Inactive Need Help: The specified service does not exist as an installed service virus

Status
Not open for further replies.

shaddad

Posts: 11   +0
My sick laptop runs Windows vista Business and Macafee Anti virus and spyware.
Two days ago after I did a restart to my system I got this problem.
Now all drivers do not working.
I run a Combofix and I got the below log report.
Please, I need your help.
Thank you.

ComboFix 12-08-13.01 - Robles 08/15/2012 8:42.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3066.2581 [GMT -5:00]
Running from: c:\users\Robles\Desktop\New\ComboFix03.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 13:48 . 2012-08-15 13:48 -------- d-----w- c:\users\Srice\AppData\Local\temp
2012-08-15 13:48 . 2012-08-15 13:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-15 13:48 . 2012-08-15 13:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 22:33 . 2012-08-15 13:48 -------- d-----w- c:\users\Robles\AppData\Local\temp
2012-08-14 22:23 . 2012-08-14 22:33 -------- d-----w- C:\ComboFix03
2012-08-14 22:17 . 2012-08-14 22:17 -------- d-----w- c:\users\Robles\AppData\Local\Adobe
2012-08-14 22:00 . 2009-07-23 06:13 306 ----a-w- c:\windows\myClean.bat
2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\users\Robles\AppData\Roaming\PC Utility Kit
2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\users\Robles\AppData\Roaming\DriverCure
2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\programdata\PC Utility Kit
2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\program files\PC Utility Kit
2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\program files\Common Files\PC Utility Kit
2012-08-14 21:31 . 2012-08-14 21:31 -------- d-----w- c:\programdata\ErrorEND
2012-08-14 21:31 . 2012-08-14 21:31 -------- d-----w- c:\program files\ErrorEND
2012-08-13 15:49 . 2012-08-13 15:49 -------- d-----w- C:\~ROXTMP
2012-08-13 15:42 . 2012-08-13 15:42 -------- d-----w- c:\users\Robles\AppData\Local\Roxio
2012-08-09 21:04 . 2012-08-09 21:04 -------- d--h--w- c:\programdata\CanonIJEGV
2012-08-09 21:03 . 2012-08-09 21:03 -------- d-----w- c:\program files\Canon
2012-08-09 13:32 . 2012-08-09 13:32 -------- d-----w- c:\users\Srice\AppData\Roaming\PeerNetworking
2012-08-09 13:13 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-09 13:10 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-25 17:41 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-25 17:41 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-25 17:41 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-25 17:41 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-25 17:41 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-25 17:41 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-25 17:30 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-25 17:30 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-25 17:30 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-25 17:30 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-25 17:29 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-25 17:29 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-25 17:29 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-25 17:29 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-25 17:29 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 22:14 . 2011-11-19 01:16 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-14 22:14 . 2011-11-19 00:01 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-09 20:09 . 2011-11-19 01:18 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-08-09 19:51 . 2012-05-15 17:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-09 19:51 . 2011-11-19 00:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2011-11-21 04:04 . 2011-12-06 04:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-18 13597216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-18 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-10-18 96800]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483420]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-04-30 3888640]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Monitor.exe"="c:\program files\LinksysOne\LinksysOne Surveillance Utility\Monitor.exe" [2008-02-05 2080768]
"Recorder.exe"="c:\program files\LinksysOne\LinksysOne Surveillance Utility\Recorder.exe" [2008-09-11 409600]
"IndexSearch"="c:\program files\Dell Printers\paperport\PaperPort\IndexSearch.exe" [2010-03-17 46368]
"PaperPort PTD"="c:\program files\Dell Printers\paperport\PaperPort\pptd40nt.exe" [2010-03-17 29984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunMVSMyClean"="c:\windows\myclean.bat" [2009-07-23 306]
"AppRemover2"="wscript.exe" [2009-04-11 155648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Robles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Robles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
2010-06-01 17:03 886152 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLQLU]
2010-06-01 17:03 1127744 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLUPDR]
2010-06-01 17:03 566680 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-03-17 06:30 46368 ----a-w- c:\program files\Dell Printers\paperport\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-17 06:33 29984 ----a-w- c:\program files\Dell Printers\paperport\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-03-06 01:11 62752 ----a-w- c:\program files\Dell Printers\paperport\PDFViewer\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-03-06 01:11 636192 ----a-w- c:\program files\Dell Printers\paperport\PDFViewer\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rohos]
2011-11-23 18:45 809272 ----a-w- c:\program files\Rohos\agent.exe
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\aestsrv.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 19:51]
.
2012-08-14 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 22:58]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 22:58]
.
2012-08-14 c:\windows\Tasks\PC Utility Kit Registration3.job
- c:\program files\Common Files\PC Utility Kit\UUS3\UUS3.dll [2012-03-27 19:30]
.
2012-08-14 c:\windows\Tasks\PC Utility Kit Update3.job
- c:\program files\Common Files\PC Utility Kit\UUS3\Update3.exe [2012-03-27 19:30]
.
2012-08-14 c:\windows\Tasks\PC Utility Kit.job
- c:\program files\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2012-04-10 21:55]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files\CADE Pro 2.20.3\Web\new.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 68.94.156.1
FF - ProfilePath - c:\users\Robles\AppData\Roaming\Mozilla\Firefox\Profiles\330f1inw.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 08:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1620)
c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\BCMWLCPL.CPL
.
Completion time: 2012-08-15 08:49:58
ComboFix-quarantined-files.txt 2012-08-15 13:49
ComboFix2.txt 2012-08-14 22:33
.
Pre-Run: 53,475,725,312 bytes free
Post-Run: 53,435,576,320 bytes free
.
- - End Of File - - 966D5A0B35E410A2DF8A26221BA60D1C
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================

Never run Combofix on your own!

===========================================

You need to provide more details about your computer issues.

Then...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
 
[FONT=Times New Roman]Thank you Broni for your response,[/FONT]

[FONT=Times New Roman]First, I will talk about how the problem was happen.[/FONT]
[FONT=Times New Roman]I am a new employee in one company. In Aug 09th, 2012, my boss gave me this laptop and it was for former employee.[/FONT]

[FONT=Times New Roman]The password was unknown; I used an application to restore the password. After that, the laptop was working without any problems. Day after, I opened MS office outlook and a message appeared and it was content the old user email and his password. I entered my email and password.[/FONT]

[FONT=Times New Roman] After minutes MacAfee started show me a notification and the laptop started to be slow. After that I restart the laptop and the problem began.[/FONT]

[FONT=Times New Roman]Now, I can’t run any application in normal mode. For this reason I did the all steps in safe mode. Also, I am using safe mode with networking but still there are not internet.[/FONT]

[FONT=Times New Roman]Thank you,[/FONT]
[FONT=Times New Roman]------------------------------------------------ mbam-log ----------------------------------------------------------[/FONT]
[FONT=Times New Roman] Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
[/FONT]
[FONT=Times New Roman]Database version: v2012.07.03.05[/FONT]
[FONT=Times New Roman]Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Robles :: FCS-MIS [administrator]
[/FONT]
[FONT=Times New Roman]Protection: Disabled[/FONT]
[FONT=Times New Roman]8/16/2012 8:48:28 AM
mbam-log-2012-08-16 (08-48-28).txt
[/FONT]
[FONT=Times New Roman]Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250522
Time elapsed: 3 minute(s), 46 second(s)
[/FONT]
[FONT=Times New Roman]Memory Processes Detected: 0
(No malicious items detected)
[/FONT]
[FONT=Times New Roman]Memory Modules Detected: 0
(No malicious items detected)
[/FONT]
[FONT=Times New Roman]Registry Keys Detected: 0
(No malicious items detected)
[/FONT]
[FONT=Times New Roman]Registry Values Detected: 0
(No malicious items detected)
[/FONT]
[FONT=Times New Roman]Registry Data Items Detected: 0
(No malicious items detected)
[/FONT]
[FONT=Times New Roman]Folders Detected: 0
(No malicious items detected)
[/FONT]
[FONT=Times New Roman]Files Detected: 0
(No malicious items detected)
[/FONT]
[FONT=Times New Roman](end)[/FONT]
[FONT=Times New Roman][FONT=Times New Roman]----------------------------------------------------------------- gmer-log --------------------------------------------------------------------[/FONT][/FONT]

[FONT=Times New Roman][FONT=Times New Roman]GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-16 10:38:31
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250424ASG rev.DEC6
Running: 02.c4kzgkkt.exe; Driver: C:\Users\Robles\AppData\Local\Temp\axrdypog.sys
[/FONT]
[/FONT]


---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DF7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E3B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DFBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DEF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DF75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DEE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E273F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73DFDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DEFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DEFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DE71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E7CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E1C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DE6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DE687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1404] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DF2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cae3c56
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cae3c56@9027e442d6e6 0x5C 0x1D 0x82 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00242cae3c56 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00242cae3c56@9027e442d6e6 0x5C 0x1D 0x82 0x72 ...
---- EOF - GMER 1.0.15 ----

[FONT=Times New Roman][FONT=Times New Roman] [/FONT][/FONT]
 
_____________________________________________- dds log _______________________________________________

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Robles at 10:43:31 on 2012-08-16
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3066.2168 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\dell printers\paperport\pdfviewer\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Monitor.exe] c:\program files\linksysone\linksysone surveillance utility\Monitor.exe
mRun: [Recorder.exe] c:\program files\linksysone\linksysone surveillance utility\Recorder.exe
mRun: [IndexSearch] "c:\program files\dell printers\paperport\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\dell printers\paperport\paperport\pptd40nt.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [RunMVSMyClean] "c:\windows\system32\cmd.exe" /c "c:\windows\myclean.bat c:\progra~1\mcafee\manage~1 c:\progra~1\McAfee"
mRunOnce: [AppRemover2] wscript.exe "c:\users\robles\appdata\local\temp\openURL.vbs"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files\cade pro 2.20.3\web\new.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: DhcpNameServer = 68.94.156.1
TCP: Interfaces\{4D0AF965-62C6-4DDC-AB41-38F7C0624891} : DhcpNameServer = 68.94.156.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\robles\appdata\roaming\mozilla\firefox\profiles\330f1inw.default\
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-11-18 14448]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-2-22 64912]
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2010-6-9 39736]
S1 cyphxdrv;cyphxdrv;c:\windows\system32\drivers\cyphxdrv.sys [2012-1-5 99608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ec3a90dd\AEstSrv.exe [2011-11-18 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cypherixservice;Cypherix service;c:\windows\system32\cypherixsrv.exe [2012-1-5 1043224]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2011-4-10 5240168]
S2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2011-11-18 226696]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-19 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-16 655944]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\dell printers\paperport\paperport\PDFProFiltSrvPP.exe [2010-3-17 144672]
S2 RHDISK;RHDISK;c:\program files\rohos\rhdisk.sys [2012-1-5 33280]
S2 Rohos Disk;Rohos Disk service;c:\program files\rohos\agent.exe [2012-1-5 809272]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-15 250056]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_5.6.31854.0.sys [2011-4-10 21888]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-11-18 182896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-19 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-16 22344]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2007-3-5 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 235840]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-16 13:47:35 -------- d-----w- c:\users\robles\appdata\roaming\Malwarebytes
2012-08-16 13:47:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 13:47:26 -------- d-----w- c:\programdata\Malwarebytes
2012-08-16 13:47:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-15 13:50:00 -------- d-----w- c:\users\robles\appdata\local\temp
2012-08-15 13:49:40 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-15 13:40:44 -------- d-----w- C:\ComboFix032215C
2012-08-14 22:23:09 98816 ----a-w- c:\windows\sed.exe
2012-08-14 22:23:09 518144 ----a-w- c:\windows\SWREG.exe
2012-08-14 22:23:09 256000 ----a-w- c:\windows\PEV.exe
2012-08-14 22:23:09 208896 ----a-w- c:\windows\MBR.exe
2012-08-14 22:23:01 -------- d-----w- C:\ComboFix03
2012-08-14 22:17:30 -------- d-----w- c:\users\robles\appdata\local\Adobe
2012-08-14 22:00:15 306 ----a-w- c:\windows\myClean.bat
2012-08-14 21:37:51 -------- d-----w- c:\users\robles\appdata\roaming\PC Utility Kit
2012-08-14 21:37:51 -------- d-----w- c:\users\robles\appdata\roaming\DriverCure
2012-08-14 21:37:45 -------- d-----w- c:\programdata\PC Utility Kit
2012-08-14 21:37:45 -------- d-----w- c:\program files\PC Utility Kit
2012-08-14 21:37:45 -------- d-----w- c:\program files\common files\PC Utility Kit
2012-08-14 21:31:26 -------- d-----w- c:\programdata\ErrorEND
2012-08-14 21:31:20 -------- d-----w- c:\program files\ErrorEND
2012-08-13 15:49:07 -------- d-----w- C:\~ROXTMP
2012-08-13 15:42:31 -------- d-----w- c:\users\robles\appdata\local\Roxio
2012-08-09 21:04:05 -------- d--h--w- c:\programdata\CanonIJEGV
2012-08-09 21:03:46 -------- d-----w- c:\program files\Canon
2012-08-09 13:13:38 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-09 13:10:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-25 17:41:49 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-25 17:41:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-25 17:41:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-25 17:41:41 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-25 17:41:41 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-25 17:41:40 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-25 17:30:30 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-25 17:29:58 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-25 17:29:43 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-25 17:29:43 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-08-16 13:25:57 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-16 13:25:55 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-09 20:09:41 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-08-09 19:51:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-09 19:51:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 21:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
.
============= FINISH: 10:43:54.48 ===============
 
___________________________________________ Attach log _________________________________________________

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 11/18/2011 7:21:05 PM
System Uptime: 8/16/2012 8:44:41 AM (2 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | U2E1 | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 51.968 GiB free.
D: is FIXED (NTFS) - 116 GiB total, 93.527 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP116: 5/22/2012 1:35:47 PM - Scheduled Checkpoint
RP117: 6/4/2012 4:18:42 PM - Windows Update
RP118: 6/7/2012 11:11:18 AM - Scheduled Checkpoint
RP120: 6/11/2012 9:25:44 AM - Scheduled Checkpoint
RP121: 6/12/2012 10:47:36 AM - Installed CADE Pro 2.20.3
RP122: 6/20/2012 11:46:44 AM - Windows Update
RP123: 7/25/2012 12:28:52 PM - Windows Update
RP124: 7/31/2012 3:46:42 PM - Device Driver Package Install: McAfee, Inc. Network Service
RP125: 8/9/2012 8:07:20 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5.1
Adobe Reader X (10.1.2)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
CADE Pro 2.20.3
Canon MP480 series MP Drivers
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco Video Monitoring System 1.2.0
Connect
Cypherix LE
Dell 2155 Color MFP Address Book Editor Ver.1.0.2.0
Dell 2155 Color MFP ScanButton Manager Ver.1.0.0.0
Dell 2155 Color MFP Scanner Driver
Dell 5530 Wireless Broadband Package
Dell Printer Software
Dell Wireless WLAN Card Utility
Destinations
DisplayLink Core Software
DisplayLink Graphics
DMMultiView
DocProc
Dropbox
ErrorEND
FileZilla Client 3.5.3
Free Mp3 Wma Converter V 2.1
GeoVision AAC
GeoVision ADPCM
GeoVision H264
GeoVision JPEG
GeoVision MJPG
GeoVision MPEG4
GeoVision MPEG4 ASP
GeoVision MPEG4 AVC
GeoVision MXPG
Google Earth Plug-in
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Scanjet Series
HP Solution Center 13.0
HP Update
hpg8270
HPPhotosmartEssential
HPProductAssistant
IDT Audio
iTunes
Java Auto Updater
Java(TM) 6 Update 29
kuler
Laptop Integrated Webcam Driver (1.01.01.0529)
LinksysOne Surveillance Utility
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Network Monitor 3.4
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft System Center 2012 Configuration Manager Console
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Nuance PaperPort 12
Nuance PDF Viewer Plus
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
PaperPort Image Printer
PC Utility Kit
PDF Settings CS5
Photoshop Camera Raw
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Rohos Mini Drive 1.9
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Scan
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.5
SolutionCenter
Sonic CinePlayer Decoder Pack
Suite Shared Configuration CS4
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 8.0 x86 Runtime Setup Package
WatchGuard Fireware XTM OS for XTM 8-Series 11.4.2
WatchGuard System Manager 11.3.1
WebReg
WIDCOMM Bluetooth Software 6.0.1.3100
X264
XVID
.
==== Event Viewer Messages From Past Week ========
.
8/16/2012 8:53:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/16/2012 8:47:33 AM, Error: Microsoft-Windows-TBS [16392] - An error occurred while starting the TBS. The error code was 0x8007000d.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cyphxdrv spldr Wanarpv6
8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Tablet PC Input Service service depends the following service: PlugPlay. This service might not be installed.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: Netman. This service might not be installed.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The DisplayLinkManager service depends the following service: PlugPlay. This service might not be installed.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/16/2012 8:46:42 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 8:46:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
8/16/2012 8:46:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/16/2012 8:45:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/16/2012 8:31:22 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/16/2012 8:27:26 AM, Error: Service Control Manager [7022] - The Human Interface Device Access service hung on starting.
8/16/2012 8:27:02 AM, Error: Service Control Manager [7024] - The ReadyBoost service terminated with service-specific error 0 (0x0).
8/16/2012 8:27:02 AM, Error: Service Control Manager [7023] - The WebClient service terminated with the following error: The system cannot find the file specified.
8/16/2012 8:27:02 AM, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found.
8/16/2012 8:27:02 AM, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The system cannot find the file specified.
8/16/2012 8:27:02 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: Operation aborted
8/16/2012 8:27:02 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/16/2012 8:27:02 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
8/16/2012 8:27:02 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/15/2012 8:48:30 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/15/2012 7:59:49 AM, Error: EventLog [6008] - The previous system shutdown at 9:40:53 PM on 8/14/2012 was unexpected.
8/14/2012 4:37:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/13/2012 9:37:35 AM, Error: volsnap [10] - The shadow copy of volume F: took too long to install.
8/10/2012 9:10:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "3" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
8/10/2012 1:58:35 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The system cannot find the path specified.
8/10/2012 1:49:09 PM, Error: Service Control Manager [7000] - The Windows Connect Now - Config Registrar service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================
 
I can't remmeber what MacAfee message was?
When I want to run an application in normal mode I got this message (The specified service does not exist as an installed service).
Thanks,
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Here you go ...
Thank you

__________________________________ RK report _________________________________________________
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: Robles [Admin rights]
Mode: Scan -- Date: 08/16/2012 14:10:45
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 7 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : OEM13Mon.exe (C:\Windows\OEM13Mon.exe) -> FOUND
[SUSP PATH] HKLM\[...]\RunOnce : AppRemover2 (wscript.exe "C:\Users\Robles\AppData\Local\Temp\openURL.vbs") -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}\L --> FOUND
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 81cceed3d1c679276d5fae322b340a90
[BSP] 5c953835db00e3141af93e3cc2165d2b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 119208 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 244238336 | Size: 119217 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
 
asw report
_____________________________________
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-16 14:15:01
-----------------------------
14:15:01.321 OS Version: Windows 6.0.6002 Service Pack 2
14:15:01.321 Number of processors: 2 586 0x170A
14:15:01.321 ComputerName: FCS-MIS UserName: Robles
14:15:02.538 Initialize success
14:15:10.322 AVAST engine download error: 0
14:15:18.808 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:15:18.808 Disk 0 Vendor: ST9250424ASG DEC6 Size: 238475MB BusType: 3
14:15:18.855 Disk 0 MBR read successfully
14:15:18.855 Disk 0 MBR scan
14:15:18.855 Disk 0 Windows VISTA default MBR code
14:15:18.886 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:15:18.902 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119208 MB offset 96390
14:15:18.933 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 119217 MB offset 244238336
14:15:18.949 Disk 0 scanning sectors +488394752
14:15:19.230 Disk 0 scanning C:\Windows\system32\drivers
14:15:37.575 Service scanning
14:15:55.656 Modules scanning
14:16:01.599 Disk 0 trace - called modules:
14:16:01.630 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
14:16:01.630 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856191f0]
14:16:01.630 3 CLASSPNP.SYS[8a5ad8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8551c030]
14:16:01.630 Scan finished successfully
14:16:19.430 Disk 0 MBR has been saved successfully to "C:\Users\Robles\Desktop\MBR.dat"
14:16:19.430 The log file has been saved successfully to "C:\Users\Robles\Desktop\aswMBR.txt"
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
Folder::
c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Thank you Broni,
Here you go ....

ComboFix 12-08-13.01 - Robles 08/16/2012 15:13:43.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3066.2098 [GMT -5:00]
Running from: c:\users\Robles\Desktop\New\ComboFix03.exe
Command switches used :: c:\users\Robles\Desktop\New\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}
c:\users\robles\appdata\local\{dc79d088-82f2-ab74-402b-416c74c6493e}\@
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 20:17 . 2012-08-16 20:17 -------- d-----w- c:\users\Robles\AppData\Local\temp
2012-08-16 20:17 . 2012-08-16 20:17 -------- d-----w- c:\users\Srice\AppData\Local\temp
2012-08-16 20:17 . 2012-08-16 20:17 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-16 20:17 . 2012-08-16 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 13:47 . 2012-08-16 13:47 -------- d-----w- c:\users\Robles\AppData\Roaming\Malwarebytes
2012-08-16 13:47 . 2012-08-16 13:47 -------- d-----w- c:\programdata\Malwarebytes
2012-08-16 13:47 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 13:47 . 2012-08-16 13:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-14 22:23 . 2012-08-14 22:33 -------- d-----w- C:\ComboFix03
2012-08-14 22:17 . 2012-08-14 22:17 -------- d-----w- c:\users\Robles\AppData\Local\Adobe
2012-08-14 22:00 . 2009-07-23 06:13 306 ----a-w- c:\windows\myClean.bat
2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\users\Robles\AppData\Roaming\PC Utility Kit
2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\users\Robles\AppData\Roaming\DriverCure
2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\programdata\PC Utility Kit
2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\program files\PC Utility Kit
2012-08-14 21:37 . 2012-08-14 21:37 -------- d-----w- c:\program files\Common Files\PC Utility Kit
2012-08-14 21:31 . 2012-08-14 21:31 -------- d-----w- c:\programdata\ErrorEND
2012-08-14 21:31 . 2012-08-14 21:31 -------- d-----w- c:\program files\ErrorEND
2012-08-13 15:49 . 2012-08-13 15:49 -------- d-----w- C:\~ROXTMP
2012-08-13 15:42 . 2012-08-13 15:42 -------- d-----w- c:\users\Robles\AppData\Local\Roxio
2012-08-09 21:04 . 2012-08-09 21:04 -------- d--h--w- c:\programdata\CanonIJEGV
2012-08-09 21:03 . 2012-08-09 21:03 -------- d-----w- c:\program files\Canon
2012-08-09 13:32 . 2012-08-09 13:32 -------- d-----w- c:\users\Srice\AppData\Roaming\PeerNetworking
2012-08-09 13:13 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-09 13:10 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-25 17:41 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-25 17:41 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-25 17:41 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-25 17:41 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-25 17:41 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-25 17:41 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-25 17:30 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-25 17:30 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-25 17:30 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-25 17:30 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-25 17:29 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-25 17:29 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-25 17:29 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-25 17:29 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-25 17:29 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 13:25 . 2011-11-19 01:16 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-16 13:25 . 2011-11-19 00:01 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-09 20:09 . 2011-11-19 01:18 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-08-09 19:51 . 2012-05-15 17:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-09 19:51 . 2011-11-19 00:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2011-11-21 04:04 . 2011-12-06 04:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-18 13597216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-18 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-10-18 96800]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483420]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-04-30 3888640]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Monitor.exe"="c:\program files\LinksysOne\LinksysOne Surveillance Utility\Monitor.exe" [2008-02-05 2080768]
"Recorder.exe"="c:\program files\LinksysOne\LinksysOne Surveillance Utility\Recorder.exe" [2008-09-11 409600]
"IndexSearch"="c:\program files\Dell Printers\paperport\PaperPort\IndexSearch.exe" [2010-03-17 46368]
"PaperPort PTD"="c:\program files\Dell Printers\paperport\PaperPort\pptd40nt.exe" [2010-03-17 29984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RunMVSMyClean"="c:\windows\myclean.bat" [2009-07-23 306]
"AppRemover2"="wscript.exe" [2009-04-11 155648]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Robles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Robles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
2010-06-01 17:03 886152 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLQLU]
2010-06-01 17:03 1127744 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLUPDR]
2010-06-01 17:03 566680 ----a-w- c:\program files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-03-17 06:30 46368 ----a-w- c:\program files\Dell Printers\paperport\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-17 06:33 29984 ----a-w- c:\program files\Dell Printers\paperport\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-03-06 01:11 62752 ----a-w- c:\program files\Dell Printers\paperport\PDFViewer\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-03-06 01:11 636192 ----a-w- c:\program files\Dell Printers\paperport\PDFViewer\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rohos]
2011-11-23 18:45 809272 ----a-w- c:\program files\Rohos\agent.exe
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\aestsrv.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - AXRDYPOG
*Deregistered* - aswMBR
*Deregistered* - axrdypog
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 19:51]
.
2012-08-14 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 22:58]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-19 22:58]
.
2012-08-14 c:\windows\Tasks\PC Utility Kit Registration3.job
- c:\program files\Common Files\PC Utility Kit\UUS3\UUS3.dll [2012-03-27 19:30]
.
2012-08-14 c:\windows\Tasks\PC Utility Kit Update3.job
- c:\program files\Common Files\PC Utility Kit\UUS3\Update3.exe [2012-03-27 19:30]
.
2012-08-14 c:\windows\Tasks\PC Utility Kit.job
- c:\program files\PC Utility Kit\PC Utility Kit\pcutilitykit.exe [2012-04-10 21:55]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files\CADE Pro 2.20.3\Web\new.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 68.94.156.1
FF - ProfilePath - c:\users\Robles\AppData\Roaming\Mozilla\Firefox\Profiles\330f1inw.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-16 15:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(720)
c:\users\Robles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\BCMWLCPL.CPL
.
Completion time: 2012-08-16 15:18:14
ComboFix-quarantined-files.txt 2012-08-16 20:18
ComboFix2.txt 2012-08-15 13:49
ComboFix3.txt 2012-08-14 22:33
.
Pre-Run: 55,768,416,256 bytes free
Post-Run: 55,743,160,320 bytes free
.
- - End Of File - - 6FD4A103C8A6A9BCC890C6156AA83AFD
 
Good Morning Broni,
I still have to same problem.
The programs you asked me to install it is not working in the normal mode.

Thanks,
 
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.
 
Dear Broni,
I restored the system to time before the problem.
Now, everything working.
Do I need more scans?
Thank you,
 
Status
Not open for further replies.
Back