TechSpot

Need Help: The specified service does not exist as an installed service virus

Inactive
By shaddad
Aug 15, 2012
Topic Status:
Not open for further replies.
  1. My sick laptop runs Windows vista Business and Macafee Anti virus and spyware.
    Two days ago after I did a restart to my system I got this problem.
    Now all drivers do not working.
    I run a Combofix and I got the below log report.
    Please, I need your help.
    Thank you.

    ComboFix 12-08-13.01 - Robles 08/15/2012 8:42.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3066.2581 [GMT -5:00]
    Running from: c:\users\Robles\Desktop\New\ComboFix03.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-15 13:48 . 2012-08-15 13:48 -------- d-----w- c:\users\Srice\AppData\Local\temp
    2012-08-15 13:48 . 2012-08-15 13:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-08-15 13:48 . 2012-08-15 13:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-14 22:33 . 2012-08-15 13:48 -------- d-----w- c:\users\Robles\AppData\Local\temp
    2012-08-14 22:23 . 2012-08-14 22:33 -------- d-----w- C:\ComboFix03
    2012-08-14 22:17 . 2012-08-14 22:17 -------- d-----w- c:\users\Robles\AppData\Local\Adobe
    2012-08-14 22:00 . 2009-07-23 06:13 306 ----a-w- c:\windows\myClean.bat
    2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\users\Robles\AppData\Roaming\PC Utility Kit
    2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\users\Robles\AppData\Roaming\DriverCure
    2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\programdata\PC Utility Kit
    2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\program files\PC Utility Kit
    2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\program files\Common Files\PC Utility Kit
    2012-08-14 21:31 . 2012-08-14 21:31 -------- d-----w- c:\programdata\ErrorEND
    2012-08-14 21:31 . 2012-08-14 21:31 -------- d-----w- c:\program files\ErrorEND
    2012-08-13 15:49 . 2012-08-13 15:49 -------- d-----w- C:\~ROXTMP
    2012-08-13 15:42 . 2012-08-13 15:42 -------- d-----w- c:\users\Robles\AppData\Local\Roxio
    2012-08-09 21:04 . 2012-08-09 21:04 -------- d--h--w- c:\programdata\CanonIJEGV
    2012-08-09 21:03 . 2012-08-09 21:03 -------- d-----w- c:\program files\Canon
    2012-08-09 13:32 . 2012-08-09 13:32 -------- d-----w- c:\users\Srice\AppData\Roaming\PeerNetworking
    2012-08-09 13:13 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-08-09 13:10 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-07-25 17:41 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-25 17:41 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-25 17:41 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-25 17:41 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-25 17:41 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-25 17:41 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-25 17:30 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-07-25 17:30 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-07-25 17:30 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-07-25 17:30 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-07-25 17:29 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-07-25 17:29 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-07-25 17:29 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-07-25 17:29 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-07-25 17:29 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-14 22:14 . 2011-11-19 01:16 17920 ----a-w- c:\windows\system32\rpcnetp.exe
    2012-08-14 22:14 . 2011-11-19 00:01 58288 ----a-w- c:\windows\system32\rpcnet.dll
    2012-08-09 20:09 . 2011-11-19 01:18 17920 ----a-w- c:\windows\system32\rpcnetp.dll
    2012-08-09 19:51 . 2012-05-15 17:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-09 19:51 . 2011-11-19 00:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
    2011-11-21 04:04 . 2011-12-06 04:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-18 13597216]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-18 92704]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-10-18 96800]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483420]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-04-30 3888640]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Monitor.exe"="c:\program files\LinksysOne\LinksysOne Surveillance Utility\Monitor.exe" [2008-02-05 2080768]
    "Recorder.exe"="c:\program files\LinksysOne\LinksysOne Surveillance Utility\Recorder.exe" [2008-09-11 409600]
    "IndexSearch"="c:\program files\Dell Printers\paperport\PaperPort\IndexSearch.exe" [2010-03-17 46368]
    "PaperPort PTD"="c:\program files\Dell Printers\paperport\PaperPort\pptd40nt.exe" [2010-03-17 29984]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunMVSMyClean"="c:\windows\myclean.bat" [2009-07-23 306]
    "AppRemover2"="wscript.exe" [2009-04-11 155648]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^Users^Robles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Robles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
    2010-06-01 17:03 886152 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLQLU]
    2010-06-01 17:03 1127744 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLUPDR]
    2010-06-01 17:03 566680 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2010-03-17 06:30 46368 ----a-w- c:\program files\Dell Printers\paperport\PaperPort\IndexSearch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2010-03-17 06:33 29984 ----a-w- c:\program files\Dell Printers\paperport\PaperPort\pptd40nt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
    2010-03-06 01:11 62752 ----a-w- c:\program files\Dell Printers\paperport\PDFViewer\RegistryController.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
    2010-03-06 01:11 636192 ----a-w- c:\program files\Dell Printers\paperport\PDFViewer\pdfPro5Hook.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rohos]
    2011-11-23 18:45 809272 ----a-w- c:\program files\Rohos\agent.exe
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\aestsrv.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bthsvcs REG_MULTI_SZ BthServ
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 19:51]
    .
    2012-08-14 c:\windows\Tasks\ErrorEND.job
    - c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
    .
    2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 22:58]
    .
    2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 22:58]
    .
    2012-08-14 c:\windows\Tasks\PC Utility Kit Registration3.job
    - c:\program files\Common Files\PC Utility Kit\UUS3\UUS3.dll [2012-03-27 19:30]
    .
    2012-08-14 c:\windows\Tasks\PC Utility Kit Update3.job
    - c:\program files\Common Files\PC Utility Kit\UUS3\Update3.exe [2012-03-27 19:30]
    .
    2012-08-14 c:\windows\Tasks\PC Utility Kit.job
    - c:\program files\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2012-04-10 21:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {{605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files\CADE Pro 2.20.3\Web\new.htm
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    TCP: DhcpNameServer = 68.94.156.1
    FF - ProfilePath - c:\users\Robles\AppData\Roaming\Mozilla\Firefox\Profiles\330f1inw.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-15 08:48
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1620)
    c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\BCMWLCPL.CPL
    .
    Completion time: 2012-08-15 08:49:58
    ComboFix-quarantined-files.txt 2012-08-15 13:49
    ComboFix2.txt 2012-08-14 22:33
    .
    Pre-Run: 53,475,725,312 bytes free
    Post-Run: 53,435,576,320 bytes free
    .
    - - End Of File - - 966D5A0B35E410A2DF8A26221BA60D1C
     
  2. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================

    Never run Combofix on your own!

    ===========================================

    You need to provide more details about your computer issues.

    Then...

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  3. shaddad

    shaddad TS Rookie Topic Starter

    Thank you Broni for your response,

    First, I will talk about how the problem was happen.
    I am a new employee in one company. In Aug 09th, 2012, my boss gave me this laptop and it was for former employee.

    The password was unknown; I used an application to restore the password. After that, the laptop was working without any problems. Day after, I opened MS office outlook and a message appeared and it was content the old user email and his password. I entered my email and password.

    After minutes MacAfee started show me a notification and the laptop started to be slow. After that I restart the laptop and the problem began.

    Now, I can’t run any application in normal mode. For this reason I did the all steps in safe mode. Also, I am using safe mode with networking but still there are not internet.

    Thank you,
    ------------------------------------------------ mbam-log ----------------------------------------------------------
    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.03.05
    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Robles :: FCS-MIS [administrator]

    Protection: Disabled
    8/16/2012 8:48:28 AM
    mbam-log-2012-08-16 (08-48-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 250522
    Time elapsed: 3 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ----------------------------------------------------------------- gmer-log --------------------------------------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-16 10:38:31
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250424ASG rev.DEC6
    Running: 02.c4kzgkkt.exe; Driver: C:\Users\Robles\AppData\Local\Temp\axrdypog.sys



    ---- User IAT/EAT - GMER 1.0.15 ----
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DF7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E3B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DFBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DEF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DF75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DEE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E273F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73DFDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DEFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DEFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DE71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E7CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E1C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DE6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DE687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DF2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cae3c56
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cae3c56@9027e442d6e6 0x5C 0x1D 0x82 0x72 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00242cae3c56 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00242cae3c56@9027e442d6e6 0x5C 0x1D 0x82 0x72 ...
    ---- EOF - GMER 1.0.15 ----

     
  4. shaddad

    shaddad TS Rookie Topic Starter

    _____________________________________________- dds log _______________________________________________

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 9.0.8112.16421
    Run by Robles at 10:43:31 on 2012-08-16
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3066.2168 [GMT -5:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\dell printers\paperport\pdfviewer\bin\PlusIEContextMenu.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
    mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Monitor.exe] c:\program files\linksysone\linksysone surveillance utility\Monitor.exe
    mRun: [Recorder.exe] c:\program files\linksysone\linksysone surveillance utility\Recorder.exe
    mRun: [IndexSearch] "c:\program files\dell printers\paperport\paperport\IndexSearch.exe"
    mRun: [PaperPort PTD] "c:\program files\dell printers\paperport\paperport\pptd40nt.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [RunMVSMyClean] "c:\windows\system32\cmd.exe" /c "c:\windows\myclean.bat c:\progra~1\mcafee\manage~1 c:\progra~1\McAfee"
    mRunOnce: [AppRemover2] wscript.exe "c:\users\robles\appdata\local\temp\openURL.vbs"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files\cade pro 2.20.3\web\new.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
    TCP: DhcpNameServer = 68.94.156.1
    TCP: Interfaces\{4D0AF965-62C6-4DDC-AB41-38F7C0624891} : DhcpNameServer = 68.94.156.1
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\robles\appdata\roaming\mozilla\firefox\profiles\330f1inw.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-11-18 14448]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-2-22 64912]
    R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2010-6-9 39736]
    S1 cyphxdrv;cyphxdrv;c:\windows\system32\drivers\cyphxdrv.sys [2012-1-5 99608]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ec3a90dd\AEstSrv.exe [2011-11-18 81920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 cypherixservice;Cypherix service;c:\windows\system32\cypherixsrv.exe [2012-1-5 1043224]
    S2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2011-4-10 5240168]
    S2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2011-11-18 226696]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-19 136176]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-16 655944]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\dell printers\paperport\paperport\PDFProFiltSrvPP.exe [2010-3-17 144672]
    S2 RHDISK;RHDISK;c:\program files\rohos\rhdisk.sys [2012-1-5 33280]
    S2 Rohos Disk;Rohos Disk service;c:\program files\rohos\agent.exe [2012-1-5 809272]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-15 250056]
    S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_5.6.31854.0.sys [2011-4-10 21888]
    S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-11-18 182896]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-19 136176]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-16 22344]
    S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2007-3-5 7424]
    S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 235840]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-08-16 13:47:35 -------- d-----w- c:\users\robles\appdata\roaming\Malwarebytes
    2012-08-16 13:47:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-16 13:47:26 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-16 13:47:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-15 13:50:00 -------- d-----w- c:\users\robles\appdata\local\temp
    2012-08-15 13:49:40 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-08-15 13:40:44 -------- d-----w- C:\ComboFix032215C
    2012-08-14 22:23:09 98816 ----a-w- c:\windows\sed.exe
    2012-08-14 22:23:09 518144 ----a-w- c:\windows\SWREG.exe
    2012-08-14 22:23:09 256000 ----a-w- c:\windows\PEV.exe
    2012-08-14 22:23:09 208896 ----a-w- c:\windows\MBR.exe
    2012-08-14 22:23:01 -------- d-----w- C:\ComboFix03
    2012-08-14 22:17:30 -------- d-----w- c:\users\robles\appdata\local\Adobe
    2012-08-14 22:00:15 306 ----a-w- c:\windows\myClean.bat
    2012-08-14 21:37:51 -------- d-----w- c:\users\robles\appdata\roaming\PC Utility Kit
    2012-08-14 21:37:51 -------- d-----w- c:\users\robles\appdata\roaming\DriverCure
    2012-08-14 21:37:45 -------- d-----w- c:\programdata\PC Utility Kit
    2012-08-14 21:37:45 -------- d-----w- c:\program files\PC Utility Kit
    2012-08-14 21:37:45 -------- d-----w- c:\program files\common files\PC Utility Kit
    2012-08-14 21:31:26 -------- d-----w- c:\programdata\ErrorEND
    2012-08-14 21:31:20 -------- d-----w- c:\program files\ErrorEND
    2012-08-13 15:49:07 -------- d-----w- C:\~ROXTMP
    2012-08-13 15:42:31 -------- d-----w- c:\users\robles\appdata\local\Roxio
    2012-08-09 21:04:05 -------- d--h--w- c:\programdata\CanonIJEGV
    2012-08-09 21:03:46 -------- d-----w- c:\program files\Canon
    2012-08-09 13:13:38 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-08-09 13:10:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-07-25 17:41:49 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-07-25 17:41:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-25 17:41:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-25 17:41:41 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-25 17:41:41 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-25 17:41:40 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-25 17:30:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-07-25 17:29:58 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-07-25 17:29:43 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-07-25 17:29:43 171904 ----a-w- c:\windows\system32\wuwebv.dll
    .
    ==================== Find3M ====================
    .
    2012-08-16 13:25:57 17920 ----a-w- c:\windows\system32\rpcnetp.exe
    2012-08-16 13:25:55 58288 ----a-w- c:\windows\system32\rpcnet.dll
    2012-08-09 20:09:41 17920 ----a-w- c:\windows\system32\rpcnetp.dll
    2012-08-09 19:51:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-09 19:51:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-25 21:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    .
    ============= FINISH: 10:43:54.48 ===============
     
  5. shaddad

    shaddad TS Rookie Topic Starter

    ___________________________________________ Attach log _________________________________________________

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/18/2011 7:21:05 PM
    System Uptime: 8/16/2012 8:44:41 AM (2 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | U2E1 | 2394/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 116 GiB total, 51.968 GiB free.
    D: is FIXED (NTFS) - 116 GiB total, 93.527 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP116: 5/22/2012 1:35:47 PM - Scheduled Checkpoint
    RP117: 6/4/2012 4:18:42 PM - Windows Update
    RP118: 6/7/2012 11:11:18 AM - Scheduled Checkpoint
    RP120: 6/11/2012 9:25:44 AM - Scheduled Checkpoint
    RP121: 6/12/2012 10:47:36 AM - Installed CADE Pro 2.20.3
    RP122: 6/20/2012 11:46:44 AM - Windows Update
    RP123: 7/25/2012 12:28:52 PM - Windows Update
    RP124: 7/31/2012 3:46:42 PM - Device Driver Package Install: McAfee, Inc. Network Service
    RP125: 8/9/2012 8:07:20 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Community Help
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS5.1
    Adobe Reader X (10.1.2)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe XMP Panels CS4
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    BufferChm
    CADE Pro 2.20.3
    Canon MP480 series MP Drivers
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Cisco Video Monitoring System 1.2.0
    Connect
    Cypherix LE
    Dell 2155 Color MFP Address Book Editor Ver.1.0.2.0
    Dell 2155 Color MFP ScanButton Manager Ver.1.0.0.0
    Dell 2155 Color MFP Scanner Driver
    Dell 5530 Wireless Broadband Package
    Dell Printer Software
    Dell Wireless WLAN Card Utility
    Destinations
    DisplayLink Core Software
    DisplayLink Graphics
    DMMultiView
    DocProc
    Dropbox
    ErrorEND
    FileZilla Client 3.5.3
    Free Mp3 Wma Converter V 2.1
    GeoVision AAC
    GeoVision ADPCM
    GeoVision H264
    GeoVision JPEG
    GeoVision MJPG
    GeoVision MPEG4
    GeoVision MPEG4 ASP
    GeoVision MPEG4 AVC
    GeoVision MXPG
    Google Earth Plug-in
    Google Update Helper
    GPBaseService2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Imaging Device Functions 13.0
    HP Photosmart Essential 3.5
    HP Scanjet Series
    HP Solution Center 13.0
    HP Update
    hpg8270
    HPPhotosmartEssential
    HPProductAssistant
    IDT Audio
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    kuler
    Laptop Integrated Webcam Driver (1.01.01.0529)
    LinksysOne Surveillance Utility
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Network Monitor 3.4
    Microsoft Network Monitor: NetworkMonitor Parsers 3.4
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft System Center 2012 Configuration Manager Console
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 8.0.1 (x86 en-US)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    Nuance PaperPort 12
    Nuance PDF Viewer Plus
    NVIDIA Drivers
    OCR Software by I.R.I.S. 13.0
    PaperPort Image Printer
    PC Utility Kit
    PDF Settings CS5
    Photoshop Camera Raw
    QuickTime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Rohos Mini Drive 1.9
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    Scansoft PDF Professional
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.5
    SolutionCenter
    Sonic CinePlayer Decoder Pack
    Suite Shared Configuration CS4
    swMSM
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual C++ 8.0 x86 Runtime Setup Package
    WatchGuard Fireware XTM OS for XTM 8-Series 11.4.2
    WatchGuard System Manager 11.3.1
    WebReg
    WIDCOMM Bluetooth Software 6.0.1.3100
    X264
    XVID
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/16/2012 8:53:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/16/2012 8:47:33 AM, Error: Microsoft-Windows-TBS [16392] - An error occurred while starting the TBS. The error code was 0x8007000d.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cyphxdrv spldr Wanarpv6
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Tablet PC Input Service service depends the following service: PlugPlay. This service might not be installed.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: Netman. This service might not be installed.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The DisplayLinkManager service depends the following service: PlugPlay. This service might not be installed.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    8/16/2012 8:46:42 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 8:46:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    8/16/2012 8:46:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/16/2012 8:45:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/16/2012 8:31:22 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    8/16/2012 8:27:26 AM, Error: Service Control Manager [7022] - The Human Interface Device Access service hung on starting.
    8/16/2012 8:27:02 AM, Error: Service Control Manager [7024] - The ReadyBoost service terminated with service-specific error 0 (0x0).
    8/16/2012 8:27:02 AM, Error: Service Control Manager [7023] - The WebClient service terminated with the following error: The system cannot find the file specified.
    8/16/2012 8:27:02 AM, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found.
    8/16/2012 8:27:02 AM, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The system cannot find the file specified.
    8/16/2012 8:27:02 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: Operation aborted
    8/16/2012 8:27:02 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    8/16/2012 8:27:02 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    8/16/2012 8:27:02 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/15/2012 8:48:30 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    8/15/2012 7:59:49 AM, Error: EventLog [6008] - The previous system shutdown at 9:40:53 PM on 8/14/2012 was unexpected.
    8/14/2012 4:37:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/13/2012 9:37:35 AM, Error: volsnap [10] - The shadow copy of volume F: took too long to install.
    8/10/2012 9:10:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "3" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
    8/10/2012 1:58:35 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The system cannot find the path specified.
    8/10/2012 1:49:09 PM, Error: Service Control Manager [7000] - The Windows Connect Now - Config Registrar service failed to start due to the following error: The system cannot find the path specified.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Saying?

    What happens when you try.

    Your running Combofix on your own could have created this whole issue...
     
  7. shaddad

    shaddad TS Rookie Topic Starter

    I can't remmeber what MacAfee message was?
    When I want to run an application in normal mode I got this message (The specified service does not exist as an installed service).
    Thanks,
     
  8. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  9. shaddad

    shaddad TS Rookie Topic Starter

    Here you go ...
    Thank you

    __________________________________ RK report _________________________________________________
    RogueKiller V7.6.6 [08/10/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Safe mode with network support
    User: Robles [Admin rights]
    Mode: Scan -- Date: 08/16/2012 14:10:45
    ¤¤¤ Bad processes: 0 ¤¤¤
    ¤¤¤ Registry Entries: 7 ¤¤¤
    [SUSP PATH] HKLM\[...]\Run : OEM13Mon.exe (C:\Windows\OEM13Mon.exe) -> FOUND
    [SUSP PATH] HKLM\[...]\RunOnce : AppRemover2 (wscript.exe "C:\Users\Robles\AppData\Local\Temp\openURL.vbs") -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}\L --> FOUND
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 81cceed3d1c679276d5fae322b340a90
    [BSP] 5c953835db00e3141af93e3cc2165d2b : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 119208 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 244238336 | Size: 119217 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  10. shaddad

    shaddad TS Rookie Topic Starter

    asw report
    _____________________________________
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-16 14:15:01
    -----------------------------
    14:15:01.321 OS Version: Windows 6.0.6002 Service Pack 2
    14:15:01.321 Number of processors: 2 586 0x170A
    14:15:01.321 ComputerName: FCS-MIS UserName: Robles
    14:15:02.538 Initialize success
    14:15:10.322 AVAST engine download error: 0
    14:15:18.808 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:15:18.808 Disk 0 Vendor: ST9250424ASG DEC6 Size: 238475MB BusType: 3
    14:15:18.855 Disk 0 MBR read successfully
    14:15:18.855 Disk 0 MBR scan
    14:15:18.855 Disk 0 Windows VISTA default MBR code
    14:15:18.886 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    14:15:18.902 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119208 MB offset 96390
    14:15:18.933 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 119217 MB offset 244238336
    14:15:18.949 Disk 0 scanning sectors +488394752
    14:15:19.230 Disk 0 scanning C:\Windows\system32\drivers
    14:15:37.575 Service scanning
    14:15:55.656 Modules scanning
    14:16:01.599 Disk 0 trace - called modules:
    14:16:01.630 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
    14:16:01.630 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856191f0]
    14:16:01.630 3 CLASSPNP.SYS[8a5ad8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8551c030]
    14:16:01.630 Scan finished successfully
    14:16:19.430 Disk 0 MBR has been saved successfully to "C:\Users\Robles\Desktop\MBR.dat"
    14:16:19.430 The log file has been saved successfully to "C:\Users\Robles\Desktop\aswMBR.txt"
     
  11. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
     
  12. shaddad

    shaddad TS Rookie Topic Starter

    Thank you Broni,
    Here you go ....

    ComboFix 12-08-13.01 - Robles 08/16/2012 15:13:43.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3066.2098 [GMT -5:00]
    Running from: c:\users\Robles\Desktop\New\ComboFix03.exe
    Command switches used :: c:\users\Robles\Desktop\New\CFScript.txt
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}
    c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}\@
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-16 20:17 . 2012-08-16 20:17 -------- d-----w- c:\users\Robles\AppData\Local\temp
    2012-08-16 20:17 . 2012-08-16 20:17 -------- d-----w- c:\users\Srice\AppData\Local\temp
    2012-08-16 20:17 . 2012-08-16 20:17 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-08-16 20:17 . 2012-08-16 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-16 13:47 . 2012-08-16 13:47 -------- d-----w- c:\users\Robles\AppData\Roaming\Malwarebytes
    2012-08-16 13:47 . 2012-08-16 13:47 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-16 13:47 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-16 13:47 . 2012-08-16 13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-14 22:23 . 2012-08-14 22:33 -------- d-----w- C:\ComboFix03
    2012-08-14 22:17 . 2012-08-14 22:17 -------- d-----w- c:\users\Robles\AppData\Local\Adobe
    2012-08-14 22:00 . 2009-07-23 06:13 306 ----a-w- c:\windows\myClean.bat
    2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\users\Robles\AppData\Roaming\PC Utility Kit
    2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\users\Robles\AppData\Roaming\DriverCure
    2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\programdata\PC Utility Kit
    2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\program files\PC Utility Kit
    2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\program files\Common Files\PC Utility Kit
    2012-08-14 21:31 . 2012-08-14 21:31 -------- d-----w- c:\programdata\ErrorEND
    2012-08-14 21:31 . 2012-08-14 21:31 -------- d-----w- c:\program files\ErrorEND
    2012-08-13 15:49 . 2012-08-13 15:49 -------- d-----w- C:\~ROXTMP
    2012-08-13 15:42 . 2012-08-13 15:42 -------- d-----w- c:\users\Robles\AppData\Local\Roxio
    2012-08-09 21:04 . 2012-08-09 21:04 -------- d--h--w- c:\programdata\CanonIJEGV
    2012-08-09 21:03 . 2012-08-09 21:03 -------- d-----w- c:\program files\Canon
    2012-08-09 13:32 . 2012-08-09 13:32 -------- d-----w- c:\users\Srice\AppData\Roaming\PeerNetworking
    2012-08-09 13:13 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-08-09 13:10 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-07-25 17:41 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-25 17:41 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-25 17:41 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-25 17:41 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-25 17:41 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-25 17:41 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-25 17:30 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-07-25 17:30 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-07-25 17:30 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-07-25 17:30 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-07-25 17:29 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-07-25 17:29 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-07-25 17:29 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-07-25 17:29 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-07-25 17:29 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-16 13:25 . 2011-11-19 01:16 17920 ----a-w- c:\windows\system32\rpcnetp.exe
    2012-08-16 13:25 . 2011-11-19 00:01 58288 ----a-w- c:\windows\system32\rpcnet.dll
    2012-08-09 20:09 . 2011-11-19 01:18 17920 ----a-w- c:\windows\system32\rpcnetp.dll
    2012-08-09 19:51 . 2012-05-15 17:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-09 19:51 . 2011-11-19 00:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
    2011-11-21 04:04 . 2011-12-06 04:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-18 13597216]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-18 92704]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-10-18 96800]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483420]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-04-30 3888640]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Monitor.exe"="c:\program files\LinksysOne\LinksysOne Surveillance Utility\Monitor.exe" [2008-02-05 2080768]
    "Recorder.exe"="c:\program files\LinksysOne\LinksysOne Surveillance Utility\Recorder.exe" [2008-09-11 409600]
    "IndexSearch"="c:\program files\Dell Printers\paperport\PaperPort\IndexSearch.exe" [2010-03-17 46368]
    "PaperPort PTD"="c:\program files\Dell Printers\paperport\PaperPort\pptd40nt.exe" [2010-03-17 29984]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunMVSMyClean"="c:\windows\myclean.bat" [2009-07-23 306]
    "AppRemover2"="wscript.exe" [2009-04-11 155648]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^Users^Robles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Robles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
    2010-06-01 17:03 886152 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLQLU]
    2010-06-01 17:03 1127744 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLUPDR]
    2010-06-01 17:03 566680 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2010-03-17 06:30 46368 ----a-w- c:\program files\Dell Printers\paperport\PaperPort\IndexSearch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2010-03-17 06:33 29984 ----a-w- c:\program files\Dell Printers\paperport\PaperPort\pptd40nt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
    2010-03-06 01:11 62752 ----a-w- c:\program files\Dell Printers\paperport\PDFViewer\RegistryController.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
    2010-03-06 01:11 636192 ----a-w- c:\program files\Dell Printers\paperport\PDFViewer\pdfPro5Hook.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rohos]
    2011-11-23 18:45 809272 ----a-w- c:\program files\Rohos\agent.exe
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\aestsrv.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - AXRDYPOG
    *Deregistered* - aswMBR
    *Deregistered* - axrdypog
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bthsvcs REG_MULTI_SZ BthServ
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 19:51]
    .
    2012-08-14 c:\windows\Tasks\ErrorEND.job
    - c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
    .
    2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 22:58]
    .
    2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 22:58]
    .
    2012-08-14 c:\windows\Tasks\PC Utility Kit Registration3.job
    - c:\program files\Common Files\PC Utility Kit\UUS3\UUS3.dll [2012-03-27 19:30]
    .
    2012-08-14 c:\windows\Tasks\PC Utility Kit Update3.job
    - c:\program files\Common Files\PC Utility Kit\UUS3\Update3.exe [2012-03-27 19:30]
    .
    2012-08-14 c:\windows\Tasks\PC Utility Kit.job
    - c:\program files\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2012-04-10 21:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {{605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files\CADE Pro 2.20.3\Web\new.htm
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    TCP: DhcpNameServer = 68.94.156.1
    FF - ProfilePath - c:\users\Robles\AppData\Roaming\Mozilla\Firefox\Profiles\330f1inw.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-16 15:17
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(720)
    c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\BCMWLCPL.CPL
    .
    Completion time: 2012-08-16 15:18:14
    ComboFix-quarantined-files.txt 2012-08-16 20:18
    ComboFix2.txt 2012-08-15 13:49
    ComboFix3.txt 2012-08-14 22:33
    .
    Pre-Run: 55,768,416,256 bytes free
    Post-Run: 55,743,160,320 bytes free
    .
    - - End Of File - - 6FD4A103C8A6A9BCC890C6156AA83AFD
     
  13. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    ANY program?
     
  14. shaddad

    shaddad TS Rookie Topic Starter

    Good Morning Broni,
    I still have to same problem.
    The programs you asked me to install it is not working in the normal mode.

    Thanks,
     
  15. shaddad

    shaddad TS Rookie Topic Starter

    I can't run any program or application with (.exe) extension.
     
  16. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.
     
  17. shaddad

    shaddad TS Rookie Topic Starter

    Dear Broni,
    I restored the system to time before the problem.
    Now, everything working.
    Do I need more scans?
    Thank you,
     
  18. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    It depends how far back you went.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.