Solved Sirefef clean request

[Gidgee1]

Hi. I'm another victim of a Sirefef trojan horse. Two computers on my home network, both running Windows Vista 32-bit, are infected. Could you please assist me in cleaning these machines? I'm assuming the cleaning process will be different for each computer and so they will need to be treated one at a time. Below are the FRST logs for the first computer. Thank you.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 11:47:56
Running from G:\FRST
Windows Vista (TM) Business (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-02] (Macrovision Corporation)
HKLM\...\Run: [] [x]
HKLM\...\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [1116920 2006-08-16] (Roxio)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-07-31] (Google)
HKLM\...\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2006-10-02] (Macrovision Corporation)
HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2007-11-14] ( )
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]
HKLM\...\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [118784 2005-01-30] ()
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13687328 2009-04-13] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-04-13] (NVIDIA Corporation)
HKLM\...\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe [53248 2003-08-18] (Fellowes, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] sttray.exe [x]
HKLM\...\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [73728 2011-11-03] ()
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [129304 2012-07-25] (Trend Micro Inc.)
HKU\Admin\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\Kids\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\Rach\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\Steve\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
HKU\Steve\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 61.9.226.33 61.9.194.49
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
HKLM\...\InprocServer32: [Default-wbem] \\.\globalroot\systemroot\Installer\{bd9395c0-202e-6b41-e67f-7528330a338f}\n. ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\D-Link\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check(2).lnk
ShortcutTarget: EPSON Status Monitor 3 Environment Check(2).lnk -> C:\Windows\System32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
ShortcutTarget: PHOTOfunSTUDIO -viewer-.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

================================ Services (Whitelisted) ==================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-17] (ArcSoft Inc.)
2 btwdins; C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe [440872 2007-08-13] (Broadcom Corporation.)
3 DSBrokerService; "C:\Program Files\DellSupport\brkrsvc.exe" [70656 2006-11-06] ()
2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [90112 2004-11-16] (SEIKO EPSON CORPORATION)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-07-31] (Google)
2 gupdate1c9c245f6bd23e3; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2009-04-20] (Google Inc.)
2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-03-12] (Ulead Systems, Inc.)
2 wscsvc; "C:\Windows\system32\wscsvc.dll" [61440 2009-04-10] (Microsoft Corporation)
2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]
3 MSSQL$MSSMLBIZ; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [x]
4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]
2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-22] (Arcsoft, Inc.)
2 dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-16] (Gteko Ltd.)
3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [7296 2003-09-23] (GARMIN Corp.)
3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [530304 2006-11-07] (PixArt Imaging Inc.)
3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2006-11-22] (SigmaTel, Inc.)
1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [81168 2012-07-25] (Trend Micro Inc.)
1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [205072 2012-07-25] (Trend Micro Inc.)
2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [55056 2012-07-25] (Trend Micro Inc.)
1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [68368 2012-07-25] (Trend Micro Inc.)
2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [171280 2012-07-25] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92432 2012-07-25] (Trend Micro Inc.)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-04-10] (Microsoft Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-25 15:40 - 2012-07-25 15:40 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Adobe
2012-07-25 15:40 - 2012-07-25 15:40 - 00000000 ____D C:\Users\Steve\AppData\Local\Adobe
2012-07-25 15:28 - 2012-07-25 15:23 - 00205072 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-07-25 15:28 - 2012-07-25 15:23 - 00171280 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmnciesc.sys
2012-07-25 15:28 - 2012-07-25 15:23 - 00092432 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
2012-07-25 15:28 - 2012-07-25 15:23 - 00081168 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys
2012-07-25 15:28 - 2012-07-25 15:23 - 00068368 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys
2012-07-25 15:28 - 2012-07-25 15:23 - 00055056 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmeevw.sys
2012-07-25 15:19 - 2012-07-25 15:19 - 00000500 ____A C:\Windows\PFRO.log
2012-07-25 15:15 - 2012-07-25 15:15 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Apple Computer
2012-07-25 15:15 - 2012-07-25 15:15 - 00000000 ____D C:\Users\Steve\AppData\Local\ArcSoft
2012-07-25 15:14 - 2012-07-25 15:15 - 00000000 ____D C:\Users\Steve\AppData\Roaming\ArcSoft
2012-07-25 15:14 - 2012-07-25 15:14 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Seagate
2012-07-25 15:14 - 2012-07-25 15:14 - 00000000 ____D C:\Users\Steve\AppData\Roaming\EPSON
2012-07-24 16:24 - 2012-07-24 16:41 - 00000000 ____D C:\Users\Admin\AppData\Roaming\EurekaLog
2012-07-02 05:51 - 2012-07-02 05:51 - 00156168 ____A C:\Windows\Minidump\Mini070212-01.dmp
2012-07-02 05:47 - 2012-07-02 05:47 - 00000036 ____A C:\Users\Admin\AppData\Local\housecall.guid.cache


============ 3 Months Modified Files ========================

2012-07-25 18:11 - 2012-06-03 16:42 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-07-25 18:11 - 2006-11-02 05:01 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-25 18:11 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-25 18:11 - 2006-11-02 04:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-25 18:11 - 2006-11-02 04:47 - 00003552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-25 18:06 - 2006-11-02 02:33 - 00786166 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-25 18:04 - 2006-11-02 04:52 - 00109128 ____A C:\Windows\setupact.log
2012-07-25 17:17 - 2009-06-30 20:03 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-25 15:41 - 2009-06-30 20:03 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-25 15:23 - 2012-07-25 15:28 - 00205072 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2012-07-25 15:23 - 2012-07-25 15:28 - 00171280 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmnciesc.sys
2012-07-25 15:23 - 2012-07-25 15:28 - 00092432 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys
2012-07-25 15:23 - 2012-07-25 15:28 - 00081168 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys
2012-07-25 15:23 - 2012-07-25 15:28 - 00068368 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys
2012-07-25 15:23 - 2012-07-25 15:28 - 00055056 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmeevw.sys
2012-07-25 15:19 - 2012-07-25 15:19 - 00000500 ____A C:\Windows\PFRO.log
2012-07-25 15:14 - 2007-02-23 05:36 - 00170712 ____A C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-24 21:20 - 2009-04-20 21:54 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-07-12 14:15 - 2009-04-20 21:58 - 00001973 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-02 05:51 - 2012-07-02 05:51 - 00156168 ____A C:\Windows\Minidump\Mini070212-01.dmp
2012-07-02 05:50 - 2007-07-26 01:06 - 199205342 ____A C:\Windows\MEMORY.DMP
2012-07-02 05:47 - 2012-07-02 05:47 - 00000036 ____A C:\Users\Admin\AppData\Local\housecall.guid.cache
2012-06-30 05:50 - 2007-02-13 05:43 - 01858454 ____A C:\Windows\WindowsUpdate.log
2012-06-19 16:29 - 2008-09-05 17:02 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2012-06-19 16:14 - 2008-09-05 03:08 - 00022032 ____A C:\Windows\DCEBoot.exe
2012-06-13 14:39 - 2006-11-02 04:47 - 00521656 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 14:26 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-07 02:13 - 2012-06-07 02:13 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-06-07 02:13 - 2007-02-13 05:50 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-06-07 02:13 - 2007-02-13 05:50 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-06-07 02:13 - 2007-02-13 05:50 - 00145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-06-07 02:11 - 2012-06-07 02:11 - 00001543 ____A C:\Users\Public\Desktop\JMP Pro 10.lnk
2012-06-03 16:42 - 2012-06-03 16:39 - 00005114 ____A C:\Windows\DPINST.LOG
2012-06-02 14:19 - 2012-06-18 13:28 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 13:28 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 13:28 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 13:28 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 13:28 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-18 13:28 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-18 13:28 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-01 21:49 - 2012-06-18 13:28 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 21:42 - 2012-06-18 13:28 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-24 17:16 - 2012-05-24 03:06 - 00108048 ____A C:\Windows\RegBootClean.exe
2012-05-24 03:30 - 2007-03-07 21:55 - 00196608 ____A C:\Windows\System32\Ikeext.etl
2012-05-22 20:01 - 2007-02-24 17:56 - 00000848 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-17 15:11 - 2012-06-13 14:20 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-13 14:20 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-13 14:20 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-13 14:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-13 14:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 14:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-13 14:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-13 14:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:29 - 2012-06-13 14:20 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:27 - 2012-06-13 14:21 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-13 14:21 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 14:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 14:21 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 11:51 - 2012-06-13 00:18 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-01 06:03 - 2012-06-13 00:18 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


ZeroAccess:
C:\Windows\Installer\{bd9395c0-202e-6b41-e67f-7528330a338f}
C:\Windows\Installer\{bd9395c0-202e-6b41-e67f-7528330a338f}\@
C:\Windows\Installer\{bd9395c0-202e-6b41-e67f-7528330a338f}\L
C:\Windows\Installer\{bd9395c0-202e-6b41-e67f-7528330a338f}\n
C:\Windows\Installer\{bd9395c0-202e-6b41-e67f-7528330a338f}\U
C:\Windows\Installer\{bd9395c0-202e-6b41-e67f-7528330a338f}\U\00000001.@
C:\Windows\Installer\{bd9395c0-202e-6b41-e67f-7528330a338f}\U\80000000.@
C:\Windows\Installer\{bd9395c0-202e-6b41-e67f-7528330a338f}\U\800000cb.@

ZeroAccess:
C:\Users\Admin\AppData\Local\{bd9395c0-202e-6b41-e67f-7528330a338f}
C:\Users\Admin\AppData\Local\{bd9395c0-202e-6b41-e67f-7528330a338f}\@
C:\Users\Admin\AppData\Local\{bd9395c0-202e-6b41-e67f-7528330a338f}\L
C:\Users\Admin\AppData\Local\{bd9395c0-202e-6b41-e67f-7528330a338f}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 2045.88 MB
Available physical RAM: 1737.94 MB
Total Pagefile: 1977.55 MB
Available Pagefile: 1834.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:125.11 GB) (Free:22.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Data) (Fixed) (Total:105.67 GB) (Free:3.92 GB) NTFS
4 Drive f: (Elements) (Fixed) (Total:596.02 GB) (Free:337.6 GB) FAT32
5 Drive g: () (Removable) (Total:7.47 GB) (Free:5.31 GB) FAT32
6 Drive x: (RECOVERY) (Fixed) (Total:2 GB) (Free:1.11 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 1024 KB
Disk 1 Online 596 GB 1528 KB
Disk 2 Online 7664 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 32 KB
Partition 2 Primary 2048 MB 48 MB
Partition 3 Primary 125 GB 2096 MB
Partition 0 Extended 106 GB 127 GB
Partition 4 Logical 106 GB 127 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 FAT Partition 47 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 X RECOVERY NTFS Partition 2048 MB Healthy Boot

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 125 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Data NTFS Partition 106 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F Elements FAT32 Partition 596 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7656 MB 22 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7656 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-25 15:25




Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 11:49:37
Running from G:\FRST

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-23 14:42] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-09-23 13:54] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-09-23 14:42] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

=== End Of Search ========================== End Of Log ==========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Gidgee1]

Thank you so much for helping! Following is the FRST fix log. I am yet to run Combofix as it detected that two real time scanners were active associated with a previously uninstalled Security Program (Trend Micro Titanium Maximum Security). I tried removing it with Appremover but it didn't detect the program on my system. Should I run Combofix anyway?

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 12:46:36 Run:1
Running from G:\FRST

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default value was restored successfully .
C:\Windows\Installer\{bd9395c0-202e-6b41-e67f-7528330a338f} moved successfully.
C:\Users\Admin\AppData\Local\{bd9395c0-202e-6b41-e67f-7528330a338f} moved successfully.

==== End of Fixlog ====

 

[Broni]

Go ahead...

 

[Gidgee1]

Hi. Here is the Combofix log.

ComboFix 12-07-26.04 - Admin 26/07/2012 13:58:15.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.61.1033.18.2046.901 [GMT 9.5:30]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: Titanium Maximum Security *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Titanium Maximum Security *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\windows\system32\service
c:\windows\system32\service\06022010_TIS17_SfFniAU.log
c:\windows\system32\service\14072010_TIS17_SfFniAU.log
G:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 19:47 . 2012-07-26 19:47 -------- d-----w- C:\FRST
2012-07-26 04:43 . 2012-07-26 04:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-26 04:43 . 2012-07-26 04:43 -------- d-----w- c:\users\Steve\AppData\Local\temp
2012-07-26 04:43 . 2012-07-26 04:43 -------- d-----w- c:\users\Rach\AppData\Local\temp
2012-07-26 04:43 . 2012-07-26 04:43 -------- d-----w- c:\users\Kids\AppData\Local\temp
2012-07-25 23:40 . 2012-07-25 23:40 -------- d-----w- c:\users\Steve\AppData\Local\Adobe
2012-07-25 23:28 . 2012-07-25 23:23 55056 ----a-w- c:\windows\system32\drivers\tmeevw.sys
2012-07-25 23:28 . 2012-07-25 23:23 171280 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-07-25 23:28 . 2012-07-25 23:23 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-07-25 23:28 . 2012-07-25 23:23 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-07-25 23:28 . 2012-07-25 23:23 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-07-25 23:28 . 2012-07-25 23:23 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-07-25 23:15 . 2012-07-25 23:15 -------- d-----w- c:\users\Steve\AppData\Roaming\Apple Computer
2012-07-25 23:15 . 2012-07-25 23:15 -------- d-----w- c:\users\Steve\AppData\Local\ArcSoft
2012-07-25 23:14 . 2012-07-25 23:14 -------- d-----w- c:\users\Steve\AppData\Roaming\EPSON
2012-07-25 23:14 . 2012-07-25 23:14 -------- d-----w- c:\users\Steve\AppData\Roaming\Seagate
2012-07-25 23:14 . 2012-07-25 23:15 -------- d-----w- c:\users\Steve\AppData\Roaming\ArcSoft
2012-07-25 00:24 . 2012-07-25 00:41 -------- d-----w- c:\users\Admin\AppData\Roaming\EurekaLog
2012-07-05 10:39 . 2012-07-05 10:39 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-05 10:39 . 2012-07-05 10:39 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 00:14 . 2008-09-05 11:08 22032 ----a-w- c:\windows\DCEBoot.exe
2012-06-07 10:13 . 2012-06-07 10:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-18 21:28 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 21:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 21:28 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 21:28 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-18 21:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-18 21:28 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-18 21:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:49 . 2012-06-18 21:28 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:42 . 2012-06-18 21:28 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-25 01:16 . 2012-05-24 11:06 108048 ----a-w- c:\windows\RegBootClean.exe
2012-05-17 22:45 . 2012-06-13 22:20 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35 . 2012-06-13 22:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35 . 2012-06-13 22:20 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29 . 2012-06-13 22:21 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24 . 2012-06-13 22:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 19:51 . 2012-06-13 08:18 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 14:03 . 2012-06-13 08:18 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2010-03-31 00:39 . 2010-03-31 00:39 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 03:06 . 2010-04-08 03:06 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-07-25 22:44 . 2012-05-23 04:01 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-01 07:28 . 2008-12-10 13:23 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-11 446976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-01 30192]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-14 16384]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-01-31 118784]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-13 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-13 92704]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 53248]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-22 303104]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-11-03 73728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 129304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-25 113664]
Bluetooth.lnk - c:\program files\D-Link\Bluetooth Software\BTTray.exe [2007-8-14 727592]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-2-13 45056]
EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\System32\spool\drivers\w32x86\3\E_SRCV02.EXE [2009-2-1 131584]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-3-28 40960]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 03:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TMEEVW
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-21 00:28]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 05:56]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 05:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\D-Link\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 61.9.226.33 61.9.194.49
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k1cu5nfv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 14:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"=hex:51,66,7a,6c,4c,1d,38,12,f1,24,4e,
ea,29,46,6a,01,e6,5b,85,f6,0f,f0,fe,79
"{CCAC5586-44D7-4C43-B64A-F042461A97D2}"=hex:51,66,7a,6c,4c,1d,38,12,e8,56,bf,
c8,e5,0a,2d,09,c9,5c,b3,02,43,44,d3,c6
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,
18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47
"{43C6D902-A1C5-45C9-91F6-FD9E90337E18}"=hex:51,66,7a,6c,4c,1d,38,12,6c,da,d5,
47,f7,ef,a7,00,ee,e0,be,de,95,6d,3a,0c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,
bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,38,12,ae,1a,70,
ce,85,7f,70,05,da,0e,e3,3c,38,e6,b3,63
"{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}"=hex:51,66,7a,6c,4c,1d,38,12,95,22,87,
ed,ef,26,9e,05,cb,ba,f4,42,79,f0,6b,0e
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:04,3e,25,24,fe,3e,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1316)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\D-Link\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\System32\rundll32.exe
c:\windows\sttray.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2012-07-26 14:26:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 04:56
.
Pre-Run: 23,943,761,920 bytes free
Post-Run: 37,497,065,472 bytes free
.
- - End Of File - - 64D5C9B4479F7EE1917F16F621D6671B

 

[Broni]

Looks good

Any current issues?

===================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Gidgee1]

All good so far thanks(y) Below is Malwarebytes log. Will now do OTL scan.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.14

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: STEVE-PC [administrator]

Protection: Enabled

27/07/2012 6:39:59 AM
mbam-log-2012-07-27 (06-39-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322201
Time elapsed: 24 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Gidgee1]

Hi.....OTL.txt logfile follows:

OTL logfile created on: 27/07/2012 7:12:27 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Admin\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 52.90% Memory free
4.23 Gb Paging File | 3.17 Gb Available in Paging File | 74.83% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125.11 Gb Total Space | 36.18 Gb Free Space | 28.91% Space Free | Partition Type: NTFS
Drive D: | 105.67 Gb Total Space | 8.39 Gb Free Space | 7.94% Space Free | Partition Type: NTFS
Drive F: | 7.47 Gb Total Space | 5.25 Gb Free Space | 70.30% Space Free | Partition Type: FAT32
Drive G: | 596.02 Gb Total Space | 368.98 Gb Free Space | 61.91% Space Free | Partition Type: FAT32
Drive Z: | 2.00 Gb Total Space | 1.11 Gb Free Space | 55.39% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/26 15:07:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/04 03:40:50 | 000,065,536 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/11/04 03:40:42 | 000,008,704 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/03/23 02:10:50 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 15:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/14 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/05/27 19:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/08/14 16:53:22 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\D-Link\Bluetooth Software\BTTray.exe
PRC - [2007/08/14 16:53:20 | 000,440,872 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
PRC - [2006/11/23 08:26:00 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/11/12 03:49:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/05 12:52:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 12:25:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/11/02 19:15:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/10/20 18:53:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 10:30:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2005/01/31 10:02:48 | 000,118,784 | ---- | M] () -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
PRC - [2004/11/17 15:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2004/03/13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 08:15:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/06/14 08:15:29 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/14 08:12:43 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:12:33 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/13 09:21:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 09:21:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/13 09:21:20 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/13 09:19:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/13 09:18:06 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/13 09:17:55 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/11/04 03:40:46 | 000,014,848 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll
MOD - [2011/11/04 03:40:40 | 000,015,360 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll
MOD - [2011/11/04 03:40:10 | 000,025,600 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/11/04 03:39:38 | 000,102,912 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/01 16:58:59 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010/04/21 02:52:32 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2010/04/21 02:52:32 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2008/05/27 19:30:44 | 000,036,864 | ---- | M] () -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp
MOD - [2007/08/14 16:46:58 | 000,126,976 | ---- | M] () -- C:\Program Files\D-Link\Bluetooth Software\BTKeyInd.dll
MOD - [2007/08/14 16:35:24 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2006/11/05 12:28:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 11:58:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/08/18 14:47:36 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
MOD - [2005/01/31 10:02:48 | 000,118,784 | ---- | M] () -- C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/07/26 08:14:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/04 03:40:42 | 000,008,704 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/19 17:08:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 17:06:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 17:06:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/08/14 16:53:20 | 000,440,872 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/11/07 14:57:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/11/17 15:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2004/03/13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/07/26 08:53:02 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012/07/26 08:53:02 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmnciesc.sys -- (tmnciesc)
DRV - [2012/07/26 08:53:02 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2012/07/26 08:53:02 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/07/26 08:53:02 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012/07/26 08:53:02 | 000,055,056 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmeevw.sys -- (tmeevw)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/04/14 02:33:00 | 007,766,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/01/14 18:46:04 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2006/11/23 08:26:52 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/08 09:59:50 | 000,530,304 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2006/11/02 17:06:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 17:00:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 17:00:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/19 03:38:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 17:37:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/18 14:48:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 14:47:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 14:47:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 14:47:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 14:47:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 14:47:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 14:47:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 14:47:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 17:13:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/08/11 12:05:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 12:05:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/08/05 10:09:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DAAU


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=2dyjymzwH0PaQqQNHeqxAUJDpn4?q={searchTerms}
IE - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:5.2.0.1035
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.8.0.1080
FF - prefs.js..extensions.enabledItems: {38783831-6098-4faa-A9C9-1EE1E343F4D2}:7.1.0.1102
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/01 22:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension [2012/07/26 12:59:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/07/26 12:59:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/26 08:14:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/07 19:43:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/26 08:14:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/07 19:43:31 | 000,000,000 | ---D | M]

[2008/09/09 10:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/05/23 14:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k1cu5nfv.default\extensions
[2010/06/14 12:26:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k1cu5nfv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/11 11:51:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\k1cu5nfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/07/05 20:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/26 08:14:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/07 19:43:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012/07/05 20:09:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/05 20:09:19 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Trend Micro Titanium (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\5.2.0.1035_0\npToolbarChrome.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: TrendMicro Toolbar = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\5.2.0.1035_0\
CHR - Extension: Gmail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/07/26 14:16:30 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EEventManager] C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.226.33 61.9.194.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DC055D7-43F3-4F51-8AC1-DC066D7DE024}: DhcpNameServer = 61.9.226.33 61.9.194.49
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1066\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | R--D | M] - G:\AUTORUN -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/27 06:38:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012/07/27 06:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/27 06:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/27 06:38:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/27 06:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/27 05:17:49 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/26 15:07:45 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/26 15:05:33 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/26 13:53:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/26 13:53:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/26 13:53:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/26 13:53:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/26 13:06:04 | 010,386,472 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Admin\Desktop\AppRemover.exe
[2012/07/26 12:57:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/26 12:56:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/26 12:51:52 | 004,719,627 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012/07/26 08:58:59 | 000,055,056 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmeevw.sys
[2012/07/26 08:58:57 | 000,171,280 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmnciesc.sys
[2012/07/26 08:58:56 | 000,092,432 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2012/07/26 08:58:53 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/07/26 08:58:53 | 000,081,168 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2012/07/26 08:58:53 | 000,068,368 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2012/07/25 09:54:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\EurekaLog

========== Files - Modified Within 30 Days ==========

[2012/07/27 06:47:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/27 06:38:25 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/27 06:31:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/27 06:29:19 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/07/27 06:29:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 06:29:15 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 06:29:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/26 23:22:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/26 15:07:23 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/26 15:04:24 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Admin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/26 14:50:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/26 14:16:30 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/26 13:10:15 | 000,046,592 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/26 13:05:28 | 010,386,472 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Admin\Desktop\AppRemover.exe
[2012/07/26 12:59:55 | 000,654,922 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/26 12:59:55 | 000,126,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/26 12:51:13 | 004,719,627 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012/07/26 08:53:02 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/07/26 08:53:02 | 000,171,280 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmnciesc.sys
[2012/07/26 08:53:02 | 000,092,432 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2012/07/26 08:53:02 | 000,081,168 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2012/07/26 08:53:02 | 000,068,368 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2012/07/26 08:53:02 | 000,055,056 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmeevw.sys
[2012/07/13 07:45:02 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/02 23:20:58 | 199,205,342 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/02 23:17:16 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2012/07/27 06:38:25 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/26 13:53:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/26 13:53:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/26 13:53:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/26 13:53:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/26 13:53:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/02 23:17:16 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2012/06/04 10:12:35 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2012/05/24 20:36:02 | 000,108,048 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011/06/05 23:06:15 | 000,272,974 | ---- | C] () -- C:\Users\Admin\AppData\Local\scan DWS TCK bilby work June 2011.pdf
[2008/11/19 10:42:32 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2008/02/28 21:25:30 | 000,028,915 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2007/02/24 15:27:00 | 000,046,592 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2007/02/25 14:35:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EndNote
[2009/02/01 11:16:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EPSON
[2009/08/07 17:24:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ESRI
[2012/07/25 10:11:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EurekaLog
[2010/10/09 15:42:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2010/02/04 12:16:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Notepad++
[2007/06/26 14:17:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nvu
[2009/04/23 19:39:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Panasonic
[2008/02/28 21:25:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2012/06/14 14:59:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SAS
[2011/09/13 22:14:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Seagate
[2007/02/25 11:31:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2007/02/24 17:34:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ulead Systems
[2011/06/27 09:16:25 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\EPSON
[2012/04/01 09:26:27 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Seagate
[2011/06/27 16:41:00 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Thunderbird
[2010/02/10 08:49:31 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\EPSON
[2007/02/26 09:49:37 | 000,000,000 | ---D | M] -- C:\Users\Rach\AppData\Roaming\Thunderbird
[2012/07/26 08:44:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\EPSON
[2012/07/26 08:44:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Seagate
[2012/07/26 23:22:52 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\Ulead VideoStudio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\Scanned Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\possum survey.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\My Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\My Garmin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\Fax:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\CyberTracker:Roxio EMC Stream
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4829695F

< End of report >

 

[Gidgee1]

Hi.....OTL Extras file follows:

OTL Extras logfile created on: 27/07/2012 7:12:27 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Admin\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 52.90% Memory free
4.23 Gb Paging File | 3.17 Gb Available in Paging File | 74.83% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 125.11 Gb Total Space | 36.18 Gb Free Space | 28.91% Space Free | Partition Type: NTFS
Drive D: | 105.67 Gb Total Space | 8.39 Gb Free Space | 7.94% Space Free | Partition Type: NTFS
Drive F: | 7.47 Gb Total Space | 5.25 Gb Free Space | 70.30% Space Free | Partition Type: FAT32
Drive G: | 596.02 Gb Total Space | 368.98 Gb Free Space | 61.91% Space Free | Partition Type: FAT32
Drive Z: | 2.00 Gb Total Space | 1.11 Gb Free Space | 55.39% Space Free | Partition Type: NTFS

Computer Name: STEVE-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3045670223-4099114938-2776384973-1004\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4AA19D25-F45D-4A57-8146-BAE09DD16DFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B736F69C-85D2-4C13-A225-6501B08AC0B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2A6C89BE-C7B9-40BA-A68C-A4B4E45EC155}C:\program files\epson\creativity suite\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson\creativity suite\event manager\eeventmanager.exe |
"TCP Query User{CC7F31E2-51D6-4767-AAE4-BD2694568631}C:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=6 | dir=in | app=c:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"UDP Query User{7F15E419-E64A-459D-A068-6D7591129B8D}C:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe" = protocol=17 | dir=in | app=c:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"UDP Query User{81FDFA2B-5794-4B36-B422-8F4BD75051B6}C:\program files\epson\creativity suite\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson\creativity suite\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = D-Link Bluetooth Software 6.0.1.5400
"{082FA29F-143B-47ED-B66A-A11F0E6EA4A9}" = DNRGarmin
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{188BB63B-35C8-47EE-AEBF-5EA826CAA74D}" = JMP Pro 10
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B5B70CB-9727-457E-9B3D-DBEDBC10AE81}" = XTools Pro 2.0.1
"{1DDF840B-A50A-491E-BF44-6D6964C451A8}" = VGA USB Camera
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{38A15D11-05F8-4ECE-AC47-A85DC6FFA197}" = JMP Profiler Core
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA1480E-2789-47F2-8963-C5AAB60C563E}" = GPS TrackMaker
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0 SE DVD
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BACC9C81-3843-4240-B6D2-40FFBDB3B89A}" = Garmin WorldMap v4
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C93EC040-45ED-48A2-B4D9-3EDC034F185C}" = CyberTracker
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC0782E1-D80F-44A3-A181-C1170B279993}" = JMP Profiler GUI
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F2218D47-13D5-4705-B59B-4DBD00704BE0}" = Camera Setup
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FE4BD9BD-4A26-4F39-B12C-19336204B100}" = EndNote X
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"ALCX11 Basic Operation Guide" = ALCX11 Basic Operation Guide
"ALCX11 User's Guide" = ALCX11 User's Guide
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Speed Dial Utility" = EPSON Speed Dial Utility
"ffvfw" = ffvfw (uninstall only)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HairID" = HairID
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library
"InstallShield_{B2F25F71-D920-4288-A548-54CD253DEF14}" = SILKYPIX Developer Studio 3.0 SE
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird (1.5)" = Mozilla Thunderbird (1.5)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"OziExplorer 3.95_is1" = OziExplorer 3.95
"PDFCreator" = PDFCreator
"Python 2.1" = Python 2.1
"Python 2.1 combined Win32 extensions" = Python 2.1 combined Win32 extensions
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMALLBUSINESSR" = Microsoft Office Small Business 2007

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24/07/2012 8:26:03 PM | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
Description = The program ct3.exe version 3.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1774 Start Time: 01cd69ed05515cf9 Termination Time: 17

Error - 24/07/2012 8:42:10 PM | Computer Name = Steve-PC | Source = Application Hang | ID = 1002
Description = The program ct3.exe version 3.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: b6c Start Time: 01cd69fc162cb5b9 Termination Time: 9

Error - 24/07/2012 8:43:33 PM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x0018a707, process id 0x15c0, application
start time 0x01cd69fe339b27b9.

Error - 24/07/2012 9:37:06 PM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x0018a6fa, process id 0x171c, application
start time 0x01cd6a05a8825ab9.

Error - 24/07/2012 9:41:55 PM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x0018a6fa, process id 0x14b4, application
start time 0x01cd6a064b0ee739.

Error - 24/07/2012 11:36:01 PM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x0018a6fa, process id 0xab4, application
start time 0x01cd6a16585b7e79.

Error - 24/07/2012 11:40:07 PM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x0018a6fa, process id 0xb6c, application
start time 0x01cd6a16e9197ac9.

Error - 24/07/2012 11:59:29 PM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x0018a6fa, process id 0x1024, application
start time 0x01cd6a1993bb33e9.

Error - 25/07/2012 6:24:38 AM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xdaede465, process id 0xefc, application start time
0x01cd6a4f4932a2f9.

Error - 25/07/2012 6:55:37 AM | Computer Name = Steve-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x0017ef77, process id 0xe0c, application
start time 0x01cd6a53adc60649.

Error - 25/07/2012 7:14:01 PM | Computer Name = Steve-PC | Source = ESENT | ID = 215
Description = WinMail (5996) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

[ OSession Events ]
Error - 30/08/2007 9:02:37 AM | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51331
seconds with 24480 seconds of active time. This session ended with a crash.

Error - 30/08/2007 11:25:13 PM | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16476
seconds with 14220 seconds of active time. This session ended with a crash.

Error - 10/12/2007 9:09:44 AM | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31844
seconds with 9660 seconds of active time. This session ended with a crash.

Error - 21/02/2008 1:32:11 AM | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 11411
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 30/11/2008 2:23:41 AM | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 26596
seconds with 600 seconds of active time. This session ended with a crash.

Error - 21/12/2008 10:33:03 PM | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20404
seconds with 11160 seconds of active time. This session ended with a crash.

Error - 6/12/2009 11:55:36 PM | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7834
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 5/03/2010 10:41:15 PM | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/11/2011 9:36:26 PM | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15432
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 3/11/2011 10:09:15 PM | Computer Name = Steve-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4285
seconds with 900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 25/07/2012 11:29:55 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/07/2012 12:27:07 AM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 26/07/2012 12:27:55 AM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 26/07/2012 12:35:23 AM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 26/07/2012 12:44:15 AM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 26/07/2012 12:45:35 AM | Computer Name = Steve-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 26/07/2012 12:51:43 AM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 26/07/2012 12:54:56 AM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 26/07/2012 4:58:43 PM | Computer Name = Steve-PC | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 26/07/2012 5:03:52 PM | Computer Name = Steve-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No CLSID value found.
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
  O15 - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\..Trusted Domains: localhost ([]http in Local intranet)
  O15 - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\..Trusted Ranges: GD ([http] in Local intranet)
  O37 - HKU\S-1-5-21-3045670223-4099114938-2776384973-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found
  [2012/07/27 05:17:49 | 000,000,000 | ---D | C] -- C:\FRST
  @Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\Updater5:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\Ulead VideoStudio:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\Scanned Documents:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\possum survey.jpg:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\My Google Gadgets:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\My Garmin:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\Fax:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Users\Admin\Documents\CyberTracker:Roxio EMC Stream
  @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4829695F
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

========================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Gidgee1]

OTL Fix Log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCAC5586-44D7-4c43-B64A-F042461A97D2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCAC5586-44D7-4c43-B64A-F042461A97D2}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3045670223-4099114938-2776384973-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3045670223-4099114938-2776384973-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3045670223-4099114938-2776384973-1004_Classes\.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3045670223-4099114938-2776384973-1004_Classes\ComFile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
C:\FRST\Quarantine\{bd9395c0-202e-6b41-e67f-7528330a338f}\{bd9395c0-202e-6b41-e67f-7528330a338f}\U folder moved successfully.
C:\FRST\Quarantine\{bd9395c0-202e-6b41-e67f-7528330a338f}\{bd9395c0-202e-6b41-e67f-7528330a338f}\L folder moved successfully.
C:\FRST\Quarantine\{bd9395c0-202e-6b41-e67f-7528330a338f}\{bd9395c0-202e-6b41-e67f-7528330a338f} folder moved successfully.
C:\FRST\Quarantine\{bd9395c0-202e-6b41-e67f-7528330a338f}\U folder moved successfully.
C:\FRST\Quarantine\{bd9395c0-202e-6b41-e67f-7528330a338f}\L folder moved successfully.
C:\FRST\Quarantine\{bd9395c0-202e-6b41-e67f-7528330a338f} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
ADS C:\Users\Admin\Documents\Updater5:Roxio EMC Stream deleted successfully.
ADS C:\Users\Admin\Documents\Ulead VideoStudio:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Users\Admin\Documents\Scanned Documents:Roxio EMC Stream .
ADS C:\Users\Admin\Documents\possum survey.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\Admin\Documents\My Google Gadgets:Roxio EMC Stream deleted successfully.
ADS C:\Users\Admin\Documents\My Garmin:Roxio EMC Stream deleted successfully.
ADS C:\Users\Admin\Documents\Fax:Roxio EMC Stream deleted successfully.
ADS C:\Users\Admin\Documents\CyberTracker:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\TEMP:4829695F deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 2002 bytes
->Temporary Internet Files folder emptied: 3450417489 bytes
->Java cache emptied: 668009 bytes
->FireFox cache emptied: 64715206 bytes
->Google Chrome cache emptied: 16453597 bytes
->Flash cache emptied: 18079334 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kids
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Flash cache emptied: 41 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rach
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1759877 bytes
->FireFox cache emptied: 4379368 bytes

User: Steve
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 166025 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 169495519 bytes

Total Files Cleaned = 3,554.00 mb


[EMPTYJAVA]

User: Admin
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Kids

User: Public

User: Rach

User: Steve

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kids
->Flash cache emptied: 0 bytes

User: Public

User: Rach

User: Steve

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07272012_074458

Files\Folders moved on Reboot...
C:\Windows\temp\JETD7D7.tmp moved successfully.

PendingFileRenameOperations files...
File C:\Windows\temp\JETD7D7.tmp not found!

Registry entries deleted on Reboot...

 

[Gidgee1]

Security Check log:

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Trend Micro Titanium
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player ( 10.0.45.2) Flash Player Out of Date!
Mozilla Firefox (Firefox, Opera, Netscape only..)
Mozilla Thunderbird (1.5.) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
``````````End of Log````````````

 

[Gidgee1]

FSS Log:

Farbar Service Scanner Version: 26-07-2012
Ran by Admin (administrator) on 27-07-2012 at 07:58:49
Running from "C:\Users\Admin\Desktop"
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-12 13:24] - [2012-03-30 22:09] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Gidgee1]

Hi Broni. The ESET scan finally finished after about 5 hours. It found and fixed 4 infected files (all sirefef type infections) but unfortunately I accidently closed it before exporting the log. Let me know if you want me to repeat the scan.

 

[Broni]

That's OK.

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

==========================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

=======================================

We have one corrupted registry key affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

 

[Gidgee1]

New FSS Log...

Farbar Service Scanner Version: 26-07-2012
Ran by Admin (administrator) on 28-07-2012 at 14:12:29
Running from "C:\Users\Admin\Desktop"
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Gidgee1]

Below is the latest OTL log. The computer is running well. Thanks heaps for all your help Broni!

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6324299 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68804046 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kids
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rach
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Steve
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5115273 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 77.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kids
->Flash cache emptied: 0 bytes

User: Public

User: Rach

User: Steve

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Admin
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Kids

User: Public

User: Rach

User: Steve

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07292012_083053

Files\Folders moved on Reboot...
C:\Windows\temp\JET415.tmp moved successfully.

PendingFileRenameOperations files...
File C:\Windows\temp\JET415.tmp not found!

Registry entries deleted on Reboot...

 

[Broni]

Yes!!

Good luck and stay safe