11-02 05:18 - 00000000 _SHDC C:\Windows\$NtUninstallKB62230$
2013-01-25 09:50 - 2013-01-25 09:50 - 00000000 ____D C:\Program Files\CCleaner
2013-01-25 09:45 - 2013-01-25 09:45 - 00000000 ____D C:\Windows\pss
2013-01-25 08:01 - 2010-07-21 06:32 - 00073581 ____A C:\Users\All Users\nvModes.001
2013-01-25 08:01 - 2006-11-02 07:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-25 07:24 - 2006-11-02 07:01 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-25 07:12 - 2012-06-20 13:00 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877799038-3522291278-4051485918-1000UA.job
2013-01-25 06:46 - 2013-01-25 06:55 - 00006704 ____A C:\Users\Spirz Family\Desktop\Default_EXE.reg
2013-01-25 06:46 - 2013-01-25 06:55 - 00004808 ____A C:\Users\Spirz Family\Desktop\Default_MSC.reg
2013-01-25 06:46 - 2013-01-25 06:55 - 00004464 ____A C:\Users\Spirz Family\Desktop\Default_DLL.reg
2013-01-24 20:51 - 2008-04-25 18:55 - 00000000 ____D C:\users\Spirz Family
2013-01-24 20:51 - 2006-11-02 04:22 - 56360960 ____A C:\Windows\System32\config\software_previous
2013-01-24 20:51 - 2006-11-02 04:22 - 51642368 ____A C:\Windows\System32\config\system_previous
2013-01-24 20:49 - 2010-01-01 02:46 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-01-24 20:49 - 2009-12-30 23:12 - 00000000 ____D C:\Windows\System32\vi-VN
2013-01-24 20:49 - 2009-12-30 23:12 - 00000000 ____D C:\Windows\System32\eu-ES
2013-01-24 20:49 - 2009-12-30 23:12 - 00000000 ____D C:\Windows\System32\ca-ES
2013-01-24 20:49 - 2006-11-02 06:37 - 00000000 ____D C:\Windows\twain_32
2013-01-24 20:49 - 2006-11-02 06:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-01-24 20:49 - 2006-11-02 06:37 - 00000000 ____D C:\Windows\ShellNew
2013-01-24 20:49 - 2006-11-02 06:37 - 00000000 ____D C:\Windows\DigitalLocker
2013-01-24 20:49 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-01-24 20:49 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2013-01-24 20:49 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-01-24 20:49 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Windows Defender
2013-01-24 20:49 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2013-01-24 20:49 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Windows Calendar
2013-01-24 20:49 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Movie Maker
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 __RSD C:\Windows\Media
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\zh-TW
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\zh-HK
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\zh-CN
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\uk-UA
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\tr-TR
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\th-TH
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\sv-SE
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\SLUI
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\sl-SI
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\sk-SK
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\ru-RU
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\ro-RO
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\ras
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\pt-PT
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\pt-BR
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\pl-PL
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\nl-NL
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\nb-NO
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\lv-LV
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\lt-LT
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\ko-KR
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\ja-JP
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\it-IT
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\icsxml
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\ias
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\hu-HU
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\hr-HR
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\he-IL
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\fr-FR
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\fi-FI
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\et-EE
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\el-GR
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\com
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\bg-BG
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\ar-SA
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\system
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\MSAgent
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\L2Schemas
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\IME
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Cursors
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-01-24 20:49 - 2006-11-02 05:18 - 00000000 ____D C:\Program Files\Common Files\Services
2013-01-24 20:44 - 2009-12-30 20:29 - 00000000 ____D C:\Windows\System32\EventProviders
2013-01-24 20:44 - 2008-04-22 03:30 - 00000000 ____D C:\Windows\System32\RTCOM
2013-01-24 20:44 - 2006-11-02 06:37 - 00000000 ____D C:\Windows\System32\restore
2013-01-24 20:44 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\tapi
2013-01-24 20:44 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\spool
2013-01-24 20:44 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-01-24 20:43 - 2011-07-09 23:57 - 00000000 ____D C:\Windows\System32\(app)
2013-01-24 20:43 - 2008-04-27 20:06 - 00000000 ____D C:\Windows\Setup2K
2013-01-24 20:43 - 2006-11-02 05:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-01-24 20:43 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\rescache
2013-01-24 20:43 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-24 20:43 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\Help
2013-01-24 20:42 - 2013-01-04 11:26 - 00000000 ____D C:\Program Files\QuickTime
2013-01-24 20:42 - 2012-12-14 10:04 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-24 20:42 - 2011-07-09 23:57 - 00000000 ____D C:\Program Files\Merge
2013-01-24 20:42 - 2009-12-28 14:24 - 00000000 ____D C:\Users\Spirz Family\Documents\e-Sword
2013-01-24 20:42 - 2009-12-11 22:13 - 00000000 ___AD C:\Users\Spirz Family\Desktop\VLC
2013-01-24 20:42 - 2009-12-08 17:26 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\Move Networks
2013-01-24 20:42 - 2009-10-14 06:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-01-24 20:42 - 2009-07-30 20:55 - 00000000 ____D C:\Program Files\TomTom HOME 2
2013-01-24 20:42 - 2009-07-29 20:50 - 00000000 ____D C:\Users\Spirz Family\AppData\Local\Microsoft Help
2013-01-24 20:42 - 2009-07-29 20:50 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-24 20:42 - 2009-07-18 22:31 - 00000000 ____D C:\Program Files\V CAST Music with Rhapsody
2013-01-24 20:42 - 2009-06-15 19:26 - 00000000 ____D C:\Users\Spirz Family\Photos once home 2009
2013-01-24 20:42 - 2008-05-07 17:24 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\PeerNetworking
2013-01-24 20:42 - 2008-05-03 21:39 - 00000000 ____D C:\Users\All Users\Ezprint
2013-01-24 20:42 - 2008-05-03 21:39 - 00000000 ____D C:\Program Files\Lx_cats
2013-01-24 20:42 - 2008-04-25 14:34 - 00000000 ____D C:\Program Files\Microsoft Disk 2
2013-01-24 20:42 - 2008-04-24 22:41 - 00000000 ____D C:\Program Files\Snapshot Viewer
2013-01-24 20:42 - 2008-04-22 03:55 - 00000000 ____D C:\Program Files\Microsoft Works
2013-01-24 20:42 - 2008-04-22 03:48 - 00000000 ____D C:\Program Files\NetWaiting
2013-01-24 20:42 - 2008-04-22 03:45 - 00000000 ____D C:\Program Files\Modem Diagnostic Tool
2013-01-24 20:41 - 2012-12-14 10:04 - 00000000 ____D C:\Program Files\iTunes
2013-01-24 20:41 - 2012-11-01 13:19 - 00000000 ____D C:\Program Files\ffdshow
2013-01-24 20:41 - 2012-11-01 13:18 - 00000000 ____D C:\Program Files\Backup Assistant Plus
2013-01-24 20:41 - 2012-10-13 06:28 - 00000000 ____D C:\Program Files\Apple Software Update
2013-01-24 20:41 - 2012-10-13 06:24 - 00000000 ____D C:\Program Files\Bonjour
2013-01-24 20:41 - 2012-01-04 10:07 - 00000000 ____D C:\KA
2013-01-24 20:41 - 2009-12-28 14:46 - 00000000 ____D C:\Program Files\Common Files\EzTools
2013-01-24 20:41 - 2009-10-28 19:51 - 00000000 ____D C:\Program Files\e-Sword
2013-01-24 20:41 - 2009-07-16 13:39 - 00000000 ____D C:\Program Files\e-Sword 7.9.8 CD
2013-01-24 20:41 - 2008-07-19 15:59 - 00000000 ____D C:\Program Files\iWin Games
2013-01-24 20:41 - 2008-05-03 21:37 - 00000000 ____D C:\Program Files\Lexmark 3300 Series
2013-01-24 20:41 - 2008-04-25 15:15 - 00000000 ____D C:\Program Files\Best Buy
2013-01-24 20:41 - 2008-04-24 22:28 - 00000000 ____D C:\Program Files\Common Files\Designer
2013-01-24 20:41 - 2008-04-22 11:04 - 00000000 ____D C:\DELL
2013-01-24 20:41 - 2008-04-22 03:53 - 00000000 ____D C:\Program Files\DellSupport
2013-01-24 20:41 - 2008-04-22 03:49 - 00000000 ____D C:\Program Files\Common Files\SureThing Shared
2013-01-24 20:41 - 2008-04-22 03:49 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2013-01-24 20:41 - 2008-04-22 03:47 - 00000000 ____D C:\Program Files\Digital Line Detect
2013-01-24 20:30 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\registration
2013-01-24 17:06 - 2006-11-02 04:22 - 43778048 ____A C:\Windows\System32\config\components_previous
2013-01-24 17:06 - 2006-11-02 04:22 - 00786432 ____A C:\Windows\System32\config\default_previous
2013-01-24 17:06 - 2006-11-02 04:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-01-24 17:06 - 2006-11-02 04:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-01-24 16:56 - 2013-01-24 16:56 - 00000000 ____D C:\Windows\ERDNT
2013-01-24 16:56 - 2013-01-24 16:56 - 00000000 ____D C:\Qoobox
2013-01-23 20:17 - 2013-01-23 20:17 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\Malwarebytes
2013-01-23 20:17 - 2013-01-23 20:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-23 02:18 - 2012-04-20 14:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-22 19:47 - 2012-11-19 09:43 - 00000000 ____D C:\Users\Spirz Family\Desktop\Dave's
2013-01-22 19:25 - 2008-04-25 19:55 - 00144384 ____A C:\Users\Spirz Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-22 19:24 - 2012-11-09 15:11 - 00000000 ____D C:\Users\Spirz Family\Desktop\Pics & Videos from IPHONE
2013-01-22 18:30 - 2013-01-22 18:30 - 01374720 ____A C:\Users\Spirz Family\Downloads\ENG TM 2 Slides.ppt
2013-01-22 18:30 - 2013-01-22 18:30 - 00469124 ____A C:\Users\Spirz Family\Downloads\ENG Team 3 20130122.pptx
2013-01-22 18:27 - 2013-01-22 18:27 - 00323198 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides (1).pptx
2013-01-22 16:05 - 2013-01-22 16:05 - 00135294 ____A C:\Users\Spirz Family\Downloads\Medical Slides (1).pptx
2013-01-22 08:11 - 2012-06-20 13:00 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877799038-3522291278-4051485918-1000Core.job
2013-01-21 18:15 - 2012-11-12 18:57 - 00000000 ____D C:\Users\Spirz Family\AppData\Local\2F87D407-DB42-4E68-A96D-DB53A7957974.aplzod
2013-01-15 18:23 - 2013-01-15 18:23 - 01294336 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 15JAN13.ppt
2013-01-15 13:51 - 2013-01-15 13:28 - 01294336 ____A C:\Users\Spirz Family\Desktop\MP Team Huddle 15JAN13.ppt
2013-01-15 13:34 - 2013-01-15 13:34 - 00147744 ____A C:\Users\Spirz Family\Downloads\Medical Slides.pptx
2013-01-15 13:28 - 2013-01-15 13:28 - 01259520 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 17NOV2012.ppt
2013-01-15 13:26 - 2013-01-15 13:26 - 00293570 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides.pptx
2013-01-15 13:25 - 2013-01-15 13:25 - 01289728 ____A C:\Users\Spirz Family\Downloads\18 DEC_Team_Huddle_(HHC).ppt
2013-01-15 13:22 - 2013-01-15 13:22 - 03864064 ____A C:\Users\Spirz Family\Downloads\16 Oct Team Huddle.ppt
2013-01-14 13:16 - 2013-01-14 09:02 - 00080568 ____A C:\Users\Spirz Family\Desktop\lauren invite.pptx
2013-01-13 19:45 - 2013-01-25 11:12 - 11088872 ____A (Microsoft Corporation) C:\Users\Spirz Family\Desktop\mseinstall.exe
2013-01-11 15:24 - 2013-01-11 15:24 - 00239284 ____A C:\Users\Spirz Family\Desktop\Payments 2013.pptx
2013-01-11 08:32 - 2013-01-11 08:32 - 00086383 ____A C:\Users\Spirz Family\Desktop\Haley invite.pptx
2013-01-09 05:19 - 2012-04-20 14:06 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-01-09 05:19 - 2011-07-05 20:27 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-01-09 04:57 - 2010-07-21 06:32 - 00073581 ____A C:\Users\All Users\nvModes.dat
2013-01-08 14:38 - 2013-01-03 16:15 - 00000000 ____D C:\Users\Spirz Family\Desktop\Pics from IPAD
2013-01-08 14:35 - 2013-01-03 16:08 - 00000000 ____D C:\Users\Spirz Family\Desktop\Christmas & Winter 2012
2013-01-08 14:18 - 2013-01-08 14:18 - 00483008 ____A C:\Users\Spirz Family\Downloads\Staff Call Brief 8 JAN 13.pptx

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 17:06] - [2012-08-21 05:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3069.45 MB
Available physical RAM: 2639.71 MB
Total Pagefile: 6339.88 MB
Available Pagefile: 6117.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.01 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:122.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.78 GB) NTFS
4 Drive f: () (Removable) (Total:3.72 GB) (Free:3.53 GB) FAT32

See the System Event Log for more information.


Last Boot: 2013-02-06 07:59

==================== End Of Log ============================

#11 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:40 PM

Posted 06 February 2013 - 12:00 PM

I'm sorry, I should have specified...the tool should be run from the recovery environment just as you did the first time. Please run the tool again the same way you did the first time.

If you're unsure how you did this the first time, follow these instructions:

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
bloopie

#12 john3640

john3640
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 06 February 2013 - 12:09 PM

Oops! I knew better. We could just ... delete that post...ha ha ha

Here is the proper log.

Thank you again.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-02-2013 02
Ran by SYSTEM at 06-02-2013 11:04:45
Running from E:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [] [x]
HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [460784 2007-03-15] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [460784 2007-03-15] (Gteko Ltd.)
HKLM\...\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [443728 2010-12-20] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

==================== Services (Whitelisted) ===================

4 AERTFilters; C:\Windows\System32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
4 DSBrokerService; "C:\Program Files\DellSupport\brkrsvc.exe" [70656 2007-03-19] ()
4 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
4 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2011-02-26] (Google)
4 iWinGamesInstaller; C:\Program Files\iWin Games\iWinGamesInstaller.exe [78104 2008-07-21] (iWin Inc.)
4 lxcc_device; C:\Windows\system32\lxcccoms.exe -service [537520 2007-03-26] ( )
4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.)
4 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
4 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-18] (Microsoft Corporation)
4 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [x]

==================== Drivers (Whitelisted) ====================

3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2002-10-01] (SP)
0 FixTDSS; C:\Windows\System32\drivers\FixTDSS.sys [26872 2013-01-25] (Symantec Corporation)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-11-09] (McAfee, Inc.)
3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-02-13] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-02-13] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-02-13] (LG Electronics Inc.)
3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag.sys [23168 2011-10-10] (LG Electronics Inc.)
3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm.sys [27904 2011-10-10] (LG Electronics Inc.)
3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis.sys [71040 2011-10-21] (LG Electronics Inc.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\SPIRZF~1\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
2 MCSTRM; [x]
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 vzandnetadb; C:\Windows\System32\Drivers\lgvzandnetadb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-02-06 07:05 - 2013-02-06 07:05 - 00027068 ____A C:\Users\Spirz Family\Desktop\FRST.txt
2013-02-06 07:04 - 2013-02-06 07:02 - 00909426 ____A (Farbar) C:\Users\Spirz Family\Desktop\FRST.exe
2013-02-06 05:45 - 2013-02-06 05:52 - 00000000 ___SD C:\Combo-Fix7031C
2013-02-06 05:28 - 2013-02-06 05:28 - 00001759 ____A C:\Users\Spirz Family\Desktop\RKreport[3]_S_02062013_02d0728.txt
2013-02-06 05:27 - 2013-02-06 05:27 - 00002240 ____A C:\Users\Spirz Family\Desktop\RKreport[2]_D_02062013_02d0727.txt
2013-02-06 05:26 - 2013-02-06 05:27 - 00000000 ____D C:\Users\Spirz Family\Desktop\RK_Quarantine
2013-02-06 05:26 - 2013-02-06 05:26 - 00002179 ____A C:\Users\Spirz Family\Desktop\RKreport[1]_S_02062013_02d0726.txt
2013-02-06 05:09 - 2013-02-06 05:17 - 00000000 ___SD C:\Combo-Fix16683C
2013-02-06 05:07 - 2013-02-06 05:02 - 05029686 ____R (Swearware) C:\Users\Spirz Family\Desktop\Combo-Fix.exe
2013-02-03 12:01 - 2013-02-03 11:51 - 00775680 ____A C:\Users\Spirz Family\Desktop\RogueKiller.exe
2013-01-25 12:35 - 2013-02-06 07:04 - 00000000 ____D C:\FRST
2013-01-25 12:12 - 2013-01-25 10:38 - 00602112 ____A (OldTimer Tools) C:\Users\Spirz Family\Desktop\OTL.exe
2013-01-25 12:12 - 2013-01-25 10:37 - 00027648 ____A C:\Users\Spirz Family\Desktop\RestoreBFE.exe
2013-01-25 11:51 - 2013-01-25 11:55 - 00000000 ___SD C:\Combo-Fix4099C
2013-01-25 10:52 - 2013-01-25 10:52 - 00010646 ____N C:\bootex.log
2013-01-25 10:50 - 2013-01-25 10:50 - 00000000 __SHD C:\found.000
2013-01-25 09:34 - 2010-12-20 16:09 - 00038224 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-01-25 09:34 - 2010-12-20 16:08 - 00020952 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-25 09:20 - 2013-01-25 09:20 - 00026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2013-01-25 09:20 - 2013-01-25 09:20 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\FixTDSS
2013-01-25 09:20 - 2013-01-25 09:19 - 01931088 ____A (Symantec Corporation) C:\Users\Spirz Family\Desktop\FixTDSS.exe
2013-01-25 09:12 - 2013-01-13 17:45 - 11088872 ____A (Microsoft Corporation) C:\Users\Spirz Family\Desktop\mseinstall.exe
2013-01-25 09:01 - 2013-01-25 09:07 - 00000000 ___SD C:\Combo-Fix27990C
2013-01-25 08:56 - 2013-01-25 08:57 - 00138928 ____A C:\Windows\Minidump\Mini012513-01.dmp
2013-01-25 08:56 - 2013-01-25 08:56 - 201739942 ____A C:\Windows\MEMORY.DMP
2013-01-25 08:54 - 2013-01-25 08:54 - 00001850 ____A C:\Users\Spirz Family\Desktop\aswMBR.txt
2013-01-25 08:54 - 2013-01-25 08:54 - 00000512 ____A C:\Users\Spirz Family\Desktop\MBR.dat
2013-01-25 08:46 - 2013-01-25 08:39 - 04732416 ____A (AVAST Software) C:\Users\Spirz Family\Desktop\aswMBR.exe
2013-01-25 08:46 - 2013-01-25 08:37 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Spirz Family\Desktop\tdsskiller.exe
2013-01-25 08:46 - 2013-01-25 08:34 - 03177840 ____A (McAfee, Inc.) C:\Users\Spirz Family\Desktop\MCPR.exe
2013-01-25 08:45 - 2013-01-25 08:49 - 00000000 ___SD C:\Combo-Fix6636C
2013-01-25 08:41 - 2013-02-06 06:02 - 00545466 ____A C:\Windows\WindowsUpdate.log
2013-01-25 08:32 - 2013-01-25 08:37 - 00000000 ___SD C:\Combo-Fix23701C
2013-01-25 08:16 - 2013-01-25 08:21 - 00000000 ___SD C:\Combo-Fix7866C
2013-01-25 07:59 - 2013-01-25 08:08 - 00000000 ___SD C:\Combo-Fix
2013-01-25 07:59 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-01-25 07:59 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-01-25 07:59 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-01-25 07:59 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-01-25 07:59 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-01-25 07:59 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-01-25 07:59 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-01-25 07:59 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-01-25 07:56 - 2013-02-06 05:53 - 00008542 ____A C:\Windows\PFRO.log
2013-01-25 07:50 - 2013-01-25 07:50 - 00000000 ____D C:\Program Files\CCleaner
2013-01-25 07:50 - 2011-02-02 15:35 - 00388608 ____A (Trend Micro Inc.) C:\Users\Spirz Family\Desktop\HijackThis.exe
2013-01-25 07:45 - 2013-01-25 07:45 - 00000000 ____D C:\Windows\pss
2013-01-25 04:55 - 2013-01-25 04:46 - 00006704 ____A C:\Users\Spirz Family\Desktop\Default_EXE.reg
2013-01-25 04:55 - 2013-01-25 04:46 - 00004808 ____A C:\Users\Spirz Family\Desktop\Default_MSC.reg
2013-01-25 04:55 - 2013-01-25 04:46 - 00004464 ____A C:\Users\Spirz Family\Desktop\Default_DLL.reg
2013-01-24 14:56 - 2013-01-24 14:56 - 00000000 ____D C:\Windows\ERDNT
2013-01-24 14:56 - 2013-01-24 14:56 - 00000000 ____D C:\Qoobox
2013-01-23 18:17 - 2013-01-25 09:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-23 18:17 - 2013-01-23 18:17 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\Malwarebytes
2013-01-23 18:17 - 2013-01-23 18:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-22 16:30 - 2013-01-22 16:30 - 01374720 ____A C:\Users\Spirz Family\Downloads\ENG TM 2 Slides.ppt
2013-01-22 16:30 - 2013-01-22 16:30 - 00469124 ____A C:\Users\Spirz Family\Downloads\ENG Team 3 20130122.pptx
2013-01-22 16:27 - 2013-01-22 16:27 - 00323198 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides (1).pptx
2013-01-22 14:05 - 2013-01-22 14:05 - 00135294 ____A C:\Users\Spirz Family\Downloads\Medical Slides (1).pptx
2013-01-15 16:23 - 2013-01-15 16:23 - 01294336 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 15JAN13.ppt
2013-01-15 11:34 - 2013-01-15 11:34 - 00147744 ____A C:\Users\Spirz Family\Downloads\Medical Slides.pptx
2013-01-15 11:28 - 2013-01-15 11:51 - 01294336 ____A C:\Users\Spirz Family\Desktop\MP Team Huddle 15JAN13.ppt
2013-01-15 11:28 - 2013-01-15 11:28 - 01259520 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 17NOV2012.ppt
2013-01-15 11:26 - 2013-01-15 11:26 - 00293570 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides.pptx
2013-01-15 11:25 - 2013-01-15 11:25 - 01289728 ____A C:\Users\Spirz Family\Downloads\18 DEC_Team_Huddle_(HHC).ppt
2013-01-15 11:22 - 2013-01-15 11:22 - 03864064 ____A C:\Users\Spirz Family\Downloads\16 Oct Team Huddle.ppt
2013-01-14 07:02 - 2013-01-14 11:16 - 00080568 ____A C:\Users\Spirz Family\Desktop\lauren invite.pptx
2013-01-11 13:24 - 2013-01-11 13:24 - 00239284 ____A C:\Users\Spirz Family\Desktop\Payments 2013.pptx
2013-01-11 06:32 - 2013-01-11 06:32 - 00086383 ____A C:\Users\Spirz Family\Desktop\Haley invite.pptx
2013-01-08 14:34 - 2012-11-22 17:35 - 02048000 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-08 14:33 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-01-08 14:33 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-08 14:32 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-08 12:18 - 2013-01-08 12:18 - 00483008 ____A C:\Users\Spirz Family\Downloads\Staff Call Brief 8 JAN 13.pptx

==================== One Month Modified Files and Folders ========

2013-02-06 07:05 - 2013-02-06 07:05 - 00027068 ____A C:\Users\Spirz Family\Desktop\FRST.txt
2013-02-06 07:04 - 2013-01-25 12:35 - 00000000 ____D C:\FRST
2013-02-06 07:02 - 2013-02-06 07:04 - 00909426 ____A (Farbar) C:\Users\Spirz Family\Desktop\FRST.exe
2013-02-06 06:15 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-06 06:15 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-06 06:02 - 2013-01-25 08:41 - 00545466 ____A C:\Windows\WindowsUpdate.log
2013-02-06 05:57 - 2006-11-02 02:33 - 00707520 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-06 05:53 - 2013-01-25 07:56 - 00008542 ____A C:\Windows\PFRO.log
2013-02-06 05:52 - 2013-02-06 05:45 - 00000000 ___SD C:\Combo-Fix7031C
2013-02-06 05:28 - 2013-02-06 05:28 - 00001759 ____A C:\Users\Spirz Family\Desktop\RKreport[3]_S_02062013_02d0728.txt
2013-02-06 05:27 - 2013-02-06 05:27 - 00002240 ____A C:\Users\Spirz Family\Desktop\RKreport[2]_D_02062013_02d0727.txt
2013-02-06 05:27 - 2013-02-06 05:26 - 00000000 ____D C:\Users\Spirz Family\Desktop\RK_Quarantine
2013-02-06 05:26 - 2013-02-06 05:26 - 00002179 ____A C:\Users\Spirz Family\Desktop\RKreport[1]_S_02062013_02d0726.txt
2013-02-06 05:17 - 2013-02-06 05:09 - 00000000 ___SD C:\Combo-Fix16683C
2013-02-06 05:02 - 2013-02-06 05:07 - 05029686 ____R (Swearware) C:\Users\Spirz Family\Desktop\Combo-Fix.exe
2013-02-04 15:11 - 2009-12-15 20:06 - 00001356 ____A C:\Users\Spirz Family\AppData\Local\d3d9caps.dat
2013-02-03 11:51 - 2013-02-03 12:01 - 00775680 ____A C:\Users\Spirz Family\Desktop\RogueKiller.exe
2013-01-25 11:55 - 2013-01-25 11:51 - 00000000 ___SD C:\Combo-Fix4099C
2013-01-25 10:52 - 2013-01-25 10:52 - 00010646 ____N C:\bootex.log
2013-01-25 10:50 - 2013-01-25 10:50 - 00000000 __SHD C:\found.000
2013-01-25 10:38 - 2013-01-25 12:12 - 00602112 ____A (OldTimer Tools) C:\Users\Spirz Family\Desktop\OTL.exe
2013-01-25 10:37 - 2013-01-25 12:12 - 00027648 ____A C:\Users\Spirz Family\Desktop\RestoreBFE.exe
2013-01-25 09:34 - 2013-01-23 18:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-01-25 09:20 - 2013-01-25 09:20 - 00026872 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixTDSS.sys
2013-01-25 09:20 - 2013-01-25 09:20 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\FixTDSS
2013-01-25 09:19 - 2013-01-25 09:20 - 01931088 ____A (Symantec Corporation) C:\Users\Spirz Family\Desktop\FixTDSS.exe
2013-01-25 09:07 - 2013-01-25 09:01 - 00000000 ___SD C:\Combo-Fix27990C
2013-01-25 08:57 - 2013-01-25 08:56 - 00138928 ____A C:\Windows\Minidump\Mini012513-01.dmp
2013-01-25 08:56 - 2013-01-25 08:56 - 201739942 ____A C:\Windows\MEMORY.DMP
2013-01-25 08:56 - 2008-04-28 19:53 - 00000000 ____D C:\Windows\Minidump
2013-01-25 08:54 - 2013-01-25 08:54 - 00001850 ____A C:\Users\Spirz Family\Desktop\aswMBR.txt
2013-01-25 08:54 - 2013-01-25 08:54 - 00000512 ____A C:\Users\Spirz Family\Desktop\MBR.dat
2013-01-25 08:53 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2013-01-25 08:49 - 2013-01-25 08:45 - 00000000 ___SD C:\Combo-Fix6636C
2013-01-25 08:39 - 2013-01-25 08:46 - 04732416 ____A (AVAST Software) C:\Users\Spirz Family\Desktop\aswMBR.exe
2013-01-25 08:37 - 2013-01-25 08:46 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Spirz Family\Desktop\tdsskiller.exe
2013-01-25 08:37 - 2013-01-25 08:32 - 00000000 ___SD C:\Combo-Fix23701C
2013-01-25 08:34 - 2013-01-25 08:46 - 03177840 ____A (McAfee, Inc.) C:\Users\Spirz Family\Desktop\MCPR.exe
2013-01-25 08:24 - 2006-11-02 04:47 - 00422192 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-25 08:21 - 2013-01-25 08:16 - 00000000 ___SD C:\Combo-Fix7866C
2013-01-25 08:10 - 2009-10-19 19:38 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-01-25 08:10 - 2009-10-19 19:37 - 00000000 ____D C:\Users\All Users\McAfee
2013-01-25 08:08 - 2013-01-25 07:59 - 00000000 ___SD C:\Combo-Fix
2013-01-25 08:03 - 2006-11-02 03:18 - 00000000 _SHDC C:\Windows\$NtUninstallKB62230$
2013-01-25 07:50 - 2013-01-25 07:50 - 00000000 ____D C:\Program Files\CCleaner
2013-01-25 07:45 - 2013-01-25 07:45 - 00000000 ____D C:\Windows\pss
2013-01-25 06:01 - 2010-07-21 04:32 - 00073581 ____A C:\Users\All Users\nvModes.001
2013-01-25 06:01 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-25 05:24 - 2006-11-02 05:01 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-01-25 05:12 - 2012-06-20 11:00 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877799038-3522291278-4051485918-1000UA.job
2013-01-25 04:46 - 2013-01-25 04:55 - 00006704 ____A C:\Users\Spirz Family\Desktop\Default_EXE.reg
2013-01-25 04:46 - 2013-01-25 04:55 - 00004808 ____A C:\Users\Spirz Family\Desktop\Default_MSC.reg
2013-01-25 04:46 - 2013-01-25 04:55 - 00004464 ____A C:\Users\Spirz Family\Desktop\Default_DLL.reg
2013-01-24 18:51 - 2008-04-25 16:55 - 00000000 ____D C:\users\Spirz Family
2013-01-24 18:51 - 2006-11-02 02:22 - 56360960 ____A C:\Windows\System32\config\software_previous
2013-01-24 18:51 - 2006-11-02 02:22 - 51642368 ____A C:\Windows\System32\config\system_previous
2013-01-24 18:49 - 2010-01-01 00:46 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-01-24 18:49 - 2009-12-30 21:12 - 00000000 ____D C:\Windows\System32\vi-VN
2013-01-24 18:49 - 2009-12-30 21:12 - 00000000 ____D C:\Windows\System32\eu-ES
2013-01-24 18:49 - 2009-12-30 21:12 - 00000000 ____D C:\Windows\System32\ca-ES
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\twain_32
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\ShellNew
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\DigitalLocker
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Defender
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Calendar
2013-01-24 18:49 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Movie Maker
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 __RSD C:\Windows\Media
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-TW
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-HK
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\zh-CN
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\uk-UA
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\tr-TR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\th-TH
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sv-SE
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sr-Latn-CS
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\SLUI
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sl-SI
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\sk-SK
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ru-RU
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ro-RO
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ras
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-PT
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pt-BR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\pl-PL
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nl-NL
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\nb-NO
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lv-LV
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\lt-LT
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ko-KR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ja-JP
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\it-IT
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\icsxml
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ias
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hu-HU
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\hr-HR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\he-IL
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fr-FR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\fi-FI
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\et-EE
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\el-GR
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\com
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\bg-BG
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\ar-SA
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\system
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\MSAgent
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\L2Schemas
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\IME
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Cursors
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\System
2013-01-24 18:49 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\Services
2013-01-24 18:44 - 2009-12-30 18:29 - 00000000 ____D C:\Windows\System32\EventProviders
2013-01-24 18:44 - 2008-04-22 01:30 - 00000000 ____D C:\Windows\System32\RTCOM
2013-01-24 18:44 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\restore
2013-01-24 18:44 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tapi
2013-01-24 18:44 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-01-24 18:44 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-01-24 18:43 - 2011-07-09 21:57 - 00000000 ____D C:\Windows\System32\(app)
2013-01-24 18:43 - 2008-04-27 18:06 - 00000000 ____D C:\Windows\Setup2K
2013-01-24 18:43 - 2006-11-02 03:18 - 00000000 ___RD C:\Windows\Offline Web Pages
2013-01-24 18:43 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-01-24 18:43 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-01-24 18:43 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Help
2013-01-24 18:42 - 2013-01-04 09:26 - 00000000 ____D C:\Program Files\QuickTime
2013-01-24 18:42 - 2012-12-14 08:04 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-24 18:42 - 2011-07-09 21:57 - 00000000 ____D C:\Program Files\Merge
2013-01-24 18:42 - 2009-12-28 12:24 - 00000000 ____D C:\Users\Spirz Family\Documents\e-Sword
2013-01-24 18:42 - 2009-12-11 20:13 - 00000000 ___AD C:\Users\Spirz Family\Desktop\VLC
2013-01-24 18:42 - 2009-12-08 15:26 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\Move Networks
2013-01-24 18:42 - 2009-10-14 04:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-01-24 18:42 - 2009-07-30 18:55 - 00000000 ____D C:\Program Files\TomTom HOME 2
2013-01-24 18:42 - 2009-07-29 18:50 - 00000000 ____D C:\Users\Spirz Family\AppData\Local\Microsoft Help
2013-01-24 18:42 - 2009-07-29 18:50 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-24 18:42 - 2009-07-18 20:31 - 00000000 ____D C:\Program Files\V CAST Music with Rhapsody
2013-01-24 18:42 - 2009-06-15 17:26 - 00000000 ____D C:\Users\Spirz Family\Photos once home 2009
2013-01-24 18:42 - 2008-05-07 15:24 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\PeerNetworking
2013-01-24 18:42 - 2008-05-03 19:39 - 00000000 ____D C:\Users\All Users\Ezprint
2013-01-24 18:42 - 2008-05-03 19:39 - 00000000 ____D C:\Program Files\Lx_cats
2013-01-24 18:42 - 2008-04-25 12:34 - 00000000 ____D C:\Program Files\Microsoft Disk 2
2013-01-24 18:42 - 2008-04-24 20:41 - 00000000 ____D C:\Program Files\Snapshot Viewer
2013-01-24 18:42 - 2008-04-22 01:55 - 00000000 ____D C:\Program Files\Microsoft Works
2013-01-24 18:42 - 2008-04-22 01:48 - 00000000 ____D C:\Program Files\NetWaiting
2013-01-24 18:42 - 2008-04-22 01:45 - 00000000 ____D C:\Program Files\Modem Diagnostic Tool
2013-01-24 18:41 - 2012-12-14 08:04 - 00000000 ____D C:\Program Files\iTunes
2013-01-24 18:41 - 2012-11-01 11:19 - 00000000 ____D C:\Program Files\ffdshow
2013-01-24 18:41 - 2012-11-01 11:18 - 00000000 ____D C:\Program Files\Backup Assistant Plus
2013-01-24 18:41 - 2012-10-13 04:28 - 00000000 ____D C:\Program Files\Apple Software Update
2013-01-24 18:41 - 2012-10-13 04:24 - 00000000 ____D C:\Program Files\Bonjour
2013-01-24 18:41 - 2012-01-04 08:07 - 00000000 ____D C:\KA
2013-01-24 18:41 - 2009-12-28 12:46 - 00000000 ____D C:\Program Files\Common Files\EzTools
2013-01-24 18:41 - 2009-10-28 17:51 - 00000000 ____D C:\Program Files\e-Sword
2013-01-24 18:41 - 2009-07-16 11:39 - 00000000 ____D C:\Program Files\e-Sword 7.9.8 CD
2013-01-24 18:41 - 2008-07-19 13:59 - 00000000 ____D C:\Program Files\iWin Games
2013-01-24 18:41 - 2008-05-03 19:37 - 00000000 ____D C:\Program Files\Lexmark 3300 Series
2013-01-24 18:41 - 2008-04-25 13:15 - 00000000 ____D C:\Program Files\Best Buy
2013-01-24 18:41 - 2008-04-24 20:28 - 00000000 ____D C:\Program Files\Common Files\Designer
2013-01-24 18:41 - 2008-04-22 09:04 - 00000000 ____D C:\DELL
2013-01-24 18:41 - 2008-04-22 01:53 - 00000000 ____D C:\Program Files\DellSupport
2013-01-24 18:41 - 2008-04-22 01:49 - 00000000 ____D C:\Program Files\Common Files\SureThing Shared
2013-01-24 18:41 - 2008-04-22 01:49 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2013-01-24 18:41 - 2008-04-22 01:47 - 00000000 ____D C:\Program Files\Digital Line Detect
2013-01-24 18:30 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-01-24 15:06 - 2006-11-02 02:22 - 43778048 ____A C:\Windows\System32\config\components_previous
2013-01-24 15:06 - 2006-11-02 02:22 - 00786432 ____A C:\Windows\System32\config\default_previous
2013-01-24 15:06 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-01-24 15:06 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-01-24 14:56 - 2013-01-24 14:56 - 00000000 ____D C:\Windows\ERDNT
2013-01-24 14:56 - 2013-01-24 14:56 - 00000000 ____D C:\Qoobox
2013-01-23 18:17 - 2013-01-23 18:17 - 00000000 ____D C:\Users\Spirz Family\AppData\Roaming\Malwarebytes
2013-01-23 18:17 - 2013-01-23 18:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-23 00:18 - 2012-04-20 12:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-22 17:47 - 2012-11-19 07:43 - 00000000 ____D C:\Users\Spirz Family\Desktop\Dave's
2013-01-22 17:25 - 2008-04-25 17:55 - 00144384 ____A C:\Users\Spirz Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-22 17:24 - 2012-11-09 13:11 - 00000000 ____D C:\Users\Spirz Family\Desktop\Pics & Videos from IPHONE
2013-01-22 16:30 - 2013-01-22 16:30 - 01374720 ____A C:\Users\Spirz Family\Downloads\ENG TM 2 Slides.ppt
2013-01-22 16:30 - 2013-01-22 16:30 - 00469124 ____A C:\Users\Spirz Family\Downloads\ENG Team 3 20130122.pptx
2013-01-22 16:27 - 2013-01-22 16:27 - 00323198 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides (1).pptx
2013-01-22 14:05 - 2013-01-22 14:05 - 00135294 ____A C:\Users\Spirz Family\Downloads\Medical Slides (1).pptx
2013-01-22 06:11 - 2012-06-20 11:00 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1877799038-3522291278-4051485918-1000Core.job
2013-01-21 16:15 - 2012-11-12 16:57 - 00000000 ____D C:\Users\Spirz Family\AppData\Local\2F87D407-DB42-4E68-A96D-DB53A7957974.aplzod
2013-01-15 16:23 - 2013-01-15 16:23 - 01294336 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 15JAN13.ppt
2013-01-15 11:51 - 2013-01-15 11:28 - 01294336 ____A C:\Users\Spirz Family\Desktop\MP Team Huddle 15JAN13.ppt
2013-01-15 11:34 - 2013-01-15 11:34 - 00147744 ____A C:\Users\Spirz Family\Downloads\Medical Slides.pptx
2013-01-15 11:28 - 2013-01-15 11:28 - 01259520 ____A C:\Users\Spirz Family\Downloads\MP Team Huddle 17NOV2012.ppt
2013-01-15 11:26 - 2013-01-15 11:26 - 00293570 ____A C:\Users\Spirz Family\Downloads\Beck's QM Slides.pptx
2013-01-15 11:25 - 2013-01-15 11:25 - 01289728 ____A C:\Users\Spirz Family\Downloads\18 DEC_Team_Huddle_(HHC).ppt
2013-01-15 11:22 - 2013-01-15 11:22 - 03864064 ____A C:\Users\Spirz Family\Downloads\16 Oct Team Huddle.ppt
2013-01-14 11:16 - 2013-01-14 07:02 - 00080568 ____A C:\Users\Spirz Family\Desktop\lauren invite.pptx
2013-01-13 17:45 - 2013-01-25 09:12 - 11088872 ____A (Microsoft Corporation) C:\Users\Spirz Family\Desktop\mseinstall.exe
2013-01-11 13:24 - 2013-01-11 13:24 - 00239284 ____A C:\Users\Spirz Family\Desktop\Payments 2013.pptx
2013-01-11 06:32 - 2013-01-11 06:32 - 00086383 ____A C:\Users\Spirz Family\Desktop\Haley invite.pptx
2013-01-09 03:19 - 2012-04-20 12:06 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-01-09 03:19 - 2011-07-05 18:27 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-01-09 02:57 - 2010-07-21 04:32 - 00073581 ____A C:\Users\All Users\nvModes.dat
2013-01-08 12:38 - 2013-01-03 14:15 - 00000000 ____D C:\Users\Spirz Family\Desktop\Pics from IPAD
2013-01-08 12:35 - 2013-01-03 14:08 - 00000000 ____D C:\Users\Spirz Family\Desktop\Christmas & Winter 2012
2013-01-08 12:18 - 2013-01-08 12:18 - 00483008 ____A C:\Users\Spirz Family\Downloads\Staff Call Brief 8 JAN 13.pptx

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 15:06] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-15 01:00:30
Restore point made on: 2013-01-15 22:00:36
Restore point made on: 2013-01-16 01:00:29
Restore point made on: 2013-01-16 22:00:37
Restore point made on: 2013-01-17 01:00:29
Restore point made on: 2013-01-17 22:00:36
Restore point made on: 2013-01-18 01:00:30
Restore point made on: 2013-01-18 22:00:36
Restore point made on: 2013-01-19 01:00:19
Restore point made on: 2013-01-19 17:20:28
Restore point made on: 2013-01-20 01:00:23
Restore point made on: 2013-01-20 22:00:16
Restore point made on: 2013-01-21 01:00:20
Restore point made on: 2013-01-22 01:01:01
Restore point made on: 2013-01-22 22:00:46
Restore point made on: 2013-01-23 01:00:31

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 3069.56 MB
Available physical RAM: 2729.58 MB
Total Pagefile: 2967.13 MB
Available Pagefile: 2821.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.33 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:122.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.72 GB) (Free:3.53 GB) FAT32
8 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.78 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 686 KB
Disk 1 Online 3820 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

=========================================================

Partitions of Disk 1:
===============

ACTIVE - Mark the selected basic partition as active.
ADD - Add a mirror to a simple volume.
ASSIGN - Assign a drive letter or mount point to the selected volume.
ATTRIBUTES - Manipulate volume attributes.
AUTOMOUNT - Enable and disable automatic mounting of basic volumes.
BREAK - Break a mirror set.
CLEAN - Clear the configuration information, or all information, off the
disk.
CONVERT - Convert between different disk formats.
CREATE - Create a volume or partition.
DELETE - Delete an object.
DETAIL - Provide details about an object.
EXIT - Exit DiskPart.
EXTEND - Extend a volume.
FILESYSTEMS - Display current and supported file systems on the volume.
FORMAT - Format the volume or partition.
GPT - Assign attributes to the selected GPT partition.
HELP - Display a list of commands.
IMPORT - Import a disk group.
INACTIVE - Mark the selected basic partition as inactive.
LIST - Display a list of objects.
ONLINE - Online a disk that is currently marked as offline.
REM - Does nothing. This is used to comment scripts.
REMOVE - Remove a drive letter or mount point assignment.
REPAIR - Repair a RAID-5 volume with a failed member.
RESCAN - Rescan the computer looking for disks and volumes.
RETAIN - Place a retained partition under a simple volume.
SELECT - Shift the focus to an object.
SETID - Change the partition type.
SHRINK - Reduce the size of the selected volume.

=========================================================

Last Boot: 2013-02-06 05:59

==================== End Of Log ============================

#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:40 PM

Posted 06 February 2013 - 01:51 PM

Hi again,

Step :step1:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt


HKLM\...\Run: [] [x]
HKLM\...\Runonce: [FixTDSS] cmd /c start /D "C:\Users\Spirz Family\Desktop" /B FixTDSS.exe -postboot [x]
HKLM\...\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [443728 2010-12-20] (Malwarebytes Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
0 FixTDSS; C:\Windows\System32\drivers\FixTDSS.sys [26872 2013-01-25] (Symantec Corporation)


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

==========

Step :step1:

Now try again to run Combofix from normal boot mode and post the resultant log here. If you still can't get Combofix to finish and produce a log, then run OTL with the below instructions. If Combofix runs then skip this step.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

bloopie

#14 john3640

john3640
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 08 February 2013 - 05:56 PM

bloopie,

Sorry for the continued interruptions. Work gets in the way. I ran FRST as you instructed with the list. I then tried to run Combofix and it behaved the same as before. One thing I noticed is that when Combofix opens the text window on startup, it would show two "access denied" errors and continues on its way. After Frst and OTL it only showed one of those errors. The errors were not specific beyond that.

 

I ran OTL without selecting all users. Here are the two logs for that. Below that is the OTL log#1 which is my second run with all users selected. Note that combofix still reports a rootkit and zeroaccess while running.

 

Thanks so much for all your help.

 

---

OTL logfile created on: 2/6/2013 1:25:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Spirz Family\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 86.47% Memory free
6.19 Gb Paging File | 5.98 Gb Available in Paging File | 96.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 122.59 Gb Free Space | 55.03% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.78 Gb Free Space | 57.79% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 3.53 Gb Free Space | 94.91% Space Free | Partition Type: FAT32
 
Computer Name: SPIRZFAMILY-PC | User Name: Spirz Family | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/01/25 12:38:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spirz Family\Desktop\OTL.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\mfevtps.exe -- (mfevtp)
SRV - [2013/01/09 05:19:13 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/22 22:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/03 12:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2008/08/13 16:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/07/21 16:00:01 | 000,078,104 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinGamesInstaller.exe -- (iWinGamesInstaller)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/03/26 05:49:26 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcccoms.exe -- (lxcc_device)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgvzandnetadb.sys -- (vzandnetadb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - File not found [Kernel | Auto | Stopped] --  -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SPIRZF~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/11/09 06:52:12 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/21 10:20:00 | 000,071,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvzandnetndis.sys -- (vzandnetndis)
DRV - [2011/10/10 12:59:00 | 000,027,904 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvzandnetmdm.sys -- (vzandnetmodem)
DRV - [2011/10/10 12:58:00 | 000,023,168 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvzandnetdiag.sys -- (vzandnetdiag)
DRV - [2011/09/07 10:18:26 | 000,059,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2011/02/14 01:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 01:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 01:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/04/26 20:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 20:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/04/26 20:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/04/26 20:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/03/24 03:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/10 22:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2007/04/29 02:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 12:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2002/10/01 12:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spca561.sys -- (CA561)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://us.mg6.mail.yahoo.com/neo/l [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pbskids.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=6KnihGAQFpkdHoo9_o3HxXzpDpg?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Spirz Family\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Spirz Family\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Spirz Family\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0: C:\Users\Spirz Family\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/01/25 10:55:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Spirz Family\AppData\Roaming\Move Networks [2013/01/24 20:42:52 | 000,000,000 | ---D | M]
 
[2009/07/30 20:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spirz Family\AppData\Roaming\Mozilla\Extensions
[2009/07/30 20:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spirz Family\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Spirz Family\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Spirz Family\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Spirz Family\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Spirz Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Spirz Family\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.6.0 (Enabled) = C:\Users\Spirz Family\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Spirz Family\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Spirz Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Spirz Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Spirz Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
Hosts file not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: army.mil ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{920A7C93-A278-4F31-B562-891377294520}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Spirz Family\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Spirz Family\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{220bb9ed-43ff-11de-9f96-ad8782c61721}\Shell - "" = AutoRun
O33 - MountPoints2\{220bb9ed-43ff-11de-9f96-ad8782c61721}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{7d22125e-4ede-11e1-9530-899c8f5b56d5}\Shell - "" = AutoRun
O33 - MountPoints2\{7d22125e-4ede-11e1-9530-899c8f5b56d5}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{dde0ebd1-0992-11e2-82a9-e6bc0736ae51}\Shell - "" = AutoRun
O33 - MountPoints2\{dde0ebd1-0992-11e2-82a9-e6bc0736ae51}\Shell\AutoRun\command - "" = M:\TLBootstrap_WPP.exe
O33 - MountPoints2\{ebb9d6f4-c1c1-11e0-8bfb-dfd29f11929b}\Shell - "" = AutoRun
O33 - MountPoints2\{ebb9d6f4-c1c1-11e0-8bfb-dfd29f11929b}\Shell\AutoRun\command - "" = K:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/06 13:20:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/06 13:16:44 | 000,000,000 | --SD | C] -- C:\Combo-Fix18482C
[2013/02/06 09:04:50 | 000,909,426 | ---- | C] (Farbar) -- C:\Users\Spirz Family\Desktop\FRST.exe
[2013/02/06 07:45:28 | 000,000,000 | --SD | C] -- C:\Combo-Fix7031C
[2013/02/06 07:26:09 | 000,000,000 | ---D | C] -- C:\Users\Spirz Family\Desktop\RK_Quarantine
[2013/02/06 07:09:33 | 000,000,000 | --SD | C] -- C:\Combo-Fix16683C
[2013/02/06 07:07:58 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Spirz Family\Desktop\Combo-Fix.exe
[2013/01/25 14:35:51 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/25 14:12:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Spirz Family\Desktop\OTL.exe
[2013/01/25 13:51:10 | 000,000,000 | --SD | C] -- C:\Combo-Fix4099C
[2013/01/25 12:50:54 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/01/25 11:34:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/01/25 11:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/25 11:34:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/25 11:20:43 | 000,000,000 | ---D | C] -- C:\Users\Spirz Family\AppData\Roaming\FixTDSS
[2013/01/25 11:20:41 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2013/01/25 11:20:20 | 001,931,088 | ---- | C] (Symantec Corporation) -- C:\Users\Spirz Family\Desktop\FixTDSS.exe
[2013/01/25 11:12:52 | 011,088,872 | ---- | C] (Microsoft Corporation) -- C:\Users\Spirz Family\Desktop\mseinstall.exe
[2013/01/25 11:01:17 | 000,000,000 | --SD | C] -- C:\Combo-Fix27990C
[2013/01/25 10:46:32 | 003,177,840 | ---- | C] (McAfee, Inc.) -- C:\Users\Spirz Family\Desktop\MCPR.exe
[2013/01/25 10:46:30 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Spirz Family\Desktop\aswMBR.exe
[2013/01/25 10:46:30 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Spirz Family\Desktop\tdsskiller.exe
[2013/01/25 10:45:13 | 000,000,000 | --SD | C] -- C:\Combo-Fix6636C
[2013/01/25 10:32:17 | 000,000,000 | --SD | C] -- C:\Combo-Fix23701C
[2013/01/25 10:16:27 | 000,000,000 | --SD | C] -- C:\Combo-Fix7866C
[2013/01/25 09:59:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/25 09:59:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/25 09:59:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/25 09:59:18 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2013/01/25 09:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/25 09:50:08 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Spirz Family\Desktop\HijackThis.exe
[2013/01/25 09:45:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/24 16:56:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/01/24 16:56:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/23 20:17:54 | 000,000,000 | ---D | C] -- C:\Users\Spirz Family\AppData\Roaming\Malwarebytes
[2013/01/23 20:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/23 20:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/08 16:34:04 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/08 16:33:04 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011/09/27 22:54:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Users\Spirz Family\taskmgr.exe
[8 C:\Users\Spirz Family\Desktop\*.tmp files -> C:\Users\Spirz Family\Desktop\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/06 13:24:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/06 13:22:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 13:22:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 13:20:05 | 000,606,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/06 13:20:05 | 000,104,652 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/06 09:02:00 | 000,909,426 | ---- | M] (Farbar) -- C:\Users\Spirz Family\Desktop\FRST.exe
[2013/02/06 07:02:08 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Spirz Family\Desktop\Combo-Fix.exe
[2013/02/04 17:11:23 | 000,001,356 | ---- | M] () -- C:\Users\Spirz Family\AppData\Local\d3d9caps.dat
[2013/02/03 13:51:50 | 000,775,680 | ---- | M] () -- C:\Users\Spirz Family\Desktop\RogueKiller.exe
[2013/01/25 12:38:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spirz Family\Desktop\OTL.exe
[2013/01/25 12:37:58 | 000,027,648 | ---- | M] () -- C:\Users\Spirz Family\Desktop\RestoreBFE.exe
[2013/01/25 11:20:41 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2013/01/25 11:19:38 | 001,931,088 | ---- | M] (Symantec Corporation) -- C:\Users\Spirz Family\Desktop\FixTDSS.exe
[2013/01/25 10:56:41 | 201,739,942 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/25 10:54:38 | 000,000,512 | ---- | M] () -- C:\Users\Spirz Family\Desktop\MBR.dat
[2013/01/25 10:39:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Spirz Family\Desktop\aswMBR.exe
[2013/01/25 10:37:55 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Spirz Family\Desktop\tdsskiller.exe
[2013/01/25 10:34:42 | 003,177,840 | ---- | M] (McAfee, Inc.) -- C:\Users\Spirz Family\Desktop\MCPR.exe
[2013/01/25 10:24:47 | 000,422,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/25 08:01:03 | 000,073,581 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/01/25 07:12:06 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877799038-3522291278-4051485918-1000UA.job
[2013/01/25 06:46:37 | 000,006,704 | ---- | M] () -- C:\Users\Spirz Family\Desktop\Default_EXE.reg
[2013/01/25 06:46:33 | 000,004,464 | ---- | M] () -- C:\Users\Spirz Family\Desktop\Default_DLL.reg
[2013/01/25 06:46:29 | 000,004,808 | ---- | M] () -- C:\Users\Spirz Family\Desktop\Default_MSC.reg
[2013/01/23 02:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 19:25:58 | 000,144,384 | ---- | M] () -- C:\Users\Spirz Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/22 08:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877799038-3522291278-4051485918-1000Core.job
[2013/01/13 19:45:36 | 011,088,872 | ---- | M] (Microsoft Corporation) -- C:\Users\Spirz Family\Desktop\mseinstall.exe
[2013/01/09 05:19:11 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/09 05:19:11 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/09 04:57:05 | 000,073,581 | ---- | M] () -- C:\ProgramData\nvModes.dat
[8 C:\Users\Spirz Family\Desktop\*.tmp files -> C:\Users\Spirz Family\Desktop\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/03 14:01:10 | 000,775,680 | ---- | C] () -- C:\Users\Spirz Family\Desktop\RogueKiller.exe
[2013/01/25 14:12:47 | 000,027,648 | ---- | C] () -- C:\Users\Spirz Family\Desktop\RestoreBFE.exe
[2013/01/25 10:56:41 | 201,739,942 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/25 10:54:38 | 000,000,512 | ---- | C] () -- C:\Users\Spirz Family\Desktop\MBR.dat
[2013/01/25 09:59:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/25 09:59:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/25 09:59:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/25 09:59:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/25 09:59:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/25 06:55:31 | 000,006,704 | ---- | C] () -- C:\Users\Spirz Family\Desktop\Default_EXE.reg
[2013/01/25 06:55:31 | 000,004,464 | ---- | C] () -- C:\Users\Spirz Family\Desktop\Default_DLL.reg
[2013/01/25 06:55:26 | 000,004,808 | ---- | C] () -- C:\Users\Spirz Family\Desktop\Default_MSC.reg
[2012/11/01 13:19:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/11/01 13:15:55 | 000,194,980 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/08/20 02:18:30 | 000,602,112 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2012/04/16 07:10:41 | 000,000,065 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012/01/04 10:07:53 | 000,000,267 | ---- | C] () -- C:\Windows\KA.INI
[2010/07/21 06:32:30 | 000,073,581 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/21 06:32:30 | 000,073,581 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/15 22:06:12 | 000,001,356 | ---- | C] () -- C:\Users\Spirz Family\AppData\Local\d3d9caps.dat
[2009/08/23 13:49:22 | 000,000,162 | ---- | C] () -- C:\Users\Spirz Family\webct_upload_applet.properties
[2009/07/18 22:34:03 | 000,870,128 | ---- | C] () -- C:\Users\Spirz Family\AppData\Roaming\mcs.rma
[2009/07/18 22:34:03 | 000,000,004 | ---- | C] () -- C:\Users\Spirz Family\AppData\Roaming\1D352E
[2008/05/07 17:49:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/05/07 17:24:08 | 000,025,541 | ---- | C] () -- C:\Users\Spirz Family\AppData\Roaming\UserTile.png
[2008/04/25 19:55:23 | 000,144,384 | ---- | C] () -- C:\Users\Spirz Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2013/01/25 10:03:33 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB62230$\2390262417\L
[2013/01/25 10:03:33 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB62230$\2390262417\U
[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A87B4345

< End of report >

 

---

OTL Extras logfile created on: 2/6/2013 1:25:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Spirz Family\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 86.47% Memory free
6.19 Gb Paging File | 5.98 Gb Available in Paging File | 96.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 122.59 Gb Free Space | 55.03% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.78 Gb Free Space | 57.79% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 3.53 Gb Free Space | 94.91% Space Free | Partition Type: FAT32
 
Computer Name: SPIRZFAMILY-PC | User Name: Spirz Family | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{00100409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000 SR-1
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}" = EZVideo Mail
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{474A7BA6-A657-4152-8FB5-244D178D7174}" = HP Officejet 6500 E710a-f Product Improvement Study
"{4EBAC12E-B672-4682-BE44-8780E121CB61}" = LG Verizon United Drivers
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}" = Photohands 1.0E
"{5C0856B6-6260-4952-8FF5-C79C3FD3AA44}" = e-Sword
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}" = EZShowtime MMS
"{61933675-EFC7-4190-90B6-5AD56E1D9294}" = Marketsplash Print Software
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{670A25D9-1029-4D4E-93FF-66B3C07769D6}" = HP Officejet 6500 E710a-f Basic Device Software
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.3E
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}" = EZPhoto Browser
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{848e2630-c0c0-478a-a758-6639e5115993}" = EZSuite For Video Chat Kit
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D223043-3CE6-401B-9F02-C16FBF3FDF39}" = e-Sword
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A9698A67-7E71-11D8-B9BF-00E018FAA1E4}" = USB PC Camera
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B42F73D4-AFDA-4761-B3F4-23A872D11339}" = Morrowind
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}" = EZPhoto Tools
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Backup Assistant Plus" = Backup Assistant Plus
"CCleaner" = CCleaner
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Ezonics Greeting Cam Deluxe" = Ezonics Greeting Cam Deluxe
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Freeze Clip Art" = Freeze Clip Art
"Google Desktop" = Google Desktop
"iWinArcade" = iWin Games (remove only)
"KG98_2.5" = JumpStart Kindergarten 98 v2.5
"Lexmark 3300 Series" = Lexmark 3300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"merge_is1" = Merge Version 2.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"rb2000" = Reading Blaster Ages 6-9
"STANDARDR" = Microsoft Office Standard 2007
"TomTom HOME" = TomTom HOME 2.8.3.2499
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"ViewpointMediaPlayer" = Viewpoint Media Player
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0
"Yahoo! Messenger for Vista" = Yahoo! Messenger for Vista
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/25/2013 8:33:45 AM | Computer Name = SpirzFamily-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1033
Description =
 
Error - 1/25/2013 8:34:04 AM | Computer Name = SpirzFamily-PC | Source = McLogEvent | ID = 5022
Description =
 
Error - 1/25/2013 8:37:52 AM | Computer Name = SpirzFamily-PC | Source = McLogEvent | ID = 5022
Description =
 
Error - 1/25/2013 9:21:18 AM | Computer Name = SpirzFamily-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1033
Description =
 
Error - 1/25/2013 9:21:36 AM | Computer Name = SpirzFamily-PC | Source = McLogEvent | ID = 5022
Description =
 
Error - 1/25/2013 9:55:13 AM | Computer Name = SpirzFamily-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 1/25/2013 10:01:07 AM | Computer Name = SpirzFamily-PC | Source = Microsoft-Windows-SpoolerSpoolss | ID = 1033
Description =
 
Error - 1/25/2013 10:01:22 AM | Computer Name = SpirzFamily-PC | Source = McLogEvent | ID = 5022
Description =
 
Error - 1/25/2013 10:03:43 AM | Computer Name = SpirzFamily-PC | Source = McLogEvent | ID = 5022
Description =
 
Error - 1/25/2013 11:38:37 AM | Computer Name = SpirzFamily-PC | Source = EventSystem | ID = 4609
Description =
 
[ Media Center Events ]
Error - 9/5/2009 7:28:45 PM | Computer Name = SpirzFamily-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 10/7/2009 6:48:01 PM | Computer Name = SpirzFamily-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 3/26/2010 11:44:30 PM | Computer Name = SpirzFamily-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 4/21/2010 7:02:43 AM | Computer Name = SpirzFamily-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 4/21/2010 7:06:48 AM | Computer Name = SpirzFamily-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 4/21/2010 11:46:01 PM | Computer Name = SpirzFamily-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 4/22/2010 11:46:01 PM | Computer Name = SpirzFamily-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 4/23/2010 11:46:01 PM | Computer Name = SpirzFamily-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 4/24/2010 11:46:01 PM | Computer Name = SpirzFamily-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 4/25/2010 11:46:01 PM | Computer Name = SpirzFamily-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
[ OSession Events ]
Error - 5/22/2012 6:53:17 PM | Computer Name = SpirzFamily-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 1/25/2013 11:38:46 AM | Computer Name = SpirzFamily-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 1/25/2013 11:38:46 AM | Computer Name = SpirzFamily-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 1/25/2013 11:38:46 AM | Computer Name = SpirzFamily-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 1/25/2013 11:38:46 AM | Computer Name = SpirzFamily-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 1/25/2013 11:38:46 AM | Computer Name = SpirzFamily-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 1/25/2013 11:38:46 AM | Computer Name = SpirzFamily-PC | Source = Service Control Manager | ID = 7003
Description =
 
Error - 1/25/2013 11:38:46 AM | Computer Name = SpirzFamily-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 1/25/2013 11:40:02 AM | Computer Name = SpirzFamily-PC | Source = Microsoft-Windows-TBS | ID = 16392
Description =
 
Error - 1/25/2013 11:42:03 AM | Computer Name = SpirzFamily-PC | Source = DCOM | ID = 10005
Description =
 
Error - 1/25/2013 11:44:13 AM | Computer Name = SpirzFamily-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
---

OTL logfile created on: 2/6/2013 1:37:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Spirz Family\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 79.30% Memory free
6.19 Gb Paging File | 5.83 Gb Available in Paging File | 94.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 122.01 Gb Free Space | 54.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.78 Gb Free Space | 57.79% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 3.53 Gb Free Space | 94.91% Space Free | Partition Type: FAT32
 
Computer Name: SPIRZFAMILY-PC | User Name: Spirz Family | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/01/25 12:38:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spirz Family\Desktop\OTL.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\mfevtps.exe -- (mfevtp)
SRV - [2013/01/09 05:19:13 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/22 22:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/03/03 12:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2008/08/13 16:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/07/21 16:00:01 | 000,078,104 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinGamesInstaller.exe -- (iWinGamesInstaller)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 05:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/03/26 05:49:26 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\lxcccoms.exe -- (lxcc_device)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgvzandnetadb.sys -- (vzandnetadb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - File not found [Kernel | Auto | Stopped] --  -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SPIRZF~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/11/09 06:52:12 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/21 10:20:00 | 000,071,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvzandnetndis.sys -- (vzandnetndis)
DRV - [2011/10/10 12:59:00 | 000,027,904 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvzandnetmdm.sys -- (vzandnetmodem)
DRV - [2011/10/10 12:58:00 | 000,023,168 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvzandnetdiag.sys -- (vzandnetdiag)
DRV - [2011/09/07 10:18:26 | 000,059,776 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2011/02/14 01:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 01:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 01:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/04/26 20:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 20:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/04/26 20:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/04/26 20:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/03/24 03:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/10 22:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2007/04/29 02:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 12:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2002/10/01 12:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spca561.sys -- (CA561)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://us.mg6.mail.yahoo.com/neo/l [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pbskids.org/
IE - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=6KnihGAQFpkdHoo9_o3HxXzpDpg?q={searchTerms}
IE - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Spirz Family\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Spirz Family\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Spirz Family\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0: C:\Users\Spirz Family\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/01/25 10:55:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Spirz Family\AppData\Roaming\Move Networks [2013/01/24 20:42:52 | 000,000,000 | ---D | M]
 
[2009/07/30 20:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spirz Family\AppData\Roaming\Mozilla\Extensions
[2009/07/30 20:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Spirz Family\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Spirz Family\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Spirz Family\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Spirz Family\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Spirz Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Spirz Family\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.6.0 (Enabled) = C:\Users\Spirz Family\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Spirz Family\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Spirz Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Spirz Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Spirz Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
Hosts file not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\..Trusted Domains: army.mil ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-1877799038-3522291278-4051485918-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{920A7C93-A278-4F31-B562-891377294520}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Spirz Family\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Spirz Family\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{220bb9ed-43ff-11de-9f96-ad8782c61721}\Shell - "" = AutoRun
O33 - MountPoints2\{220bb9ed-43ff-11de-9f96-ad8782c61721}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{7d22125e-4ede-11e1-9530-899c8f5b56d5}\Shell - "" = AutoRun
O33 - MountPoints2\{7d22125e-4ede-11e1-9530-899c8f5b56d5}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{dde0ebd1-0992-11e2-82a9-e6bc0736ae51}\Shell - "" = AutoRun
O33 - MountPoints2\{dde0ebd1-0992-11e2-82a9-e6bc0736ae51}\Shell\AutoRun\command - "" = M:\TLBootstrap_WPP.exe
O33 - MountPoints2\{ebb9d6f4-c1c1-11e0-8bfb-dfd29f11929b}\Shell - "" = AutoRun
O33 - MountPoints2\{ebb9d6f4-c1c1-11e0-8bfb-dfd29f11929b}\Shell\AutoRun\command - "" = K:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/06 13:20:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/06 13:16:44 | 000,000,000 | --SD | C] -- C:\Combo-Fix18482C
[2013/02/06 09:04:50 | 000,909,426 | ---- | C] (Farbar) -- C:\Users\Spirz Family\Desktop\FRST.exe
[2013/02/06 07:45:28 | 000,000,000 | --SD | C] -- C:\Combo-Fix7031C
[2013/02/06 07:26:09 | 000,000,000 | ---D | C] -- C:\Users\Spirz Family\Desktop\RK_Quarantine
[2013/02/06 07:09:33 | 000,000,000 | --SD | C] -- C:\Combo-Fix16683C
[2013/02/06 07:07:58 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Spirz Family\Desktop\Combo-Fix.exe
[2013/01/25 14:35:51 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/25 14:12:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Spirz Family\Desktop\OTL.exe
[2013/01/25 13:51:10 | 000,000,000 | --SD | C] -- C:\Combo-Fix4099C
[2013/01/25 12:50:54 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/01/25 11:34:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/01/25 11:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/25 11:34:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/25 11:20:43 | 000,000,000 | ---D | C] -- C:\Users\Spirz Family\AppData\Roaming\FixTDSS
[2013/01/25 11:20:41 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2013/01/25 11:20:20 | 001,931,088 | ---- | C] (Symantec Corporation) -- C:\Users\Spirz Family\Desktop\FixTDSS.exe
[2013/01/25 11:12:52 | 011,088,872 | ---- | C] (Microsoft Corporation) -- C:\Users\Spirz Family\Desktop\mseinstall.exe
[2013/01/25 11:01:17 | 000,000,000 | --SD | C] -- C:\Combo-Fix27990C
[2013/01/25 10:46:32 | 003,177,840 | ---- | C] (McAfee, Inc.) -- C:\Users\Spirz Family\Desktop\MCPR.exe
[2013/01/25 10:46:30 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Spirz Family\Desktop\aswMBR.exe
[2013/01/25 10:46:30 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Spirz Family\Desktop\tdsskiller.exe
[2013/01/25 10:45:13 | 000,000,000 | --SD | C] -- C:\Combo-Fix6636C
[2013/01/25 10:32:17 | 000,000,000 | --SD | C] -- C:\Combo-Fix23701C
[2013/01/25 10:16:27 | 000,000,000 | --SD | C] -- C:\Combo-Fix7866C
[2013/01/25 09:59:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/25 09:59:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/25 09:59:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/25 09:59:18 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2013/01/25 09:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/25 09:50:08 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Spirz Family\Desktop\HijackThis.exe
[2013/01/25 09:45:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/24 16:56:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/01/24 16:56:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/23 20:17:54 | 000,000,000 | ---D | C] -- C:\Users\Spirz Family\AppData\Roaming\Malwarebytes
[2013/01/23 20:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/23 20:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/08 16:34:04 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/08 16:33:04 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011/09/27 22:54:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Users\Spirz Family\taskmgr.exe
[8 C:\Users\Spirz Family\Desktop\*.tmp files -> C:\Users\Spirz Family\Desktop\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/06 13:31:24 | 000,606,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/06 13:31:24 | 000,104,652 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/06 13:24:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/06 13:22:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 13:22:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 09:02:00 | 000,909,426 | ---- | M] (Farbar) -- C:\Users\Spirz Family\Desktop\FRST.exe
[2013/02/06 07:02:08 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Spirz Family\Desktop\Combo-Fix.exe
[2013/02/04 17:11:23 | 000,001,356 | ---- | M] () -- C:\Users\Spirz Family\AppData\Local\d3d9caps.dat
[2013/02/03 13:51:50 | 000,775,680 | ---- | M] () -- C:\Users\Spirz Family\Desktop\RogueKiller.exe
[2013/01/25 12:38:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spirz Family\Desktop\OTL.exe
[2013/01/25 12:37:58 | 000,027,648 | ---- | M] () -- C:\Users\Spirz Family\Desktop\RestoreBFE.exe
[2013/01/25 11:20:41 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2013/01/25 11:19:38 | 001,931,088 | ---- | M] (Symantec Corporation) -- C:\Users\Spirz Family\Desktop\FixTDSS.exe
[2013/01/25 10:56:41 | 201,739,942 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/25 10:54:38 | 000,000,512 | ---- | M] () -- C:\Users\Spirz Family\Desktop\MBR.dat
[2013/01/25 10:39:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Spirz Family\Desktop\aswMBR.exe
[2013/01/25 10:37:55 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Spirz Family\Desktop\tdsskiller.exe
[2013/01/25 10:34:42 | 003,177,840 | ---- | M] (McAfee, Inc.) -- C:\Users\Spirz Family\Desktop\MCPR.exe
[2013/01/25 10:24:47 | 000,422,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/25 08:01:03 | 000,073,581 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/01/25 07:12:06 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877799038-3522291278-4051485918-1000UA.job
[2013/01/25 06:46:37 | 000,006,704 | ---- | M] () -- C:\Users\Spirz Family\Desktop\Default_EXE.reg
[2013/01/25 06:46:33 | 000,004,464 | ---- | M] () -- C:\Users\Spirz Family\Desktop\Default_DLL.reg
[2013/01/25 06:46:29 | 000,004,808 | ---- | M] () -- C:\Users\Spirz Family\Desktop\Default_MSC.reg
[2013/01/23 02:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 19:25:58 | 000,144,384 | ---- | M] () -- C:\Users\Spirz Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/22 08:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1877799038-3522291278-4051485918-1000Core.job
[2013/01/13 19:45:36 | 011,088,872 | ---- | M] (Microsoft Corporation) -- C:\Users\Spirz Family\Desktop\mseinstall.exe
[2013/01/09 05:19:11 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/09 05:19:11 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/09 04:57:05 | 000,073,581 | ---- | M] () -- C:\ProgramData\nvModes.dat
[8 C:\Users\Spirz Family\Desktop\*.tmp files -> C:\Users\Spirz Family\Desktop\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/03 14:01:10 | 000,775,680 | ---- | C] () -- C:\Users\Spirz Family\Desktop\RogueKiller.exe
[2013/01/25 14:12:47 | 000,027,648 | ---- | C] () -- C:\Users\Spirz Family\Desktop\RestoreBFE.exe
[2013/01/25 10:56:41 | 201,739,942 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/25 10:54:38 | 000,000,512 | ---- | C] () -- C:\Users\Spirz Family\Desktop\MBR.dat
[2013/01/25 09:59:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/25 09:59:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/25 09:59:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/25 09:59:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/25 09:59:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/25 06:55:31 | 000,006,704 | ---- | C] () -- C:\Users\Spirz Family\Desktop\Default_EXE.reg
[2013/01/25 06:55:31 | 000,004,464 | ---- | C] () -- C:\Users\Spirz Family\Desktop\Default_DLL.reg
[2013/01/25 06:55:26 | 000,004,808 | ---- | C] () -- C:\Users\Spirz Family\Desktop\Default_MSC.reg
[2012/11/01 13:19:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/11/01 13:15:55 | 000,194,980 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/08/20 02:18:30 | 000,602,112 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2012/04/16 07:10:41 | 000,000,065 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2012/01/04 10:07:53 | 000,000,267 | ---- | C] () -- C:\Windows\KA.INI
[2010/07/21 06:32:30 | 000,073,581 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/21 06:32:30 | 000,073,581 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/15 22:06:12 | 000,001,356 | ---- | C] () -- C:\Users\Spirz Family\AppData\Local\d3d9caps.dat
[2009/08/23 13:49:22 | 000,000,162 | ---- | C] () -- C:\Users\Spirz Family\webct_upload_applet.properties
[2009/07/18 22:34:03 | 000,870,128 | ---- | C] () -- C:\Users\Spirz Family\AppData\Roaming\mcs.rma
[2009/07/18 22:34:03 | 000,000,004 | ---- | C] () -- C:\Users\Spirz Family\AppData\Roaming\1D352E
[2008/05/07 17:49:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/05/07 17:24:08 | 000,025,541 | ---- | C] () -- C:\Users\Spirz Family\AppData\Roaming\UserTile.png
[2008/04/25 19:55:23 | 000,144,384 | ---- | C] () -- C:\Users\Spirz Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2013/01/25 10:03:33 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB62230$\2390262417\L
[2013/01/25 10:03:33 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB62230$\2390262417\U
[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A87B4345

< End of report >

---

 

 



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:40 PM

Posted 09 February 2013 - 05:16 PM

Hi again,
 
Please excuse the formatting problems with my instructions, we're still trying to work out some bugs from the latest forum upgrade...
 
ZeroAccess does not seem to be present on the machine, but we still have work to do:
 
Step step1.gif

We need to run an OTL Fix
  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :otl
    SRV - File not found [Auto | Stopped] -- C:\Windows\system32\mfevtps.exe -- (mfevtp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgvzandnetadb.sys -- (vzandnetadb)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\mfewfpk.sys -- (mfewfpk)
    DRV - File not found [Kernel | Auto | Stopped] --  -- (MCSTRM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\SPIRZF~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    :commands
    [emptytemp]
    [emptyflash]
    [resethosts]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • ==========
  • Step step2.gif

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    ==========

    In your next reply, please include the following:

    The OTL log
    The adwCleaner log
    How is the machine running now?

    bloopie





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users