TechSpot

[A] Sirefef.ah & Sire

By SyracuseTech
Jul 24, 2012
  1. I have a computer I am fixing for a friend that has the two viruses on it. It is causing the computer to crash because of a critical error about 1 minute into getting in Windows. MSE is not able to get rid of the virus. Below is my Frst.txt file, and thank you in advance for the help with this annoying virus.


    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01

    Ran by SYSTEM at 24-07-2012 09:31:25

    Running from E:\

    Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)

    The current controlset is ControlSet002



    ========================== Registry (Whitelisted) =============



    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)

    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)

    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)

    HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)

    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)

    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

    HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)

    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-01-11] (Adobe Systems Incorporated)

    HKLM\...\Run: [DLCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 [73728 2006-02-24] ()

    HKLM\...\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [431600 2007-01-29] (Dell)

    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

    HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)

    HKU\KWright\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

    Tcpip\Parameters: [DhcpNameServer] 71.243.0.12 68.237.161.12

    Startup: C:\Users\KWright\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)



    ================================ Services (Whitelisted) ==================



    2 dlcc_device; C:\Windows\system32\dlcccoms.exe -service [538096 2007-01-29] ( )

    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)

    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

    2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)

    2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]

    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]



    ========================== Drivers (Whitelisted) =============



    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)

    3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-21] ()

    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)

    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

    3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [x]



    ========================== NetSvcs (Whitelisted) ===========





    ============ One Month Created Files and Folders ==============



    2012-07-24 09:31 - 2012-07-24 09:31 - 00000000 ____D C:\FRST

    2012-07-24 05:23 - 2012-07-24 05:23 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ihotufes.sys

    2012-07-23 12:55 - 2012-07-24 08:49 - 00000000 ____D C:\Windows\Microsoft Antimalware

    2012-07-23 09:18 - 2012-07-23 09:18 - 00000000 ____D C:\TDSSKiller_Quarantine

    2012-07-23 02:23 - 2012-07-23 04:27 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0

    2012-07-21 11:40 - 2012-07-21 11:40 - 00000000 ____D C:\Program Files\Microsoft Security Client

    2012-07-21 11:39 - 2012-07-21 11:39 - 00040776 ____A C:\Windows\System32\Drivers\mbamswissarmy.sys

    2012-07-18 16:28 - 2012-07-18 16:28 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2012-07-18 16:28 - 2012-07-18 16:28 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

    2012-07-18 16:28 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

    2012-07-11 14:13 - 2012-07-11 14:13 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xiksufkh.sys

    2012-07-11 14:13 - 2012-07-11 14:13 - 00000000 ____D C:\Users\KWright\AppData\Roaming\GetRightToGo

    2012-07-11 10:25 - 2012-07-24 05:22 - 00004882 ____A C:\Windows\setupact.log

    2012-07-11 10:25 - 2012-07-11 10:25 - 00000000 ____A C:\Windows\setuperr.log

    2012-07-11 07:38 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

    2012-07-11 07:38 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

    2012-07-11 07:38 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

    2012-07-11 07:38 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

    2012-07-11 07:38 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

    2012-07-11 07:38 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

    2012-07-11 07:38 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

    2012-07-11 07:38 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

    2012-07-11 07:38 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

    2012-07-11 07:38 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

    2012-07-11 07:38 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

    2012-07-11 07:38 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

    2012-07-11 07:38 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

    2012-07-11 07:38 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

    2012-07-11 07:35 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

    2012-07-10 11:35 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

    2012-07-10 11:35 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

    2012-07-10 11:35 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

    2012-07-10 11:35 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

    2012-07-10 11:35 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

    2012-07-10 11:35 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

    2012-07-10 11:35 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

    2012-07-10 11:35 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

    2012-07-10 11:35 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

    2012-07-10 11:35 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

    2012-07-02 16:57 - 2012-07-02 16:57 - 00000000 ____D C:\Users\KWright\AppData\Roaming\Sony

    2012-07-02 16:56 - 2012-07-02 16:56 - 00001903 ____A C:\Users\Public\Desktop\Photo Go 1.0.lnk

    2012-07-02 16:56 - 2012-07-02 16:56 - 00000000 ____D C:\Program Files\Sony

    2012-06-24 13:17 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

    2012-06-24 13:17 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

    2012-06-24 13:17 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

    2012-06-24 13:17 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

    2012-06-24 13:17 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

    2012-06-24 13:17 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

    2012-06-24 13:17 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

    2012-06-24 13:17 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

    2012-06-24 13:17 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe



    ============ 3 Months Modified Files ========================



    2012-07-24 05:23 - 2012-07-24 05:23 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ihotufes.sys

    2012-07-24 05:23 - 2012-03-05 14:28 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2012-07-24 05:22 - 2012-07-11 10:25 - 00004882 ____A C:\Windows\setupact.log

    2012-07-24 05:22 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

    2012-07-24 05:17 - 2009-07-13 20:34 - 00021504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2012-07-24 05:17 - 2009-07-13 20:34 - 00021504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2012-07-24 05:10 - 2012-02-28 15:15 - 01430456 ____A C:\Windows\WindowsUpdate.log

    2012-07-21 11:41 - 2012-02-28 16:11 - 00001945 ____A C:\Windows\epplauncher.mif

    2012-07-21 11:40 - 2010-11-20 13:01 - 00747538 ____A C:\Windows\System32\PerfStringBackup.INI

    2012-07-21 11:39 - 2012-07-21 11:39 - 00040776 ____A C:\Windows\System32\Drivers\mbamswissarmy.sys

    2012-07-21 10:44 - 2012-03-05 14:28 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2012-07-18 16:28 - 2012-07-18 16:28 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2012-07-14 06:25 - 2010-11-20 13:48 - 00016862 ____A C:\Windows\PFRO.log

    2012-07-13 12:31 - 2009-07-13 20:33 - 00409752 ____A C:\Windows\System32\FNTCACHE.DAT

    2012-07-13 09:50 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe

    2012-07-11 14:13 - 2012-07-11 14:13 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xiksufkh.sys

    2012-07-11 10:25 - 2012-07-11 10:25 - 00000000 ____A C:\Windows\setuperr.log

    2012-07-11 07:37 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini

    2012-07-11 07:35 - 2012-02-28 13:08 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

    2012-07-03 09:46 - 2012-07-18 16:28 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

    2012-07-02 16:56 - 2012-07-02 16:56 - 00001903 ____A C:\Users\Public\Desktop\Photo Go 1.0.lnk

    2012-06-27 03:14 - 2009-07-13 20:53 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT

    2012-06-15 17:23 - 2012-06-15 17:23 - 00000079 ____A C:\DVDPATH.TXT

    2012-06-12 20:18 - 2012-02-28 12:57 - 00008688 ____A C:\Windows\IE9_main.log

    2012-06-12 17:47 - 2012-06-12 17:46 - 00005862 ____A C:\Windows\System32\commonpriv.log

    2012-06-12 17:46 - 2012-06-12 17:46 - 00000000 ____A C:\Windows\System32\commonpriv.log.lock

    2012-06-11 18:40 - 2012-07-11 07:35 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

    2012-06-08 20:41 - 2012-07-10 11:35 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

    2012-06-08 18:55 - 2012-06-08 18:55 - 00034764 ____A C:\Users\KWright\AppData\Local\dt.dat

    2012-06-08 13:33 - 2012-06-08 13:33 - 00912860 ____A C:\Users\KWright\Desktop\Attachments_2012_06_8tourdecure.zip

    2012-06-08 13:33 - 2012-06-08 12:10 - 02442050 ____A C:\Users\KWright\Desktop\Attachments_2012_06_8.zip

    2012-06-05 21:05 - 2012-07-10 11:35 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

    2012-06-05 21:05 - 2012-07-10 11:35 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

    2012-06-05 21:03 - 2012-07-10 11:35 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

    2012-06-05 17:32 - 2012-06-05 17:32 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

    2012-06-05 17:32 - 2012-02-28 16:24 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

    2012-06-04 17:52 - 2012-06-04 17:52 - 05189608 ____A C:\Users\KWright\Desktop\DisneyPhotopass3565902-1.zip

    2012-06-04 16:15 - 2012-06-04 16:15 - 00952631 ____A C:\Users\KWright\Desktop\Disney Photo.zip

    2012-06-02 14:19 - 2012-06-24 13:17 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

    2012-06-02 14:19 - 2012-06-24 13:17 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

    2012-06-02 14:19 - 2012-06-24 13:17 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

    2012-06-02 14:19 - 2012-06-24 13:17 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

    2012-06-02 14:19 - 2012-06-24 13:17 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

    2012-06-02 14:12 - 2012-06-24 13:17 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

    2012-06-02 14:12 - 2012-06-24 13:17 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

    2012-06-02 11:19 - 2012-06-24 13:17 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

    2012-06-02 11:12 - 2012-06-24 13:17 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

    2012-06-02 01:07 - 2012-07-11 07:38 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

    2012-06-02 00:43 - 2012-07-11 07:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

    2012-06-02 00:33 - 2012-07-11 07:38 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

    2012-06-02 00:26 - 2012-07-11 07:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

    2012-06-02 00:25 - 2012-07-11 07:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

    2012-06-02 00:25 - 2012-07-11 07:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

    2012-06-02 00:23 - 2012-07-11 07:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

    2012-06-02 00:21 - 2012-07-11 07:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

    2012-06-02 00:20 - 2012-07-11 07:38 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

    2012-06-02 00:19 - 2012-07-11 07:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

    2012-06-02 00:19 - 2012-07-11 07:38 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

    2012-06-02 00:17 - 2012-07-11 07:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

    2012-06-02 00:16 - 2012-07-11 07:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

    2012-06-02 00:14 - 2012-07-11 07:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

    2012-06-01 20:45 - 2012-07-10 11:35 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

    2012-06-01 20:45 - 2012-07-10 11:35 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

    2012-06-01 20:40 - 2012-07-10 11:35 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

    2012-06-01 20:40 - 2012-07-10 11:35 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

    2012-06-01 20:39 - 2012-07-10 11:35 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

    2012-05-14 21:23 - 2012-05-14 21:23 - 00952631 ____A C:\Users\KWright\Desktop\Digital Download Entitlement 4x6 format (3503553).zip

    2012-05-14 21:22 - 2012-05-14 21:22 - 00952631 ____A C:\Users\KWright\Downloads\Digital Download Entitlement 4x6 format (3503553).zip

    2012-05-05 19:30 - 2012-05-05 19:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

    2012-04-30 20:44 - 2012-06-13 07:08 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

    2012-04-27 19:17 - 2012-06-13 07:08 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys





    ZeroAccess:

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\@

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L\00000004.@

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L\00000004.@.vir

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L\1afb2d56

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L\201d3dde

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U\00000004.@

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U\00000008.@

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U\000000cb.@

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U\80000000.@

    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U\80000032.@



    ZeroAccess:

    C:\Users\KWright\AppData\Local\{58373e3b-29d5-06fe-70c4-fd025b02dadc}

    C:\Users\KWright\AppData\Local\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\@

    C:\Users\KWright\AppData\Local\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L

    C:\Users\KWright\AppData\Local\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U



    ZeroAccess:

    C:\Windows\assembly\GAC\Desktop.ini



    ========================= Known DLLs (Whitelisted) ============





    ========================= Bamital & volsnap Check ============



    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\System32\svchost.exe => MD5 is legit

    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.

    C:\Windows\System32\User32.dll => MD5 is legit

    C:\Windows\System32\userinit.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



    ==================== EXE ASSOCIATION =====================



    HKLM\...\.exe: exefile => OK

    HKLM\...\exefile\DefaultIcon: %1 => OK

    HKLM\...\exefile\open\command: "%1" %* => OK



    ========================= Memory info ======================



    Percentage of memory in use: 13%

    Total physical RAM: 3062.04 MB

    Available physical RAM: 2639.39 MB

    Total Pagefile: 3060.33 MB

    Available Pagefile: 2639.34 MB

    Total Virtual: 2047.88 MB

    Available Virtual: 1956.68 MB



    ======================= Partitions =========================



    1 Drive c: (New Volume) (Fixed) (Total:232.88 GB) (Free:140.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    3 Drive e: (AV) (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT

    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS



    Disk ### Status Size Free Dyn Gpt

    -------- ------------- ------- ------- --- ---

    Disk 0 Online 232 GB 0 B

    Disk 1 Online 981 MB 0 B



    Partitions of Disk 0:

    ===============



    Partition ### Type Size Offset

    ------------- ---------------- ------- -------

    Partition 1 Primary 232 GB 1024 KB



    ==================================================================================



    Disk: 0

    Partition 1

    Type : 07

    Hidden: No

    Active: Yes



    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 1 C New Volume NTFS Partition 232 GB Healthy



    ==================================================================================



    Partitions of Disk 1:

    ===============



    Partition ### Type Size Offset

    ------------- ---------------- ------- -------

    Partition 1 Primary 980 MB 31 KB



    ==================================================================================



    Disk: 1

    Partition 1

    Type : 06

    Hidden: No

    Active: Yes



    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 2 E AV FAT Removable 980 MB Healthy



    ==================================================================================



    ==========================================================



    Last Boot: 2012-07-18 17:44



    ======================= End Of Log ==========================
     
  2. SyracuseTech

    SyracuseTech TS Rookie Topic Starter

    Here is my Services.txt file, I'm assuming you will ask for it since that seems to be the trend in similar posts.

    Farbar Recovery Scan Tool Version: 20-07-2012 01
    Ran by SYSTEM at 2012-07-24 09:44:28
    Running from E:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2012-07-13 09:50] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
    === End Of Search ===
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  4. SyracuseTech

    SyracuseTech TS Rookie Topic Starter

    ComboFix 12-07-25.04 - KWright 07/24/2012 12:57:09.1.2 - x86
    Running from: c:\users\KWright\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\KWright\AppData\Roaming\Start
    c:\users\KWright\AppData\Roaming\Start\temp_20E5ACDA\flash.10.0.32.18.ocx
    c:\users\KWright\AppData\Roaming\Start\temp_20E5ACDA\ScreenCapture.mfx
    c:\users\KWright\Documents\R166243.zip
    c:\windows\system32\odbcad32.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-24 17:31 . 2012-07-24 17:31 -------- d-----w- C:\FRST
    2012-07-24 13:14 . 2012-07-24 16:30 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F2F95EC-98A7-490E-9994-81A1045AE337}\offreg.dll
    2012-07-24 13:11 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{125B55BF-0056-4630-800F-1465A7E451E7}\gapaengine.dll
    2012-07-24 13:11 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F2F95EC-98A7-490E-9994-81A1045AE337}\mpengine.dll
    2012-07-23 20:55 . 2012-07-24 16:49 -------- d-----w- c:\windows\Microsoft Antimalware
    2012-07-23 17:18 . 2012-07-23 17:18 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-23 10:23 . 2012-07-23 12:27 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
    2012-07-21 19:40 . 2012-07-21 19:40 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-19 00:28 . 2012-07-19 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-19 00:28 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-11 22:13 . 2012-07-11 22:13 -------- d-----w- c:\users\KWright\AppData\Roaming\GetRightToGo
    2012-07-11 15:35 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-07-03 00:57 . 2012-07-03 00:57 -------- d-----w- c:\users\KWright\AppData\Roaming\Sony
    2012-07-03 00:56 . 2012-07-03 00:56 -------- d-----w- c:\program files\Sony
    2012-07-03 00:54 . 2012-07-03 00:54 -------- d-----w- c:\program files\Sony Setup
    2012-06-24 21:17 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-24 21:17 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-24 21:17 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-24 21:17 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-24 21:17 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-24 21:17 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-24 21:17 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-24 21:17 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-24 21:17 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-06 01:32 . 2012-06-06 01:32 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-06 01:32 . 2012-02-29 00:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-01 04:44 . 2012-06-13 15:08 164352 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:17 . 2012-06-13 15:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 04:45 . 2012-06-13 15:08 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 04:45 . 2012-06-13 15:08 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 04:41 . 2012-06-13 15:08 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "DLCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
    "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2007-01-30 431600]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    c:\users\KWright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 22:28]
    .
    2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 22:28]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 71.243.0.12 68.237.161.12
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    SafeBoot-Wdf01000.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
    02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:35,26,95,0d,26,40,cd,01
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\dlcccoms.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-24 13:14:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-24 17:14
    .
    Pre-Run: 150,379,212,800 bytes free
    Post-Run: 150,069,145,600 bytes free
    .
    - - End Of File - - 21CDE0FDAC3CD3DFC760F78E9ADAE512
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I still need Fixlog.txt log.

    [​IMG]
     
    SyracuseTech likes this.
  6. SyracuseTech

    SyracuseTech TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
    Ran by SYSTEM at 2012-07-24 12:19:39 Run:1
    Running from E:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\System32\Drivers\ihotufes.sys moved successfully.
    C:\Windows\System32\Drivers\xiksufkh.sys moved successfully.
    C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc} moved successfully.
    C:\Users\KWright\AppData\Local\{58373e3b-29d5-06fe-70c4-fd025b02dadc} moved successfully.
    C:\Windows\assembly\GAC\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very well :)

    Any current issues?

    ===========================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. SyracuseTech

    SyracuseTech TS Rookie Topic Starter

    Everything appears to be ok so far, didn't want to go any further without hearing back from you. I will post my scan results after I run them. Thank you again for your help, unbelieveable how great of a job you do for free!
     
  9. SyracuseTech

    SyracuseTech TS Rookie Topic Starter

    Malwarebytes Anti-Malware (PRO) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.24.11
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    KWright :: KWRIGHT-PC [administrator]
    Protection: Enabled
    7/24/2012 3:26:57 PM
    mbam-log-2012-07-24 (15-34-28).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 184570
    Time elapsed: 6 minute(s), 1 second(s)
    Memory Processes Detected: 1
    E:\Malwarebytes Anti-Malware v1.61.0.1400\KEY\OMFGWTFBBQ.exe (Dont.Steal.Our.Software) -> 3420 -> No action taken.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    E:\Malwarebytes Anti-Malware v1.61.0.1400\KEY\OMFGWTFBBQ.exe (Dont.Steal.Our.Software) -> No action taken.
    (end)
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Your MBAM log says "No action taken".
    Re-run it, FIX all issues and post new log.
     
  11. SyracuseTech

    SyracuseTech TS Rookie Topic Starter

    Malwarebytes Anti-Malware (PRO) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.24.11
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    KWright :: KWRIGHT-PC [administrator]
    Protection: Enabled
    7/24/2012 3:46:15 PM
    mbam-log-2012-07-24 (15-46-15).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 186162
    Time elapsed: 4 minute(s), 13 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  12. SyracuseTech

    SyracuseTech TS Rookie Topic Starter

    OTL logfile created on: 7/24/2012 3:36:28 PM - Run 1
    OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\KWright\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.26% Memory free
    5.98 Gb Paging File | 4.50 Gb Available in Paging File | 75.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 139.71 Gb Free Space | 59.99% Space Free | Partition Type: NTFS

    Computer Name: KWRIGHT-PC | User Name: KWright | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/24 15:31:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\KWright\Desktop\OTL.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/04/05 17:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2010/03/23 14:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2007/05/09 18:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2007/01/30 02:34:30 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlcccoms.exe
    PRC - [2007/01/30 02:34:16 | 000,431,600 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/14 13:03:08 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
    MOD - [2012/05/15 10:01:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/15 09:41:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/15 09:41:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2007/12/08 15:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
    MOD - [2007/01/22 02:24:50 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccfg.dll
    MOD - [2005/12/13 14:52:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlccdrec.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/02/28 16:56:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/01/30 02:34:30 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcccoms.exe -- (dlcc_device)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\KWright\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
    DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/04/15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/17 17:53:38 | 000,080,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 1B B5 77 6C F6 CC 01 [binary data]
    IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\..\SearchScopes\{05FA4074-DC55-414D-A305-7525346CA094}: "URL" = http://isearch.avg.com/search?cid={...37f4c7380b4&lang=en&ds=AVG&pr=fr&d=2012-06-06 22:21:41&v=11.1.0.7&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\..\SearchScopes\{4E912CC3-1B30-439A-8ACE-D7D050822B27}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



    O1 HOSTS File: ([2012/07/24 13:09:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DLCCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
    O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKU\S-1-5-21-2132209386-2144939819-225470482-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.243.0.12 68.237.161.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18719D09-9E23-44DC-963C-A1847CFD3FFD}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC5FECB5-F75E-4B6D-AFF2-21C5AEB4015F}: DhcpNameServer = 71.243.0.12 68.237.161.12
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/24 15:31:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\KWright\Desktop\OTL.exe
    [2012/07/24 13:31:21 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/24 13:09:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/24 13:05:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/24 13:05:30 | 000,000,000 | ---D | C] -- C:\Users\KWright\AppData\Local\temp
    [2012/07/24 12:55:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/24 12:55:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/24 12:55:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/24 12:55:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/24 12:55:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/24 12:39:26 | 004,584,441 | R--- | C] (Swearware) -- C:\Users\KWright\Desktop\ComboFix.exe
    [2012/07/23 16:55:48 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
    [2012/07/23 13:18:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/23 06:23:10 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
    [2012/07/21 15:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/18 20:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/18 20:28:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/07/18 20:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/07/11 18:13:25 | 000,000,000 | ---D | C] -- C:\Users\KWright\Desktop\Downloads
    [2012/07/11 18:13:13 | 000,000,000 | ---D | C] -- C:\Users\KWright\AppData\Roaming\GetRightToGo
    [2012/07/02 20:57:55 | 000,000,000 | ---D | C] -- C:\Users\KWright\AppData\Roaming\Sony
    [2012/07/02 20:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    [2012/07/02 20:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2012/07/02 20:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/24 15:31:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\KWright\Desktop\OTL.exe
    [2012/07/24 15:26:52 | 000,629,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/24 15:26:52 | 000,108,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/24 14:44:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/24 13:19:40 | 000,021,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/24 13:19:40 | 000,021,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/24 13:10:48 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/24 13:09:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/07/24 13:09:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/24 13:09:13 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/24 12:39:26 | 004,584,441 | R--- | M] (Swearware) -- C:\Users\KWright\Desktop\ComboFix.exe
    [2012/07/21 15:41:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/18 20:28:42 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/13 16:31:12 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/07/02 21:19:03 | 000,549,541 | ---- | M] () -- C:\Users\KWright\Desktop\OldForge2012 009.JPG
    [2012/07/02 21:15:22 | 000,469,629 | ---- | M] () -- C:\Users\KWright\Desktop\Disney Vacation May, 7-14th 2012 004.JPG
    [2012/07/02 21:07:22 | 000,143,138 | ---- | M] () -- C:\Users\KWright\Desktop\Fathers Day 2012 021.JPG
    [2012/07/02 20:56:13 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Photo Go 1.0.lnk
    [2012/07/02 20:45:28 | 001,618,363 | ---- | M] () -- C:\Users\KWright\Desktop\35659020002.jpg
    [2012/07/02 20:45:25 | 001,356,194 | ---- | M] () -- C:\Users\KWright\Desktop\35659020001.jpg
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/24 12:55:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/24 12:55:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/24 12:55:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/24 12:55:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/24 12:55:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/21 15:40:54 | 000,001,925 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/18 20:28:42 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/02 21:19:03 | 000,549,541 | ---- | C] () -- C:\Users\KWright\Desktop\OldForge2012 009.JPG
    [2012/07/02 21:15:21 | 000,469,629 | ---- | C] () -- C:\Users\KWright\Desktop\Disney Vacation May, 7-14th 2012 004.JPG
    [2012/07/02 21:07:22 | 000,143,138 | ---- | C] () -- C:\Users\KWright\Desktop\Fathers Day 2012 021.JPG
    [2012/07/02 20:56:13 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Photo Go 1.0.lnk
    [2012/06/08 22:55:53 | 000,034,764 | ---- | C] () -- C:\Users\KWright\AppData\Local\dt.dat
    [2012/03/11 21:08:30 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlccinpa.dll
    [2012/03/11 21:08:30 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcciesc.dll
    [2012/03/11 21:08:30 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcchcp.dll
    [2012/03/11 21:08:30 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlccinst.dll
    [2012/03/11 21:08:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlccserv.dll
    [2012/03/11 21:08:29 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlccusb1.dll
    [2012/03/11 21:08:29 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlccutil.dll
    [2012/03/11 21:08:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlccprox.dll
    [2012/03/11 21:08:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlccpplc.dll
    [2012/03/11 21:08:28 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcchbn3.dll
    [2012/03/11 21:08:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlccpmui.dll
    [2012/03/11 21:08:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcclmpm.dll
    [2012/03/11 21:08:28 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlccih.exe
    [2012/03/11 21:08:28 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlccinsb.dll
    [2012/03/11 21:08:28 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlccins.dll
    [2012/03/11 21:08:28 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlccjswr.dll
    [2012/03/11 21:08:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlccinsr.dll
    [2012/03/11 21:08:27 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlcccoms.exe
    [2012/03/11 21:08:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcccomm.dll
    [2012/03/11 21:08:27 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcccub.dll
    [2012/03/11 21:08:27 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcccu.dll
    [2012/03/11 21:08:27 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcccur.dll
    [2012/03/11 21:08:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcccomc.dll
    [2012/03/11 21:08:26 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlcccfg.exe
    [2012/03/11 21:08:26 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlcccfg.dll
    [2012/03/03 18:40:36 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
    [2012/03/03 18:40:36 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
    [2012/03/03 18:40:06 | 000,241,664 | ---- | C] () -- C:\Windows\System32\Image32.dll
    [2012/03/03 18:40:06 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Png32.dll
    [2012/03/03 18:40:06 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Jpeg32.dll
    [2012/03/03 18:40:06 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Tga32.dll
    [2012/03/03 18:40:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Pcx32.dll
    [2012/03/03 18:40:06 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Twscan32.dll
    [2012/02/28 20:25:19 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2012/02/28 20:25:17 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
    [2012/02/28 17:14:25 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

    ========== LOP Check ==========

    [2012/07/11 18:13:13 | 000,000,000 | ---D | M] -- C:\Users\KWright\AppData\Roaming\GetRightToGo
    [2012/07/02 20:57:55 | 000,000,000 | ---D | M] -- C:\Users\KWright\AppData\Roaming\Sony
    [2012/06/27 07:14:27 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
  13. SyracuseTech

    SyracuseTech TS Rookie Topic Starter

    OTL Extras logfile created on: 7/24/2012 3:36:28 PM - Run 1
    OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\KWright\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.26% Memory free
    5.98 Gb Paging File | 4.50 Gb Available in Paging File | 75.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 139.71 Gb Free Space | 59.99% Space Free | Partition Type: NTFS

    Computer Name: KWRIGHT-PC | User Name: KWright | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{158C0B1D-B593-4779-B17A-5641B6C94F33}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E817F164-E8E7-41CE-9A83-7E52A4ACD0EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
    "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DFAE7FE-677A-4158-9C08-231D7C12DA35}" = OneTouch Zoom Pro v5.0
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{B18C4F32-5CDD-4357-8523-85659CFCF2A0}" = Meter Drivers for OneTouch(R) Software
    "{B28470A5-F73F-432C-8066-05BA652AA5D1}" = Meter Drivers for OneTouch(R) Software
    "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
    "{D6160F37-7638-4E56-9774-F3C88F30A4A9}" = Msxml4 for LDCF
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{E3BE5DF1-0D65-4774-904E-0192ABF29AF9}" = Sony Photo Go 1.0b
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{B18C4F32-5CDD-4357-8523-85659CFCF2A0}" = Meter Drivers for OneTouch(R) Software v1.7.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "TVWiz" = Intel(R) TV Wizard

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/23/2012 12:31:46 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
    Description =

    Error - 7/23/2012 12:32:44 PM | Computer Name = KWright-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.
    System
    Error: The RPC server is unavailable. .

    Error - 7/23/2012 1:13:20 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
    Description =

    Error - 7/23/2012 1:16:44 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
    Description =

    Error - 7/23/2012 1:19:37 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
    Description =

    Error - 7/23/2012 1:34:06 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
    Description =

    Error - 7/24/2012 9:09:52 AM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
    Description =

    Error - 7/24/2012 9:23:16 AM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
    Description =

    Error - 7/24/2012 12:30:38 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
    Description =

    Error - 7/24/2012 1:11:16 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 10
    Description =

    [ Broadcom Wireless LAN Events ]
    Error - 4/20/2012 7:33:44 AM | Computer Name = KWright-PC | Source = WLAN-Tray | ID = 0
    Description = 07:33:41, Fri, Apr 20, 12 Error - Unable to gain access to user store

    Error - 7/1/2012 12:23:09 AM | Computer Name = KWright-PC | Source = WLAN-Tray | ID = 0
    Description = 00:23:05, Sun, Jul 01, 12 Error - Unable to gain access to user store

    Error - 7/1/2012 10:06:59 AM | Computer Name = KWright-PC | Source = WLAN-Tray | ID = 0
    Description = 10:06:56, Sun, Jul 01, 12 Error - Unable to gain access to user store

    Error - 7/9/2012 9:02:47 PM | Computer Name = KWright-PC | Source = WLAN-Tray | ID = 0
    Description = 21:02:45, Mon, Jul 09, 12 Error - Unable to gain access to user store

    [ System Events ]
    Error - 5/31/2012 9:49:04 PM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7000
    Description = The BCM42RLY service failed to start due to the following error: %%2

    Error - 5/31/2012 9:49:09 PM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 5/31/2012 9:49:09 PM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 6/1/2012 8:25:43 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 6/1/2012 8:25:46 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7000
    Description = The BCM42RLY service failed to start due to the following error: %%2

    Error - 6/1/2012 8:25:46 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7000
    Description = The BCM42RLY service failed to start due to the following error: %%2

    Error - 6/1/2012 8:25:49 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7000
    Description = The BCM42RLY service failed to start due to the following error: %%2

    Error - 6/1/2012 8:25:49 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7000
    Description = The BCM42RLY service failed to start due to the following error: %%2

    Error - 6/1/2012 8:25:54 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 6/1/2012 8:25:54 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891


    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    OTL logs are clean :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. SyracuseTech

    SyracuseTech TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.24
    Windows 7 Service Pack 1 x86 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
     
  16. SyracuseTech

    SyracuseTech TS Rookie Topic Starter

    Farbar Service Scanner Version: 22-07-2012
    Ran by KWright (administrator) on 24-07-2012 at 16:13:43
    Running from "C:\Users\KWright\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RJFNUI9"
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Eset?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...