Inactive [A] Sirefef.ah & Sire

Status
Not open for further replies.
SyracuseTech

SyracuseTech

Posts: 11   +0
I have a computer I am fixing for a friend that has the two viruses on it. It is causing the computer to crash because of a critical error about 1 minute into getting in Windows. MSE is not able to get rid of the virus. Below is my Frst.txt file, and thank you in advance for the help with this annoying virus.


[FONT=Calibri]Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01[/FONT]

[FONT=Calibri]Ran by SYSTEM at 24-07-2012 09:31:25[/FONT]

[FONT=Calibri]Running from E:\[/FONT]

[FONT=Calibri]Windows 7 Professional Service Pack 1 (X86) OS Language: English(US) [/FONT]

[FONT=Calibri]The current controlset is ControlSet002[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========================== Registry (Whitelisted) =============[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)[/FONT]

[FONT=Calibri]HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)[/FONT]

[FONT=Calibri]HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)[/FONT]

[FONT=Calibri]HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)[/FONT]

[FONT=Calibri]HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3444736 2007-12-08] (Dell Inc.)[/FONT]

[FONT=Calibri]HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)[/FONT]

[FONT=Calibri]HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)[/FONT]

[FONT=Calibri]HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)[/FONT]

[FONT=Calibri]HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-01-11] (Adobe Systems Incorporated)[/FONT]

[FONT=Calibri]HKLM\...\Run: [DLCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 [73728 2006-02-24] ()[/FONT]

[FONT=Calibri]HKLM\...\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [431600 2007-01-29] (Dell)[/FONT]

[FONT=Calibri]HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)[/FONT]

[FONT=Calibri]HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)[/FONT]

[FONT=Calibri]HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)[/FONT]

[FONT=Calibri]HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)[/FONT]

[FONT=Calibri]HKU\KWright\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)[/FONT]

[FONT=Calibri]Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)[/FONT]

[FONT=Calibri]Tcpip\Parameters: [DhcpNameServer] 71.243.0.12 68.237.161.12[/FONT]

[FONT=Calibri]Startup: C:\Users\KWright\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk[/FONT]

[FONT=Calibri]ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]================================ Services (Whitelisted) ==================[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]2 dlcc_device; C:\Windows\system32\dlcccoms.exe -service [538096 2007-01-29] ( )[/FONT]

[FONT=Calibri]2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)[/FONT]

[FONT=Calibri]2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)[/FONT]

[FONT=Calibri]2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)[/FONT]

[FONT=Calibri]2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x][/FONT]

[FONT=Calibri]3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========================== Drivers (Whitelisted) =============[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)[/FONT]

[FONT=Calibri]3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-21] ()[/FONT]

[FONT=Calibri]0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)[/FONT]

[FONT=Calibri]3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()[/FONT]

[FONT=Calibri]3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [x][/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========================== NetSvcs (Whitelisted) ===========[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]============ One Month Created Files and Folders ==============[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]2012-07-24 09:31 - 2012-07-24 09:31 - 00000000 ____D C:\FRST[/FONT]

[FONT=Calibri]2012-07-24 05:23 - 2012-07-24 05:23 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ihotufes.sys[/FONT]

[FONT=Calibri]2012-07-23 12:55 - 2012-07-24 08:49 - 00000000 ____D C:\Windows\Microsoft Antimalware[/FONT]

[FONT=Calibri]2012-07-23 09:18 - 2012-07-23 09:18 - 00000000 ____D C:\TDSSKiller_Quarantine[/FONT]

[FONT=Calibri]2012-07-23 02:23 - 2012-07-23 04:27 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0[/FONT]

[FONT=Calibri]2012-07-21 11:40 - 2012-07-21 11:40 - 00000000 ____D C:\Program Files\Microsoft Security Client[/FONT]

[FONT=Calibri]2012-07-21 11:39 - 2012-07-21 11:39 - 00040776 ____A C:\Windows\System32\Drivers\mbamswissarmy.sys[/FONT]

[FONT=Calibri]2012-07-18 16:28 - 2012-07-18 16:28 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/FONT]

[FONT=Calibri]2012-07-18 16:28 - 2012-07-18 16:28 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware[/FONT]

[FONT=Calibri]2012-07-18 16:28 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys[/FONT]

[FONT=Calibri]2012-07-11 14:13 - 2012-07-11 14:13 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xiksufkh.sys[/FONT]

[FONT=Calibri]2012-07-11 14:13 - 2012-07-11 14:13 - 00000000 ____D C:\Users\KWright\AppData\Roaming\GetRightToGo[/FONT]

[FONT=Calibri]2012-07-11 10:25 - 2012-07-24 05:22 - 00004882 ____A C:\Windows\setupact.log[/FONT]

[FONT=Calibri]2012-07-11 10:25 - 2012-07-11 10:25 - 00000000 ____A C:\Windows\setuperr.log[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb[/FONT]

[FONT=Calibri]2012-07-11 07:38 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll[/FONT]

[FONT=Calibri]2012-07-11 07:35 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys[/FONT]

[FONT=Calibri]2012-07-10 11:35 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll[/FONT]

[FONT=Calibri]2012-07-10 11:35 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll[/FONT]

[FONT=Calibri]2012-07-10 11:35 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll[/FONT]

[FONT=Calibri]2012-07-10 11:35 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll[/FONT]

[FONT=Calibri]2012-07-10 11:35 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys[/FONT]

[FONT=Calibri]2012-07-10 11:35 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys[/FONT]

[FONT=Calibri]2012-07-10 11:35 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys[/FONT]

[FONT=Calibri]2012-07-10 11:35 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll[/FONT]

[FONT=Calibri]2012-07-10 11:35 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll[/FONT]

[FONT=Calibri]2012-07-10 11:35 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll[/FONT]

[FONT=Calibri]2012-07-02 16:57 - 2012-07-02 16:57 - 00000000 ____D C:\Users\KWright\AppData\Roaming\Sony[/FONT]

[FONT=Calibri]2012-07-02 16:56 - 2012-07-02 16:56 - 00001903 ____A C:\Users\Public\Desktop\Photo Go 1.0.lnk[/FONT]

[FONT=Calibri]2012-07-02 16:56 - 2012-07-02 16:56 - 00000000 ____D C:\Program Files\Sony[/FONT]

[FONT=Calibri]2012-06-24 13:17 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll[/FONT]

[FONT=Calibri]2012-06-24 13:17 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll[/FONT]

[FONT=Calibri]2012-06-24 13:17 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe[/FONT]

[FONT=Calibri]2012-06-24 13:17 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll[/FONT]

[FONT=Calibri]2012-06-24 13:17 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll[/FONT]

[FONT=Calibri]2012-06-24 13:17 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll[/FONT]

[FONT=Calibri]2012-06-24 13:17 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll[/FONT]

[FONT=Calibri]2012-06-24 13:17 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll[/FONT]

[FONT=Calibri]2012-06-24 13:17 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]============ 3 Months Modified Files ========================[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]2012-07-24 05:23 - 2012-07-24 05:23 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ihotufes.sys[/FONT]

[FONT=Calibri]2012-07-24 05:23 - 2012-03-05 14:28 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job[/FONT]

[FONT=Calibri]2012-07-24 05:22 - 2012-07-11 10:25 - 00004882 ____A C:\Windows\setupact.log[/FONT]

[FONT=Calibri]2012-07-24 05:22 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT[/FONT]

[FONT=Calibri]2012-07-24 05:17 - 2009-07-13 20:34 - 00021504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[/FONT]

[FONT=Calibri]2012-07-24 05:17 - 2009-07-13 20:34 - 00021504 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[/FONT]

[FONT=Calibri]2012-07-24 05:10 - 2012-02-28 15:15 - 01430456 ____A C:\Windows\WindowsUpdate.log[/FONT]

[FONT=Calibri]2012-07-21 11:41 - 2012-02-28 16:11 - 00001945 ____A C:\Windows\epplauncher.mif[/FONT]

[FONT=Calibri]2012-07-21 11:40 - 2010-11-20 13:01 - 00747538 ____A C:\Windows\System32\PerfStringBackup.INI[/FONT]

[FONT=Calibri]2012-07-21 11:39 - 2012-07-21 11:39 - 00040776 ____A C:\Windows\System32\Drivers\mbamswissarmy.sys[/FONT]

[FONT=Calibri]2012-07-21 10:44 - 2012-03-05 14:28 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job[/FONT]

[FONT=Calibri]2012-07-18 16:28 - 2012-07-18 16:28 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[/FONT]

[FONT=Calibri]2012-07-14 06:25 - 2010-11-20 13:48 - 00016862 ____A C:\Windows\PFRO.log[/FONT]

[FONT=Calibri]2012-07-13 12:31 - 2009-07-13 20:33 - 00409752 ____A C:\Windows\System32\FNTCACHE.DAT[/FONT]

[FONT=Calibri]2012-07-13 09:50 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe[/FONT]

[FONT=Calibri]2012-07-11 14:13 - 2012-07-11 14:13 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xiksufkh.sys[/FONT]

[FONT=Calibri]2012-07-11 10:25 - 2012-07-11 10:25 - 00000000 ____A C:\Windows\setuperr.log[/FONT]

[FONT=Calibri]2012-07-11 07:37 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini[/FONT]

[FONT=Calibri]2012-07-11 07:35 - 2012-02-28 13:08 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe[/FONT]

[FONT=Calibri]2012-07-03 09:46 - 2012-07-18 16:28 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys[/FONT]

[FONT=Calibri]2012-07-02 16:56 - 2012-07-02 16:56 - 00001903 ____A C:\Users\Public\Desktop\Photo Go 1.0.lnk[/FONT]

[FONT=Calibri]2012-06-27 03:14 - 2009-07-13 20:53 - 00032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT[/FONT]

[FONT=Calibri]2012-06-15 17:23 - 2012-06-15 17:23 - 00000079 ____A C:\DVDPATH.TXT[/FONT]

[FONT=Calibri]2012-06-12 20:18 - 2012-02-28 12:57 - 00008688 ____A C:\Windows\IE9_main.log[/FONT]

[FONT=Calibri]2012-06-12 17:47 - 2012-06-12 17:46 - 00005862 ____A C:\Windows\System32\commonpriv.log[/FONT]

[FONT=Calibri]2012-06-12 17:46 - 2012-06-12 17:46 - 00000000 ____A C:\Windows\System32\commonpriv.log.lock[/FONT]

[FONT=Calibri]2012-06-11 18:40 - 2012-07-11 07:35 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys[/FONT]

[FONT=Calibri]2012-06-08 20:41 - 2012-07-10 11:35 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll[/FONT]

[FONT=Calibri]2012-06-08 18:55 - 2012-06-08 18:55 - 00034764 ____A C:\Users\KWright\AppData\Local\dt.dat[/FONT]

[FONT=Calibri]2012-06-08 13:33 - 2012-06-08 13:33 - 00912860 ____A C:\Users\KWright\Desktop\Attachments_2012_06_8tourdecure.zip[/FONT]

[FONT=Calibri]2012-06-08 13:33 - 2012-06-08 12:10 - 02442050 ____A C:\Users\KWright\Desktop\Attachments_2012_06_8.zip[/FONT]

[FONT=Calibri]2012-06-05 21:05 - 2012-07-10 11:35 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll[/FONT]

[FONT=Calibri]2012-06-05 21:05 - 2012-07-10 11:35 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll[/FONT]

[FONT=Calibri]2012-06-05 21:03 - 2012-07-10 11:35 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll[/FONT]

[FONT=Calibri]2012-06-05 17:32 - 2012-06-05 17:32 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe[/FONT]

[FONT=Calibri]2012-06-05 17:32 - 2012-02-28 16:24 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl[/FONT]

[FONT=Calibri]2012-06-04 17:52 - 2012-06-04 17:52 - 05189608 ____A C:\Users\KWright\Desktop\DisneyPhotopass3565902-1.zip[/FONT]

[FONT=Calibri]2012-06-04 16:15 - 2012-06-04 16:15 - 00952631 ____A C:\Users\KWright\Desktop\Disney Photo.zip[/FONT]

[FONT=Calibri]2012-06-02 14:19 - 2012-06-24 13:17 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll[/FONT]

[FONT=Calibri]2012-06-02 14:19 - 2012-06-24 13:17 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll[/FONT]

[FONT=Calibri]2012-06-02 14:19 - 2012-06-24 13:17 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe[/FONT]

[FONT=Calibri]2012-06-02 14:19 - 2012-06-24 13:17 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll[/FONT]

[FONT=Calibri]2012-06-02 14:19 - 2012-06-24 13:17 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll[/FONT]

[FONT=Calibri]2012-06-02 14:12 - 2012-06-24 13:17 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll[/FONT]

[FONT=Calibri]2012-06-02 14:12 - 2012-06-24 13:17 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll[/FONT]

[FONT=Calibri]2012-06-02 11:19 - 2012-06-24 13:17 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll[/FONT]

[FONT=Calibri]2012-06-02 11:12 - 2012-06-24 13:17 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe[/FONT]

[FONT=Calibri]2012-06-02 01:07 - 2012-07-11 07:38 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll[/FONT]

[FONT=Calibri]2012-06-02 00:43 - 2012-07-11 07:38 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll[/FONT]

[FONT=Calibri]2012-06-02 00:33 - 2012-07-11 07:38 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll[/FONT]

[FONT=Calibri]2012-06-02 00:26 - 2012-07-11 07:38 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll[/FONT]

[FONT=Calibri]2012-06-02 00:25 - 2012-07-11 07:38 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl[/FONT]

[FONT=Calibri]2012-06-02 00:25 - 2012-07-11 07:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll[/FONT]

[FONT=Calibri]2012-06-02 00:23 - 2012-07-11 07:38 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll[/FONT]

[FONT=Calibri]2012-06-02 00:21 - 2012-07-11 07:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll[/FONT]

[FONT=Calibri]2012-06-02 00:20 - 2012-07-11 07:38 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe[/FONT]

[FONT=Calibri]2012-06-02 00:19 - 2012-07-11 07:38 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll[/FONT]

[FONT=Calibri]2012-06-02 00:19 - 2012-07-11 07:38 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll[/FONT]

[FONT=Calibri]2012-06-02 00:17 - 2012-07-11 07:38 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll[/FONT]

[FONT=Calibri]2012-06-02 00:16 - 2012-07-11 07:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb[/FONT]

[FONT=Calibri]2012-06-02 00:14 - 2012-07-11 07:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll[/FONT]

[FONT=Calibri]2012-06-01 20:45 - 2012-07-10 11:35 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys[/FONT]

[FONT=Calibri]2012-06-01 20:45 - 2012-07-10 11:35 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys[/FONT]

[FONT=Calibri]2012-06-01 20:40 - 2012-07-10 11:35 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys[/FONT]

[FONT=Calibri]2012-06-01 20:40 - 2012-07-10 11:35 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll[/FONT]

[FONT=Calibri]2012-06-01 20:39 - 2012-07-10 11:35 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll[/FONT]

[FONT=Calibri]2012-05-14 21:23 - 2012-05-14 21:23 - 00952631 ____A C:\Users\KWright\Desktop\Digital Download Entitlement 4x6 format (3503553).zip[/FONT]

[FONT=Calibri]2012-05-14 21:22 - 2012-05-14 21:22 - 00952631 ____A C:\Users\KWright\Downloads\Digital Download Entitlement 4x6 format (3503553).zip[/FONT]

[FONT=Calibri]2012-05-05 19:30 - 2012-05-05 19:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf[/FONT]

[FONT=Calibri]2012-04-30 20:44 - 2012-06-13 07:08 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll[/FONT]

[FONT=Calibri]2012-04-27 19:17 - 2012-06-13 07:08 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]ZeroAccess:[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\@[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L\00000004.@[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L\00000004.@.vir[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L\1afb2d56[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L\201d3dde[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U\00000004.@[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U\00000008.@[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U\000000cb.@[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U\80000000.@[/FONT]

[FONT=Calibri]C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U\80000032.@[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]ZeroAccess:[/FONT]

[FONT=Calibri]C:\Users\KWright\AppData\Local\{58373e3b-29d5-06fe-70c4-fd025b02dadc}[/FONT]

[FONT=Calibri]C:\Users\KWright\AppData\Local\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\@[/FONT]

[FONT=Calibri]C:\Users\KWright\AppData\Local\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\L[/FONT]

[FONT=Calibri]C:\Users\KWright\AppData\Local\{58373e3b-29d5-06fe-70c4-fd025b02dadc}\U[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]ZeroAccess:[/FONT]

[FONT=Calibri]C:\Windows\assembly\GAC\Desktop.ini[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========================= Known DLLs (Whitelisted) ============[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========================= Bamital & volsnap Check ============[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]C:\Windows\explorer.exe => MD5 is legit[/FONT]

[FONT=Calibri]C:\Windows\System32\winlogon.exe => MD5 is legit[/FONT]

[FONT=Calibri]C:\Windows\System32\wininit.exe => MD5 is legit[/FONT]

[FONT=Calibri]C:\Windows\System32\svchost.exe => MD5 is legit[/FONT]

[FONT=Calibri]C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.[/FONT]

[FONT=Calibri]C:\Windows\System32\User32.dll => MD5 is legit[/FONT]

[FONT=Calibri]C:\Windows\System32\userinit.exe => MD5 is legit[/FONT]

[FONT=Calibri]C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]==================== EXE ASSOCIATION =====================[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]HKLM\...\.exe: exefile => OK[/FONT]

[FONT=Calibri]HKLM\...\exefile\DefaultIcon: %1 => OK[/FONT]

[FONT=Calibri]HKLM\...\exefile\open\command: "%1" %* => OK[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]========================= Memory info ====================== [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Percentage of memory in use: 13%[/FONT]

[FONT=Calibri]Total physical RAM: 3062.04 MB[/FONT]

[FONT=Calibri]Available physical RAM: 2639.39 MB[/FONT]

[FONT=Calibri]Total Pagefile: 3060.33 MB[/FONT]

[FONT=Calibri]Available Pagefile: 2639.34 MB[/FONT]

[FONT=Calibri]Total Virtual: 2047.88 MB[/FONT]

[FONT=Calibri]Available Virtual: 1956.68 MB[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]======================= Partitions =========================[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]1 Drive c: (New Volume) (Fixed) (Total:232.88 GB) (Free:140.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)][/FONT]

[FONT=Calibri]3 Drive e: (AV) (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT[/FONT]

[FONT=Calibri]4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] Disk ### Status Size Free Dyn Gpt[/FONT]

[FONT=Calibri] -------- ------------- ------- ------- --- ---[/FONT]

[FONT=Calibri] Disk 0 Online 232 GB 0 B [/FONT]

[FONT=Calibri] Disk 1 Online 981 MB 0 B [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Partitions of Disk 0:[/FONT]

[FONT=Calibri]===============[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] Partition ### Type Size Offset[/FONT]

[FONT=Calibri] ------------- ---------------- ------- -------[/FONT]

[FONT=Calibri] Partition 1 Primary 232 GB 1024 KB[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]==================================================================================[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Disk: 0[/FONT]

[FONT=Calibri]Partition 1[/FONT]

[FONT=Calibri]Type : 07[/FONT]

[FONT=Calibri]Hidden: No[/FONT]

[FONT=Calibri]Active: Yes[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] Volume ### Ltr Label Fs Type Size Status Info[/FONT]

[FONT=Calibri] ---------- --- ----------- ----- ---------- ------- --------- --------[/FONT]

[FONT=Calibri]* Volume 1 C New Volume NTFS Partition 232 GB Healthy [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]==================================================================================[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Partitions of Disk 1:[/FONT]

[FONT=Calibri]===============[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] Partition ### Type Size Offset[/FONT]

[FONT=Calibri] ------------- ---------------- ------- -------[/FONT]

[FONT=Calibri] Partition 1 Primary 980 MB 31 KB[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]==================================================================================[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Disk: 1[/FONT]

[FONT=Calibri]Partition 1[/FONT]

[FONT=Calibri]Type : 06[/FONT]

[FONT=Calibri]Hidden: No[/FONT]

[FONT=Calibri]Active: Yes[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri] Volume ### Ltr Label Fs Type Size Status Info[/FONT]

[FONT=Calibri] ---------- --- ----------- ----- ---------- ------- --------- --------[/FONT]

[FONT=Calibri]* Volume 2 E AV FAT Removable 980 MB Healthy [/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]==================================================================================[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]==========================================================[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]Last Boot: 2012-07-18 17:44[/FONT]

[FONT=Calibri] [/FONT]

[FONT=Calibri]======================= End Of Log ==========================[/FONT]
 
Here is my Services.txt file, I'm assuming you will ask for it since that seems to be the trend in similar posts.

Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-24 09:44:28
Running from E:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-13 09:50] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
=== End Of Search ===
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    650 bytes · Views: 5
ComboFix 12-07-25.04 - KWright 07/24/2012 12:57:09.1.2 - x86
Running from: c:\users\KWright\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KWright\AppData\Roaming\Start
c:\users\KWright\AppData\Roaming\Start\temp_20E5ACDA\flash.10.0.32.18.ocx
c:\users\KWright\AppData\Roaming\Start\temp_20E5ACDA\ScreenCapture.mfx
c:\users\KWright\Documents\R166243.zip
c:\windows\system32\odbcad32.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
.
.
2012-07-24 17:31 . 2012-07-24 17:31 -------- d-----w- C:\FRST
2012-07-24 13:14 . 2012-07-24 16:30 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F2F95EC-98A7-490E-9994-81A1045AE337}\offreg.dll
2012-07-24 13:11 . 2012-02-09 18:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{125B55BF-0056-4630-800F-1465A7E451E7}\gapaengine.dll
2012-07-24 13:11 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F2F95EC-98A7-490E-9994-81A1045AE337}\mpengine.dll
2012-07-23 20:55 . 2012-07-24 16:49 -------- d-----w- c:\windows\Microsoft Antimalware
2012-07-23 17:18 . 2012-07-23 17:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-23 10:23 . 2012-07-23 12:27 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-21 19:40 . 2012-07-21 19:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-19 00:28 . 2012-07-19 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 00:28 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 22:13 . 2012-07-11 22:13 -------- d-----w- c:\users\KWright\AppData\Roaming\GetRightToGo
2012-07-11 15:35 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 00:57 . 2012-07-03 00:57 -------- d-----w- c:\users\KWright\AppData\Roaming\Sony
2012-07-03 00:56 . 2012-07-03 00:56 -------- d-----w- c:\program files\Sony
2012-07-03 00:54 . 2012-07-03 00:54 -------- d-----w- c:\program files\Sony Setup
2012-06-24 21:17 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 21:17 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 21:17 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 21:17 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 21:17 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 21:17 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 21:17 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 21:17 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 21:17 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 01:32 . 2012-06-06 01:32 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-06 01:32 . 2012-02-29 00:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 04:44 . 2012-06-13 15:08 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 15:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 15:08 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 15:08 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 15:08 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DLCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2007-01-30 431600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\KWright\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 22:28]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-05 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 71.243.0.12 68.237.161.12
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-Wdf01000.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:35,26,95,0d,26,40,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\dlcccoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-07-24 13:14:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-24 17:14
.
Pre-Run: 150,379,212,800 bytes free
Post-Run: 150,069,145,600 bytes free
.
- - End Of File - - 21CDE0FDAC3CD3DFC760F78E9ADAE512
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-24 12:19:39 Run:1
Running from E:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\System32\Drivers\ihotufes.sys moved successfully.
C:\Windows\System32\Drivers\xiksufkh.sys moved successfully.
C:\Windows\Installer\{58373e3b-29d5-06fe-70c4-fd025b02dadc} moved successfully.
C:\Users\KWright\AppData\Local\{58373e3b-29d5-06fe-70c4-fd025b02dadc} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
 
Very well :)

Any current issues?

===========================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Everything appears to be ok so far, didn't want to go any further without hearing back from you. I will post my scan results after I run them. Thank you again for your help, unbelieveable how great of a job you do for free!
 
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.24.11
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
KWright :: KWRIGHT-PC [administrator]
Protection: Enabled
7/24/2012 3:26:57 PM
mbam-log-2012-07-24 (15-34-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184570
Time elapsed: 6 minute(s), 1 second(s)
Memory Processes Detected: 1
E:\Malwarebytes Anti-Malware v1.61.0.1400\KEY\OMFGWTFBBQ.exe (Dont.Steal.Our.Software) -> 3420 -> No action taken.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
E:\Malwarebytes Anti-Malware v1.61.0.1400\KEY\OMFGWTFBBQ.exe (Dont.Steal.Our.Software) -> No action taken.
(end)
 
Your MBAM log says "No action taken".
Re-run it, FIX all issues and post new log.
 
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.24.11
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
KWright :: KWRIGHT-PC [administrator]
Protection: Enabled
7/24/2012 3:46:15 PM
mbam-log-2012-07-24 (15-46-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186162
Time elapsed: 4 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
OTL logfile created on: 7/24/2012 3:36:28 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\KWright\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.26% Memory free
5.98 Gb Paging File | 4.50 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 139.71 Gb Free Space | 59.99% Space Free | Partition Type: NTFS

Computer Name: KWRIGHT-PC | User Name: KWright | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 15:31:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\KWright\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/04/05 17:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 14:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/05/09 18:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/01/30 02:34:30 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlcccoms.exe
PRC - [2007/01/30 02:34:16 | 000,431,600 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 13:03:08 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/05/15 10:01:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/15 09:41:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/15 09:41:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/12/08 15:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2007/01/22 02:24:50 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccfg.dll
MOD - [2005/12/13 14:52:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlccdrec.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/28 16:56:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/30 02:34:30 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcccoms.exe -- (dlcc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\KWright\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 17:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/17 17:53:38 | 000,080,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2007/10/10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 1B B5 77 6C F6 CC 01 [binary data]
IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\..\SearchScopes\{05FA4074-DC55-414D-A305-7525346CA094}: "URL" = http://isearch.avg.com/search?cid={...37f4c7380b4&lang=en&ds=AVG&pr=fr&d=2012-06-06 22:21:41&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\..\SearchScopes\{4E912CC3-1B30-439A-8ACE-D7D050822B27}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://www.bing.com/search?FORM=UP09DF&PC=UP09&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2012/07/24 13:09:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2132209386-2144939819-225470482-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2132209386-2144939819-225470482-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.243.0.12 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18719D09-9E23-44DC-963C-A1847CFD3FFD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC5FECB5-F75E-4B6D-AFF2-21C5AEB4015F}: DhcpNameServer = 71.243.0.12 68.237.161.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 15:31:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\KWright\Desktop\OTL.exe
[2012/07/24 13:31:21 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/24 13:09:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/24 13:05:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/24 13:05:30 | 000,000,000 | ---D | C] -- C:\Users\KWright\AppData\Local\temp
[2012/07/24 12:55:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/24 12:55:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/24 12:55:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/24 12:55:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/24 12:55:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/24 12:39:26 | 004,584,441 | R--- | C] (Swearware) -- C:\Users\KWright\Desktop\ComboFix.exe
[2012/07/23 16:55:48 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/07/23 13:18:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/23 06:23:10 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/07/21 15:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/18 20:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/18 20:28:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/18 20:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/11 18:13:25 | 000,000,000 | ---D | C] -- C:\Users\KWright\Desktop\Downloads
[2012/07/11 18:13:13 | 000,000,000 | ---D | C] -- C:\Users\KWright\AppData\Roaming\GetRightToGo
[2012/07/02 20:57:55 | 000,000,000 | ---D | C] -- C:\Users\KWright\AppData\Roaming\Sony
[2012/07/02 20:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/07/02 20:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2012/07/02 20:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/24 15:31:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\KWright\Desktop\OTL.exe
[2012/07/24 15:26:52 | 000,629,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/24 15:26:52 | 000,108,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/24 14:44:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 13:19:40 | 000,021,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 13:19:40 | 000,021,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 13:10:48 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/24 13:09:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/24 13:09:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 13:09:13 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/24 12:39:26 | 004,584,441 | R--- | M] (Swearware) -- C:\Users\KWright\Desktop\ComboFix.exe
[2012/07/21 15:41:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/18 20:28:42 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 16:31:12 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/02 21:19:03 | 000,549,541 | ---- | M] () -- C:\Users\KWright\Desktop\OldForge2012 009.JPG
[2012/07/02 21:15:22 | 000,469,629 | ---- | M] () -- C:\Users\KWright\Desktop\Disney Vacation May, 7-14th 2012 004.JPG
[2012/07/02 21:07:22 | 000,143,138 | ---- | M] () -- C:\Users\KWright\Desktop\Fathers Day 2012 021.JPG
[2012/07/02 20:56:13 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Photo Go 1.0.lnk
[2012/07/02 20:45:28 | 001,618,363 | ---- | M] () -- C:\Users\KWright\Desktop\35659020002.jpg
[2012/07/02 20:45:25 | 001,356,194 | ---- | M] () -- C:\Users\KWright\Desktop\35659020001.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/24 12:55:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/24 12:55:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/24 12:55:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/24 12:55:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/24 12:55:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/21 15:40:54 | 000,001,925 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/18 20:28:42 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/02 21:19:03 | 000,549,541 | ---- | C] () -- C:\Users\KWright\Desktop\OldForge2012 009.JPG
[2012/07/02 21:15:21 | 000,469,629 | ---- | C] () -- C:\Users\KWright\Desktop\Disney Vacation May, 7-14th 2012 004.JPG
[2012/07/02 21:07:22 | 000,143,138 | ---- | C] () -- C:\Users\KWright\Desktop\Fathers Day 2012 021.JPG
[2012/07/02 20:56:13 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Photo Go 1.0.lnk
[2012/06/08 22:55:53 | 000,034,764 | ---- | C] () -- C:\Users\KWright\AppData\Local\dt.dat
[2012/03/11 21:08:30 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlccinpa.dll
[2012/03/11 21:08:30 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcciesc.dll
[2012/03/11 21:08:30 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcchcp.dll
[2012/03/11 21:08:30 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlccinst.dll
[2012/03/11 21:08:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlccserv.dll
[2012/03/11 21:08:29 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlccusb1.dll
[2012/03/11 21:08:29 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlccutil.dll
[2012/03/11 21:08:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlccprox.dll
[2012/03/11 21:08:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlccpplc.dll
[2012/03/11 21:08:28 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcchbn3.dll
[2012/03/11 21:08:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlccpmui.dll
[2012/03/11 21:08:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcclmpm.dll
[2012/03/11 21:08:28 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlccih.exe
[2012/03/11 21:08:28 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlccinsb.dll
[2012/03/11 21:08:28 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlccins.dll
[2012/03/11 21:08:28 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlccjswr.dll
[2012/03/11 21:08:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlccinsr.dll
[2012/03/11 21:08:27 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlcccoms.exe
[2012/03/11 21:08:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcccomm.dll
[2012/03/11 21:08:27 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcccub.dll
[2012/03/11 21:08:27 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcccu.dll
[2012/03/11 21:08:27 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcccur.dll
[2012/03/11 21:08:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcccomc.dll
[2012/03/11 21:08:26 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlcccfg.exe
[2012/03/11 21:08:26 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlcccfg.dll
[2012/03/03 18:40:36 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2012/03/03 18:40:36 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2012/03/03 18:40:06 | 000,241,664 | ---- | C] () -- C:\Windows\System32\Image32.dll
[2012/03/03 18:40:06 | 000,122,880 | ---- | C] () -- C:\Windows\System32\Png32.dll
[2012/03/03 18:40:06 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Jpeg32.dll
[2012/03/03 18:40:06 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Tga32.dll
[2012/03/03 18:40:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Pcx32.dll
[2012/03/03 18:40:06 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Twscan32.dll
[2012/02/28 20:25:19 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2012/02/28 20:25:17 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2012/02/28 17:14:25 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== LOP Check ==========

[2012/07/11 18:13:13 | 000,000,000 | ---D | M] -- C:\Users\KWright\AppData\Roaming\GetRightToGo
[2012/07/02 20:57:55 | 000,000,000 | ---D | M] -- C:\Users\KWright\AppData\Roaming\Sony
[2012/06/27 07:14:27 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
 
OTL Extras logfile created on: 7/24/2012 3:36:28 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\KWright\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.26% Memory free
5.98 Gb Paging File | 4.50 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 139.71 Gb Free Space | 59.99% Space Free | Partition Type: NTFS

Computer Name: KWRIGHT-PC | User Name: KWright | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{158C0B1D-B593-4779-B17A-5641B6C94F33}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E817F164-E8E7-41CE-9A83-7E52A4ACD0EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DFAE7FE-677A-4158-9C08-231D7C12DA35}" = OneTouch Zoom Pro v5.0
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B18C4F32-5CDD-4357-8523-85659CFCF2A0}" = Meter Drivers for OneTouch(R) Software
"{B28470A5-F73F-432C-8066-05BA652AA5D1}" = Meter Drivers for OneTouch(R) Software
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{D6160F37-7638-4E56-9774-F3C88F30A4A9}" = Msxml4 for LDCF
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E3BE5DF1-0D65-4774-904E-0192ABF29AF9}" = Sony Photo Go 1.0b
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{B18C4F32-5CDD-4357-8523-85659CFCF2A0}" = Meter Drivers for OneTouch(R) Software v1.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"TVWiz" = Intel(R) TV Wizard

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2012 12:31:46 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
Description =

Error - 7/23/2012 12:32:44 PM | Computer Name = KWright-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.
System
Error: The RPC server is unavailable. .

Error - 7/23/2012 1:13:20 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
Description =

Error - 7/23/2012 1:16:44 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
Description =

Error - 7/23/2012 1:19:37 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
Description =

Error - 7/23/2012 1:34:06 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
Description =

Error - 7/24/2012 9:09:52 AM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
Description =

Error - 7/24/2012 9:23:16 AM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
Description =

Error - 7/24/2012 12:30:38 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 28
Description =

Error - 7/24/2012 1:11:16 PM | Computer Name = KWright-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 4/20/2012 7:33:44 AM | Computer Name = KWright-PC | Source = WLAN-Tray | ID = 0
Description = 07:33:41, Fri, Apr 20, 12 Error - Unable to gain access to user store

Error - 7/1/2012 12:23:09 AM | Computer Name = KWright-PC | Source = WLAN-Tray | ID = 0
Description = 00:23:05, Sun, Jul 01, 12 Error - Unable to gain access to user store

Error - 7/1/2012 10:06:59 AM | Computer Name = KWright-PC | Source = WLAN-Tray | ID = 0
Description = 10:06:56, Sun, Jul 01, 12 Error - Unable to gain access to user store

Error - 7/9/2012 9:02:47 PM | Computer Name = KWright-PC | Source = WLAN-Tray | ID = 0
Description = 21:02:45, Mon, Jul 09, 12 Error - Unable to gain access to user store

[ System Events ]
Error - 5/31/2012 9:49:04 PM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7000
Description = The BCM42RLY service failed to start due to the following error: %%2

Error - 5/31/2012 9:49:09 PM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 5/31/2012 9:49:09 PM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 6/1/2012 8:25:43 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 6/1/2012 8:25:46 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7000
Description = The BCM42RLY service failed to start due to the following error: %%2

Error - 6/1/2012 8:25:46 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7000
Description = The BCM42RLY service failed to start due to the following error: %%2

Error - 6/1/2012 8:25:49 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7000
Description = The BCM42RLY service failed to start due to the following error: %%2

Error - 6/1/2012 8:25:49 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7000
Description = The BCM42RLY service failed to start due to the following error: %%2

Error - 6/1/2012 8:25:54 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 6/1/2012 8:25:54 AM | Computer Name = KWright-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891


< End of report >
 
OTL logs are clean :)

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
 
Farbar Service Scanner Version: 22-07-2012
Ran by KWright (administrator) on 24-07-2012 at 16:13:43
Running from "C:\Users\KWright\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RJFNUI9"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle

Latest posts

Back