ralvarezjr1
Members-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by ralvarezjr1
-
ZeroAccess has my pc up against the wall
ralvarezjr1 replied to ralvarezjr1's topic in Resolved Malware Removal Logs
it produced nothing! -
ZeroAccess has my pc up against the wall
ralvarezjr1 replied to ralvarezjr1's topic in Resolved Malware Removal Logs
Rebooted the machine and it booted into windows correctly but just started beeping. I shutdown windows but before it was closed Avira said that it had found a virus crypt not sure of what else. -
ZeroAccess has my pc up against the wall
ralvarezjr1 replied to ralvarezjr1's topic in Resolved Malware Removal Logs
Followed the instructions above and the TDSSKiller program and the program does nothing. -
ZeroAccess has my pc up against the wall
ralvarezjr1 replied to ralvarezjr1's topic in Resolved Malware Removal Logs
OTL Extras logfile created on: 4/16/2012 11:14:28 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Robert\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.49 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 54.96% Memory free 7.16 Gb Paging File | 5.45 Gb Available in Paging File | 76.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 155.67 Gb Free Space | 52.22% Space Free | Partition Type: NTFS Computer Name: ROBERT-D630 | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{178BF835-C491-4397-9203-64E66859E528}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe | "{17A090B7-603D-4385-8856-5CEA567E6774}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1A844521-00DC-485E-95BD-BBD3BB12F8E7}" = rport=138 | protocol=17 | dir=out | app=system | "{1E4103AA-E793-4C53-917E-A0643E972801}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3083558E-5AC6-41FE-AC2F-C5FE8C73D219}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{34E9C41A-6062-4DAF-ADFD-B7F64CC3D5AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3C78C333-6C26-451C-B56E-82D11CCB892A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{41141C4D-4223-453F-9B0F-D4CFD6910218}" = rport=137 | protocol=17 | dir=out | app=system | "{4A31F599-F00D-4D60-AE8F-A266B03623C1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4A3ED335-F989-4715-BFE0-2AF28BFD1C55}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5073D0D8-C75E-451F-A6A8-5D2E5353DD90}" = lport=2869 | protocol=6 | dir=in | app=system | "{528C9138-8D8D-474E-AD42-E217ABA88286}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{52D2AAEF-FC69-4951-A9E5-4D02976F6308}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5587EAE4-8712-4967-A92D-A9F0316C5AB5}" = lport=137 | protocol=17 | dir=in | app=system | "{56F91CDD-2E5B-4E39-B0B9-3E4881F37B83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{60891C55-B064-4E4B-BB09-B65A2F6BA9FA}" = rport=445 | protocol=6 | dir=out | app=system | "{705DF82B-F56F-42D9-B831-7F01D232128C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7500E63E-064B-4754-A1B2-E3747C3F2CF6}" = lport=2869 | protocol=6 | dir=in | app=system | "{848625E9-84E9-47F5-8AE0-271C81BFDD30}" = lport=139 | protocol=6 | dir=in | app=system | "{87F6F3D4-AA13-448A-9E36-EF4E0475539C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8CA08EA7-957E-41F5-93CB-1A73A84B89E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8D5B21A3-44C5-44EC-B50D-EF5406154C2A}" = lport=138 | protocol=17 | dir=in | app=system | "{9827E6CC-BB43-4D03-8B3D-65F19B097B33}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{993BAF2B-DB9C-4A10-A9BC-481D9AEAD863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9F91641B-1849-458E-AA39-8F8310C7FFBF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{AEBA7712-3BEA-40E6-BD61-1366476DAE79}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe | "{D19C2046-2392-45AB-B472-3AF5CC7CAE86}" = rport=139 | protocol=6 | dir=out | app=system | "{D8E314DC-66A1-462C-971D-C4642E0801EF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{E1321D59-1E7C-4298-B3EF-95BBB0F91F1E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{ED557472-B63F-49D3-96F7-5B3E2F316755}" = rport=10243 | protocol=6 | dir=out | app=system | "{F1A2F41D-8622-4B1D-938D-28E4212F2583}" = lport=445 | protocol=6 | dir=in | app=system | "{F651676D-BF3C-42B4-9AA4-B907D5F75938}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FB80E643-7345-4DB3-B91A-5C7AA697F1F7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FFE0B1D6-A60C-45E8-BAE7-C4EAFF21F99D}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{069F5B5C-F221-48C8-B428-47215976B55A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{447CA59B-E6E5-4D5C-AFF9-06FE25EC406F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4615B886-117F-446C-8E8D-5682AFBF2FC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{514DC282-F866-4FC5-885F-8E0DC13FB6B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{63534CC9-32D7-4D02-9C4D-196CA22F874C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{6E401C01-4CAD-41A2-B313-7820688F7063}" = protocol=17 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | "{706FEAE7-9282-48AA-9237-A5E2EBFC186A}" = protocol=6 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | "{79CD4FD6-F0AA-445D-A44F-D67593BB7A7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7CD578A7-7A8F-42E1-9BE6-AB5F233BC549}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{873F0E5E-2AA3-4259-88E4-920E2835C9D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{883DFAC3-E561-41F8-BB6A-4003D245DD35}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8C58222F-7EED-4A90-9053-50B6B0E8E278}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9AAF8839-3862-4D16-90B7-46FC1B12708D}" = protocol=6 | dir=in | app=d:\installer\hpbcsiinstaller.exe | "{9C4388A4-FB85-4982-B34B-307F72FE87DA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{A8B0E603-FD27-4FDB-B99E-2184B1C4E0EC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B53321FC-0167-4099-8BBB-13AEF6A12545}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BBE21FA7-8B41-49D3-AB2B-1052B10FEE9C}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe | "{C10E0E6F-0DD3-454D-91F4-4F76FB37FB75}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C8664A4A-24CD-4EE0-8AD6-2EB760AB3084}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | "{CD7E8A25-047F-4263-9741-BE4AFAB4A2D6}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe | "{D5CEAF3A-D9F2-49A3-B2C9-A7D955B3EA00}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D8CF3C6C-9733-4160-B229-893B14DC91F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DFADB277-6E49-4075-B1B8-72A37DC9D88E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E042C7ED-5BC2-464C-A217-036B902FF39F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E11246DD-49ED-4728-967F-E63617CEBBF4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{E8024B85-2FBE-4BC1-AA48-7CD73B12E56D}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | "{E90BB2F8-2975-493E-AE72-2C272430DA10}" = protocol=6 | dir=out | app=system | "{EFE716A9-EF1D-492E-8C4D-14E990D68229}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F76E60AB-31B5-4AE0-A82A-EBC884249DD6}" = protocol=17 | dir=in | app=d:\installer\hpbcsiinstaller.exe | "TCP Query User{006AD60B-DD35-4462-8220-9D891D5CF0F9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{1C5D04D1-0EBB-4B22-91C2-8D564DC10AF9}C:\program files\jawbone\jawboneupdater.exe" = protocol=6 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | "TCP Query User{33150E2D-7F12-4143-90A5-544D69B9464C}C:\program files\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe | "TCP Query User{3F3AFBA7-C58C-4551-BAB8-F533AC7CAAA2}C:\program files\belkin storage manager\storagemanager.exe" = protocol=6 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe | "TCP Query User{5A774374-B02A-4278-824F-24E233C25392}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe | "TCP Query User{CEDA8D22-F9E0-4E31-8454-F03B54864ECA}C:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe" = protocol=6 | dir=in | app=c:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe | "UDP Query User{0C7D072D-E33B-4A23-B43D-CDF4EE76918F}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe | "UDP Query User{20303573-CF23-45CE-AF3F-68DA8BCD81F7}C:\program files\jawbone\jawboneupdater.exe" = protocol=17 | dir=in | app=c:\program files\jawbone\jawboneupdater.exe | "UDP Query User{255ADB86-789D-483B-AEE2-6AF4E4835D4F}C:\program files\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe | "UDP Query User{55EA76FB-A15D-4257-BAC7-02C405C58C60}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{93A0DFC2-74F6-4553-9596-45DB6BB79B72}C:\program files\belkin storage manager\storagemanager.exe" = protocol=17 | dir=in | app=c:\program files\belkin storage manager\storagemanager.exe | "UDP Query User{F78F09CF-711E-4927-B8A1-8FAA06AA5B14}C:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe" = protocol=17 | dir=in | app=c:\users\robert\appdata\local\temp\eprintsetup\eprintsetup.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0 "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series" = Canon iP100 series "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series "{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf04 "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1C504B59-FFBF-4A65-9E0E-FE06159CAB9B}" = WD Drive Manager (x86) "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 26 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java SE Development Kit 6 Update 23 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport "{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper "{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59B13FD3-AD00-4E2C-AE30-0556451EC0DE}" = ScanSnap Organizer "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{66012C7F-D4FD-4C8D-8FBA-D0A680B1C149}" = HPLaserJetHelp_LearnCenter "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{71EC91AF-279E-440A-BB0C-AD2C6598F601}" = CardMinder V3.1 "{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009 "{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA18EE51-24A5-4748-A5E2-4B035C9A4AB2}" = Canon MP780 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0 "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety "{BFD1277A-1204-4f96-B16E-513CB7565356}" = Canon MF8100 Series "{C12D7D54-7DE8-4DF7-AB2D-8A5ECFB2F89B}" = Belkin Storage Manager "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D49B0B95-DF54-40E9-9169-8BB6A6A1E03F}" = The Print Shop 23 "{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V3.1 "{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService "{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager "{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf04 "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI "{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2918DE9-8F79-44c8-85D8-CAD1245B95D3}" = HP LaserJet Professional CP1020 Series "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F4F8DC6B-5591-4F22-BD5D-6CB8AA8D5452}" = hppCP1020LaserJetService "{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore "{F66D28D2-0953-4E44-A0C5-0D0CD10BF589}" = SureDocs "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "{F93DB94F-0E61-4800-81DF-0CACA6AAF114}" = XSites Desktop "{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Advanced SystemCare 4_is1" = Advanced SystemCare 4 "AudibleManager" = AudibleManager "Avira AntiVir Desktop" = Avira Free Antivirus "Canon iP100 series User Registration" = Canon iP100 series User Registration "Canon Setup Utility 2.4" = Canon Setup Utility 2.4 "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "CutePDF Writer Installation" = CutePDF Writer 2.7 "DW WLAN Card Utility" = DW WLAN Card Utility "Evrsoft First Page 2006 Pro_is1" = Evrsoft First Page 2006 "Google Calendar Sync" = Google Calendar Sync "Google Chrome" = Google Chrome "GoToAssist" = GoToAssist 8.0.0.514 "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 1.99.1 "InstallShield_{F93DB94F-0E61-4800-81DF-0CACA6AAF114}" = XSites Desktop "Jawbone Updater" = Jawbone Updater "LawnPro 44.15" = LawnPro 4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = Microsoft Security Essentials "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US) "MP Navigator 1.0" = Canon MP Navigator 1.0 "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "ProInst" = Intel® PROSet/Wireless Software "Rhapsody" = Rhapsody "Smart Defrag 2_is1" = Smart Defrag 2 "SureDocs_is1" = SureDocs (novaPDF OEM 7.3 printer) "TomTom HOME" = TomTom HOME 2.8.3.2499 "TurboTax 2009" = TurboTax 2009 "TurboTax 2010" = TurboTax 2010 "WebPost" = Microsoft Web Publishing Wizard 1.52 "WinLiveSuite" = Windows Live Essentials "zipForm6" = zipForm6 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ClosetMaid v1.5.1" = ClosetMaid v1.5.1 "f031ef6ac137efc5" = Dell Driver Download Manager "GoToMeeting" = GoToMeeting 4.5.0.457 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/16/2012 11:48:54 PM | Computer Name = Robert-D630 | Source = Application Error | ID = 1000 Description = Faulting application HPLaserJetService.exe, version 2.7.397.0, time stamp 0x4bc33882, faulting module hppccompio.dll, version 1.2.0.19, time stamp 0x4bab86d4, exception code 0xc0000417, fault offset 0x000058a9, process id 0xb9c, application start time 0x01cd1c4cf2b0487e. Error - 4/16/2012 11:49:44 PM | Computer Name = Robert-D630 | Source = WinMgmt | ID = 10 Description = Error - 4/16/2012 11:50:55 PM | Computer Name = Robert-D630 | Source = Application Error | ID = 1000 Description = Faulting application HPCP1020STRAY.EXE, version 2010.415.1.19892, time stamp 0x4bc77192, faulting module hppccompio.dll, version 1.2.0.19, time stamp 0x4bab86d4, exception code 0xc0000417, fault offset 0x000058a9, process id 0xffc, application start time 0x01cd1c4cfc9bb63e. Error - 4/16/2012 11:51:38 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = Error - 4/16/2012 11:51:38 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1010 Description = Error - 4/16/2012 11:51:39 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = Error - 4/16/2012 11:51:39 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = Error - 4/16/2012 11:51:40 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = Error - 4/16/2012 11:51:41 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = Error - 4/16/2012 11:51:42 PM | Computer Name = Robert-D630 | Source = Perflib | ID = 1008 Description = [ Broadcom Wireless LAN Events ] Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless Adapter Manager Container) Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:51:05, Sun, Apr 15, 12 Error - Error in creating key container - -2146893809 (Broadcom Wireless Adapter Manager Container) Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:51:07, Sun, Apr 15, 12 Error - Error in creating key container - -2146893809 (Broadcom Wireless Adapter Manager Container WORKGROUP\ROBERT-D630$) Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:51:07, Sun, Apr 15, 12 Error - Cryptography API's do not work on this system. Error - 4/15/2012 11:51:07 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:51:07, Sun, Apr 15, 12 Error - Unable to gain access to user store Error - 4/15/2012 11:51:25 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:51:25, Sun, Apr 15, 12 Error - Unable to gain access to user store Error - 4/15/2012 11:54:10 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:54:10, Sun, Apr 15, 12 Error - Unable to gain access to user store Error - 4/15/2012 11:54:29 PM | Computer Name = Robert-D630 | Source = WLAN-Tray | ID = 0 Description = 22:54:29, Sun, Apr 15, 12 Error - Unable to get current user admin status [ System Events ] Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023 Description = Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7003 Description = Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023 Description = Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023 Description = Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7003 Description = Error - 4/16/2012 11:49:45 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7023 Description = Error - 4/16/2012 11:49:51 PM | Computer Name = Robert-D630 | Source = Service Control Manager | ID = 7034 Description = Error - 4/16/2012 11:51:50 PM | Computer Name = Robert-D630 | Source = WMPNetworkSvc | ID = 866293 Description = Error - 4/16/2012 11:52:47 PM | Computer Name = Robert-D630 | Source = WMPNetworkSvc | ID = 866293 Description = Error - 4/16/2012 11:59:06 PM | Computer Name = Robert-D630 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1823.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. < End of report > -
ZeroAccess has my pc up against the wall
ralvarezjr1 replied to ralvarezjr1's topic in Resolved Malware Removal Logs
OTL logfile created on: 4/16/2012 11:14:28 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Robert\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.49 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 54.96% Memory free 7.16 Gb Paging File | 5.45 Gb Available in Paging File | 76.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298.09 Gb Total Space | 155.67 Gb Free Space | 52.22% Space Free | Partition Type: NTFS Computer Name: ROBERT-D630 | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/16 23:13:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe PRC - [2012/04/14 09:01:19 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/01/22 23:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012/01/22 23:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010/09/17 12:14:44 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files\LawnPro 4\DB\bin\fbserver.exe PRC - [2010/09/14 16:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe PRC - [2010/09/14 14:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2010/07/02 13:25:48 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe PRC - [2010/07/02 13:24:07 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe PRC - [2010/01/19 12:48:52 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe PRC - [2009/11/30 12:31:54 | 004,685,824 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE PRC - [2009/11/30 12:31:54 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE PRC - [2009/11/30 12:31:48 | 004,038,656 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE PRC - [2009/08/07 08:35:36 | 000,374,088 | ---- | M] (a la mode, inc.) -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe PRC - [2009/05/27 11:38:22 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe PRC - [2009/05/27 11:37:44 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/02/03 17:40:02 | 000,858,624 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin Storage Manager\StorageManager.exe PRC - [2008/02/22 11:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2008/01/22 21:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2007/10/29 15:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2007/10/04 19:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007/09/13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe PRC - [2007/03/30 22:14:06 | 001,769,472 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe PRC - [2007/02/16 18:57:24 | 001,945,960 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2007/02/16 18:49:58 | 000,149,024 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2007/02/16 18:45:30 | 001,169,776 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2006/10/09 13:43:18 | 000,036,864 | ---- | M] (PFU Limited.) -- C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe ========== Modules (No Company Name) ========== MOD - [2012/04/11 03:52:57 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll MOD - [2012/04/11 03:49:38 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll MOD - [2012/04/11 03:49:13 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll MOD - [2012/02/16 04:42:04 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1a5853155c4e5ab3f91cd37da331e89b\System.Web.Services.ni.dll MOD - [2012/02/16 04:41:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll MOD - [2012/02/16 04:41:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll MOD - [2012/02/16 04:40:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll MOD - [2012/02/16 04:39:23 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll MOD - [2012/02/16 04:37:33 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MOD - [2011/10/13 03:44:27 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll MOD - [2011/10/13 03:40:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011/05/28 14:47:00 | 000,127,376 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll MOD - [2009/08/07 08:35:34 | 000,083,272 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Plugins.Chat.XmlSerializers.dll MOD - [2009/08/07 08:35:28 | 000,202,056 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.Common.XmlSerializers.dll MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/01/18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll MOD - [2008/07/31 13:05:18 | 000,799,992 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\Coversant.SoapBox.dll MOD - [2008/05/01 12:32:48 | 000,020,216 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.ProductMessages.XmlSerializers.dll MOD - [2008/01/02 11:34:40 | 000,201,976 | ---- | M] () -- C:\Program Files\a la mode\XSites Desktop\alamode.Common.HtmlEditor.dll MOD - [2007/11/16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll MOD - [2007/11/16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll MOD - [2007/02/27 19:34:32 | 000,167,936 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll MOD - [2007/02/14 19:21:32 | 000,050,720 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Common\gc.dll MOD - [2006/10/12 15:14:50 | 000,036,864 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuUpdater.dll MOD - [2006/05/10 16:18:06 | 000,010,240 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\SecurityManager.dll MOD - [2006/05/10 16:18:04 | 000,009,216 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PolicyCommon.dll MOD - [2005/07/22 22:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll MOD - [2005/07/08 11:36:40 | 000,094,208 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\f5bdkedr.dll MOD - [2005/01/19 18:48:00 | 000,028,672 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardPath.dll MOD - [2003/11/20 21:56:18 | 000,294,912 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\ssIplA6.dll MOD - [2003/11/20 21:56:16 | 000,020,480 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\ssIpl.dll MOD - [2003/03/26 18:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll MOD - [1996/12/19 13:24:26 | 000,068,608 | ---- | M] () -- C:\Program Files\PFU\ScanSnap\Driver\F5BDKAKU.DLL ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cpqvcagent.dll -- (win32sl) SRV - File not found [On_Demand | Stopped] -- -- (SupportSoft RemoteAssist) SRV - File not found [Auto | Stopped] -- C:\Windows\system32\usbnaw32.dll -- (NEC Usb3) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswmon2.dll -- (LKbdFlt2) SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tunmp.dll -- (AdfuUd) SRV - [2012/04/14 07:57:05 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/01/22 23:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService) SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/02/23 10:46:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010/09/17 12:14:44 | 003,735,552 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\LawnPro 4\DB\bin\fbserver.exe -- (FirebirdServerLP_SERVER) SRV - [2010/09/14 14:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/04/12 10:13:08 | 000,142,336 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2009/11/30 12:31:54 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV - [2009/05/27 11:38:22 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe) SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2008/01/20 21:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/28 17:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007/02/16 18:49:50 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\tosrfnds.sys -- (tosrfnds) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Robert\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012/04/16 19:51:16 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{636326A7-DB38-475B-90AE-A2E612FAC7B5}\MpKslac2d83c0.sys -- (MpKslac2d83c0) DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/09/22 18:52:02 | 000,035,392 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2010/12/15 14:38:22 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/05/12 12:02:52 | 000,020,792 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hppcbulkio.sys -- (HPFXBULKLEDM) DRV - [2010/04/21 11:42:33 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010/04/21 11:42:33 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010/04/21 10:39:10 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2010/03/26 20:07:28 | 000,319,488 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm) DRV - [2010/03/26 20:04:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr) DRV - [2009/11/30 12:31:46 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2009/07/02 04:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2009/04/10 23:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint) DRV - [2009/04/10 23:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2008/05/29 14:53:26 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser) DRV - [2008/01/31 16:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008/01/22 21:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2007/11/29 10:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007/10/18 15:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007/10/02 12:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/09/13 16:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007/09/04 12:50:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrbcxp.sys -- (CSRBC) DRV - [2006/10/10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B FE 14 E7 CA E5 CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=MSDTDF&PC=MSDTDF&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS479 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7Bae3ccaab-8262-4fc2-bae9-0bd81f66dc1e%7D&mid=d1b70f80a9ad47d0a0eed168c02ad089-bdb69c7da7a49c5f965b04c98b9472a05c666613&ds=ft011&v=10.2.0.3〈=en&pr=sa&d=2012-03-26%2017%3A54%3A17" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Bae3ccaab-8262-4fc2-bae9-0bd81f66dc1e%7D&mid=d1b70f80a9ad47d0a0eed168c02ad089-bdb69c7da7a49c5f965b04c98b9472a05c666613&ds=ft011&v=10.2.0.3〈=en&pr=sa&d=2012-03-26%2017%3A54%3A17&sap=ku&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 04:02:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/13 22:06:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/13 22:06:15 | 000,000,000 | ---D | M] [2011/02/23 11:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions [2011/02/23 11:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2012/04/14 00:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\4lpq7uts.default\extensions [2011/11/30 00:03:21 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\4lpq7uts.default\extensions\video.downloader.plugin@ffpimp.com [2011/06/30 09:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/06/30 09:06:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3 () (No name found) -- C:\USERS\ROBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4LPQ7UTS.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI [2010/04/19 22:05:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/05/08 21:55:51 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/03/26 17:54:03 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin Hosts file not found O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [belkin Storage Manager] C:\Program Files\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.) O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [HP CP1020 System Tray] C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE (HP) O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC) O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit) O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.) O4 - HKCU..\Run: [efdecdfabdct] C:\ProgramData\efdecdfabdct.exe () O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.) O4 - Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Jawbone Updater.lnk = C:\Program Files\Jawbone\LaunchJU.exe () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites) O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} http://192.168.1.8/DvrOcx.cab (Dvr Net 8116) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} http://mls.realist.com/mapviewer/mapviewer.cab (First American Res MapActiveX Control) O16 - DPF: Deployer http://www.pcthreat.com/autoinstall/shsafeinstall.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4F169C5-6DF3-4600-BAB0-847F94640663}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAA2E432-F230-4143-8F42-76797F14BA7B}: DhcpNameServer = 192.168.0.1 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAA8CA2-9E96-446C-852C-4661BE995C16}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - File not found O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Humpback Whale.jpg O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{855720ca-4c15-11df-92d4-002170947ee7}\Shell\AutoRun\command - "" = G:\.\MigWiz\migsetup.exe O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/16 23:13:49 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2012/04/16 22:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis [2012/04/16 22:51:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0DEF6C79-0753-4E63-B790-6F096AB98DDA} [2012/04/16 22:32:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\dds.com [2012/04/16 22:27:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{A498F32A-825E-4B1D-82E5-5B161F846C7D} [2012/04/16 22:07:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\dds.scr [2012/04/16 20:04:39 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/04/16 18:09:36 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Avira [2012/04/16 18:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/04/16 18:03:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012/04/16 18:03:45 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012/04/16 18:03:45 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012/04/16 18:03:45 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012/04/16 18:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/04/16 18:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/04/16 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B5A1E10B-C1B6-473E-9FA2-CD5C6E88E878} [2012/04/16 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Antivirus [2012/04/16 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E2C8AAE2-DEB4-43C3-9031-886A6755D289} [2012/04/15 22:46:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1A4E286C-9811-4EE2-8A1B-5B4DE198F9D1} [2012/04/15 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{CE27A109-5394-43B3-9B85-0BA0345BE70A} [2012/04/15 18:03:24 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\serial.svs [2012/04/15 17:43:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B3F0A5A0-CF22-406F-96DB-EE148860AEFF} [2012/04/15 12:44:04 | 004,463,836 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe [2012/04/15 12:44:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0750ABBB-0E08-4278-BDA2-206551F9B408} [2012/04/15 12:43:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C9EA0DF6-8BD1-47CE-8F96-0BD7CF14E99D} [2012/04/15 12:27:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4093033A-5D36-4DEB-AA82-315123E1F20E} [2012/04/15 12:27:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{49B82476-7ADF-493B-B965-06FECF2AC0D4} [2012/04/15 09:22:07 | 000,000,000 | --SD | C] -- C:\getout [2012/04/15 07:14:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BD236103-EB9D-4C85-BF22-06A3219F9CA4} [2012/04/15 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{678B5675-C3BD-4783-AC50-A38C381E6236} [2012/04/14 22:53:39 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2012/04/14 22:09:21 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1D289BA3-E903-490A-87C5-00B02BD4B483} [2012/04/14 22:08:58 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{ED030C09-4337-4931-9490-543E0503CCFE} [2012/04/14 22:05:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\SeaPort [2012/04/14 19:07:11 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.svs [2012/04/14 18:48:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/04/14 18:48:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/04/14 18:48:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/04/14 18:47:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/04/14 18:45:12 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/14 18:43:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2F1C4554-A367-4F36-BF18-99FF78005C3F} [2012/04/14 10:03:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{F33B727C-3DE5-4666-A5E0-70DAD935083F} [2012/04/14 10:03:23 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{A7643C29-E0F7-44DB-A3BE-6050F67F014A} [2012/04/14 00:39:03 | 004,139,680 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012/04/13 23:51:00 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll [2012/04/13 20:57:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{F0B2D4C6-C0C6-4728-80CD-108896850BF4} [2012/04/13 20:57:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{82FFC4F4-69BA-4B26-9097-7FCFD6FAEB53} [2012/04/13 15:05:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{6FDCD460-6566-4662-94CC-A31B75F8B3CB} [2012/04/13 15:04:52 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E64B9791-078C-469F-9578-A4B211482159} [2012/04/13 08:37:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{33AABF68-4ADE-4532-A8B4-43276D1F5E50} [2012/04/13 08:37:14 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{864B5948-B739-4DF2-A4F2-2D508377FEAC} [2012/04/13 08:14:25 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{547A7BF8-D409-4B71-AB7F-AEEC38B371C9} [2012/04/13 08:14:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{86BBD0B2-24FE-4598-B5A6-CBD2BF7C0211} [2012/04/11 20:31:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C99D920B-64D7-40E2-84EB-9CA79DC27F6C} [2012/04/11 20:31:12 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{70BBC313-3AF4-41E6-A3E0-77EBFDCA5A34} [2012/04/11 16:25:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{F9EFDAB2-F0F3-490F-9830-4C30209CC611} [2012/04/11 16:25:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C5949DB3-04E1-4BB8-9BD0-2B1B3D43847E} [2012/04/11 03:47:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4CA318F1-D88C-43F5-AC73-7553CD821FA8} [2012/04/11 03:46:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{738319E0-AEBB-44DE-B956-E7BBBC5D2B67} [2012/04/11 03:20:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/04/11 03:20:39 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/04/11 03:20:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/04/11 03:20:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/04/11 03:20:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/04/11 03:20:35 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/04/11 03:17:43 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/04/11 03:17:43 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/04/05 21:28:01 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DED38320-0E33-488E-936D-D9EB11F86B15} [2012/04/05 09:28:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DD71A792-E694-426D-97C9-F8F765B61294} [2012/04/05 09:28:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{014A4232-26AB-43B3-8EF2-526DFC98A535} [2012/04/04 21:28:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{98ACB5A9-E4DC-4C41-9F53-82894BD07966} [2012/04/04 21:28:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5A7AE06F-A769-48BE-A502-EF65F8715EB3} [2012/04/04 09:22:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{CA3559EF-C32E-485E-A559-3A72BA7A6682} [2012/04/04 09:22:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5C845FE2-D965-4F27-A636-7171B0E360D1} [2012/04/03 21:23:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{182FB11C-B404-4668-9384-06D9D8E9DB89} [2012/04/03 21:22:47 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{3F65D6AA-1E2C-41F5-B3F2-7295974F004E} [2012/04/03 09:23:06 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5ABD861F-5A34-4B30-B8FC-FF39BDC6D262} [2012/04/03 09:22:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{62C79D40-9430-46B9-8092-F8D8C50DD2B5} [2012/04/02 21:03:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BFB325D0-C3B9-4E70-A390-08DDAE5E1F52} [2012/04/02 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5254AE26-0062-4A81-8F25-6263DA77BBC4} [2012/04/02 09:02:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0EC009E3-72B5-4963-881C-E868DA71741E} [2012/04/01 16:42:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E29F4516-D5D8-4284-8F3C-280D87494B83} [2012/04/01 03:50:48 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{C166DCBD-078D-4442-8AAF-71D55C676EEA} [2012/03/31 09:10:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{72AB3A60-51D6-4BB8-9106-0831917FC467} [2012/03/30 18:18:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{478F5824-5DEB-4B32-9E5A-9DFF7FE4D1D0} [2012/03/30 09:04:51 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/03/30 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{FF4184CF-F27B-4719-98FB-8A7E44E4C31C} [2012/03/29 15:14:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{161F610D-BC37-4B45-B267-6BFB08D1AEF8} [2012/03/29 00:55:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{BD67DDE2-0095-4B5E-85E3-603A2249FBD1} [2012/03/28 09:32:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4FF25BA1-40F0-40FB-8322-5C11DF513A56} [2012/03/28 09:31:50 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{DD6ECEDD-A0D4-4EB4-80D2-DD0326E55909} [2012/03/27 21:31:31 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{59C4C59F-1040-47D2-93D9-50ED95AC1A46} [2012/03/27 21:31:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0BE62A2D-7FBF-41EF-A30C-B4076525439B} [2012/03/27 08:59:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2B0ADF2B-4970-4B02-9F01-5AE76106E6F9} [2012/03/27 08:58:50 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{FE08E746-ACE6-4BE6-B0BC-CAE99770D685} [2012/03/26 19:56:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{6B6B45A2-8E11-4CFD-A3BB-E028261B3C34} [2012/03/26 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{9FC3A0D2-DF63-4DB6-B558-2E4130A9A93A} [2012/03/26 07:56:15 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{90560244-FA91-4E53-A66B-D173BCBB68F6} [2012/03/26 07:56:03 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{44653173-1A2A-498B-AFE1-AE262F50701D} [2012/03/25 13:11:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{747CBDC4-08E7-4ED3-B8D3-479244749560} [2012/03/25 13:11:40 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{86799035-3E6C-4642-A799-CD81A4882652} [2012/03/24 23:50:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{998F5DFF-9A6E-4ABC-A88E-FCC904CE14ED} [2012/03/24 11:15:48 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E704F99A-30A3-4207-BC2D-3CF2F65C251C} [2012/03/23 23:07:12 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{5F93912F-DB13-4D8A-A661-614DEEDFEC70} [2012/03/23 23:07:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{4C3C9BBE-2653-42EE-B3DC-2779E2BEF8B5} [2012/03/23 11:06:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{6B518A2C-6AC6-44C1-A19E-78270C139071} [2012/03/23 11:06:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0513FAF5-DEFE-45C8-A941-BFBFC08A07C8} [2012/03/22 22:55:31 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{A40C5A68-A18F-4ADB-8A6A-4E8F332F6AE0} [2012/03/22 08:01:51 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{2106C68D-FA23-4BC5-AC5B-3C8B4AA4F385} [2012/03/22 08:01:39 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0E5B2DA1-1135-419C-98E2-FCEED7873465} [2012/03/21 14:55:29 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{002438D7-E05A-4B2C-8DA5-0DC409FC7CFE} [2012/03/21 01:09:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{0CCBAE81-0069-43A4-9930-2FBCDA1A63A5} [2012/03/21 01:09:22 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{7823470A-3378-4EFD-8179-809E1C7E741B} [2012/03/20 13:09:30 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{904E92F8-5B61-4D44-9744-E658E543F59E} [2012/03/19 23:06:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{74BD53DD-9B41-43CE-9E4E-A5D818C6D1E7} [2012/03/19 23:06:10 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{1111FCE7-27C8-40C7-9F19-A4AB0ECC5641} [2012/03/19 10:26:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{87062CE8-2F47-4500-94FC-81BE4F658555} [2012/03/19 10:26:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B39D738A-4920-4ACC-9831-4397D905AB45} [2012/03/18 22:18:31 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{B8F813CB-0D23-42A3-BBD5-6148DE6F8402} [2012/03/18 22:18:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{E3B7F07E-BF74-46E1-A4FB-46C28B9D52B2} [2012/03/18 10:18:04 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{98D8EB57-D382-4379-AD51-7F29174B3AA9} [2012/03/18 10:17:38 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\{7A3A7FEF-4080-4B22-B1B1-C5197034DABA} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Robert\Documents\*.tmp files -> C:\Users\Robert\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/16 23:13:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2012/04/16 23:08:02 | 000,654,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/16 23:08:02 | 000,124,998 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/16 22:48:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/16 22:48:15 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/16 22:48:15 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/16 22:48:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/16 22:48:01 | 3745,492,992 | -HS- | M] () -- C:\hiberfil.sys [2012/04/16 22:39:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/16 22:35:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/16 22:32:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\dds.com [2012/04/16 22:07:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\dds.scr [2012/04/16 18:04:14 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/04/16 17:56:45 | 001,244,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/04/16 13:56:30 | 000,000,000 | ---- | M] () -- C:\ProgramData\efdecdfabdct.exe [2012/04/16 10:07:31 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2012/04/15 22:50:40 | 301,624,611 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/04/15 17:43:30 | 000,002,391 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/04/15 12:08:10 | 004,463,836 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\ComboFix.exe [2012/04/14 18:40:28 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd [2012/04/14 16:28:00 | 000,903,928 | ---- | M] () -- C:\Users\Robert\Desktop\Executed Contract for 6102 Power.pdf [2012/04/14 16:27:10 | 000,039,943 | ---- | M] () -- C:\Users\Robert\Desktop\Martin Pina IRS Docs.pdf [2012/04/14 10:04:28 | 000,000,197 | ---- | M] () -- C:\Windows\System32\itlsvc.dat [2012/04/14 10:04:27 | 000,115,686 | ---- | M] () -- C:\Windows\System32\itldvupd.dat [2012/04/14 07:57:05 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/04/14 07:57:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/04/14 07:56:59 | 004,139,680 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012/04/14 00:10:00 | 000,248,579 | ---- | M] () -- C:\Users\Robert\Desktop\Revised Contract for 6102 Power.pdf [2012/04/13 13:17:45 | 000,001,356 | ---- | M] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat [2012/04/13 09:02:51 | 000,001,876 | ---- | M] () -- C:\Users\Robert\Desktop\The Print Shop 23.lnk [2012/04/13 09:00:36 | 000,033,792 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/13 08:52:38 | 000,000,215 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\RFC.url [2012/04/13 08:51:03 | 000,000,104 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk [2012/04/12 19:09:32 | 002,470,912 | ---- | M] () -- C:\Users\Robert\Documents\1514 Shadow Crest Dr - Just Reduced Flyer.pub [2012/04/11 08:53:41 | 000,000,898 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk [2012/04/10 23:48:59 | 000,402,478 | ---- | M] () -- C:\Users\Robert\Desktop\ONEprop+Application+Packet+2011+Dallas.pdf [2012/04/06 16:04:24 | 000,377,856 | ---- | M] () -- C:\Users\Robert\Documents\Luis Realtor Full Bleed Dallas Skyline.biz [2012/04/06 13:00:32 | 000,307,712 | ---- | M] () -- C:\Users\Robert\Documents\Robert Realtor Full Bleed Broker Mod1.biz [2012/04/05 18:39:52 | 000,000,443 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Tempo Login.website [2012/04/05 14:14:57 | 000,060,304 | ---- | M] () -- C:\Users\Robert\g2mdlhlpx.exe [2012/04/05 01:33:24 | 004,006,051 | ---- | M] () -- C:\Users\Robert\Desktop\Personal_Portfolio1.zip [2012/04/02 16:56:27 | 000,319,488 | ---- | M] () -- C:\Users\Robert\Documents\Luis Realtor Full Bleed 3.biz [2012/03/27 16:39:48 | 000,044,004 | ---- | M] () -- C:\Users\Robert\Desktop\Redi Carpet Invoice 02-672247.pdf [2012/03/26 17:26:04 | 000,198,970 | ---- | M] () -- C:\Users\Robert\Desktop\1517 Audrey Drive Termite Inspection.pdf [2012/03/21 22:19:15 | 000,239,312 | ---- | M] () -- C:\Users\Robert\Desktop\Shadowcrest CMA.pdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Users\Robert\Documents\*.tmp files -> C:\Users\Robert\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/16 18:04:14 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/04/16 10:02:55 | 3745,492,992 | -HS- | C] () -- C:\hiberfil.sys [2012/04/14 18:48:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/04/14 18:48:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/04/14 18:48:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/04/14 18:48:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/04/14 18:48:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/04/14 16:31:33 | 000,039,943 | ---- | C] () -- C:\Users\Robert\Desktop\Martin Pina IRS Docs.pdf [2012/04/14 16:28:00 | 000,903,928 | ---- | C] () -- C:\Users\Robert\Desktop\Executed Contract for 6102 Power.pdf [2012/04/14 10:04:28 | 000,000,197 | ---- | C] () -- C:\Windows\System32\itlsvc.dat [2012/04/14 10:04:27 | 000,115,686 | ---- | C] () -- C:\Windows\System32\itldvupd.dat [2012/04/14 09:25:53 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd [2012/04/14 09:25:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\efdecdfabdct.exe [2012/04/14 00:10:00 | 000,248,579 | ---- | C] () -- C:\Users\Robert\Desktop\Revised Contract for 6102 Power.pdf [2012/04/13 23:33:17 | 000,002,197 | ---- | C] () -- C:\Users\Public\Desktop\Corel Paint Shop Pro Photo XI.lnk [2012/04/13 23:33:17 | 000,002,138 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk [2012/04/13 23:33:17 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\XSites Desktop.lnk [2012/04/13 23:33:17 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk [2012/04/13 23:33:17 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\zipForm® 6.lnk [2012/04/13 23:33:17 | 000,000,938 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2012/04/13 23:33:17 | 000,000,898 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk [2012/04/13 23:33:17 | 000,000,830 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/04/13 23:33:17 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2012/04/13 23:33:17 | 000,000,712 | ---- | C] () -- C:\Users\Public\Desktop\Rhapsody.lnk [2012/04/13 23:33:17 | 000,000,443 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Tempo Login.website [2012/04/13 23:33:17 | 000,000,258 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012/04/13 23:33:17 | 000,000,240 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2012/04/13 23:33:17 | 000,000,215 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\RFC.url [2012/04/13 23:33:17 | 000,000,200 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\LEAN CUISINE Keep Life Delicious.url [2012/04/13 23:33:16 | 000,001,915 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/04/13 23:33:16 | 000,000,104 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk [2012/04/13 09:02:51 | 000,001,876 | ---- | C] () -- C:\Users\Robert\Desktop\The Print Shop 23.lnk [2012/04/12 19:09:32 | 002,470,912 | ---- | C] () -- C:\Users\Robert\Documents\1514 Shadow Crest Dr - Just Reduced Flyer.pub [2012/04/10 23:48:59 | 000,402,478 | ---- | C] () -- C:\Users\Robert\Desktop\ONEprop+Application+Packet+2011+Dallas.pdf [2012/04/05 19:38:23 | 001,469,771 | ---- | C] () -- C:\Users\Robert\Desktop\Mr. Lee's Backdoor.JPG [2012/04/05 01:33:24 | 004,006,051 | ---- | C] () -- C:\Users\Robert\Desktop\Personal_Portfolio1.zip [2012/04/02 17:00:34 | 000,377,856 | ---- | C] () -- C:\Users\Robert\Documents\Luis Realtor Full Bleed Dallas Skyline.biz [2012/03/30 09:04:55 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/27 16:40:49 | 000,044,004 | ---- | C] () -- C:\Users\Robert\Desktop\Redi Carpet Invoice 02-672247.pdf [2012/03/26 17:27:02 | 000,198,970 | ---- | C] () -- C:\Users\Robert\Desktop\1517 Audrey Drive Termite Inspection.pdf [2012/03/21 22:20:05 | 000,239,312 | ---- | C] () -- C:\Users\Robert\Desktop\Shadowcrest CMA.pdf [2011/08/07 21:40:28 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011/08/07 21:40:28 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys [2011/07/21 11:26:33 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\{779A1892-AB9D-4950-A6BB-DB10D4709463} [2011/04/03 11:59:17 | 000,001,356 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat [2011/01/25 16:53:16 | 000,029,696 | ---- | C] () -- C:\Windows\System32\DvrOcxCHS.dll [2011/01/10 19:05:36 | 000,942,165 | ---- | C] () -- C:\Windows\System32\RM_DVRNET_DLL.dll [2010/12/23 15:42:56 | 000,021,504 | ---- | C] () -- C:\Windows\System32\DvrOcxTRK.dll [2010/12/23 15:42:48 | 000,021,504 | ---- | C] () -- C:\Windows\System32\DvrOcxTRK(KNOWLEDGE).dll [2010/09/19 09:30:18 | 000,020,480 | ---- | C] () -- C:\Windows\System32\DvrOcxESP.dll [2010/09/19 09:29:58 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxFRA.dll [2010/09/19 09:29:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\DvrOcxRUS.dll [2010/09/19 09:29:46 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DvrOcxPTB.dll [2010/09/19 09:29:46 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxPTG.dll [2010/09/19 09:29:42 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxDEU.dll [2010/09/19 09:29:42 | 000,014,848 | ---- | C] () -- C:\Windows\System32\DvrOcxCHT.dll [2010/09/19 09:29:34 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxPLK.dll [2010/09/19 09:29:30 | 000,020,480 | ---- | C] () -- C:\Windows\System32\DvrOcxITA.dll [2010/05/15 14:51:58 | 000,045,056 | ---- | C] () -- C:\Windows\System32\CNARSMNT.DLL [2010/05/12 12:02:52 | 000,126,264 | ---- | C] () -- C:\Windows\System32\HPCP1020LM.dll [2010/04/26 23:58:16 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll [2010/04/21 00:25:05 | 000,087,808 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2010/04/20 14:21:45 | 000,033,792 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/20 11:59:42 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini [2010/04/20 10:45:38 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2010/04/20 00:18:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/04/19 21:41:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010/04/19 21:41:13 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010/04/19 21:40:37 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010/04/19 20:58:37 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010/04/19 20:52:50 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2010/04/19 20:52:50 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2010/04/19 20:52:50 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2010/04/19 20:52:50 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2010/04/19 20:20:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010/04/19 19:30:13 | 000,002,391 | ---- | C] () -- C:\Windows\bthservsdp.dat < End of report > -
ZeroAccess has my pc up against the wall
ralvarezjr1 replied to ralvarezjr1's topic in Resolved Malware Removal Logs
Logfile of HijackThis v1.99.1 Scan saved at 11:04:43 PM, on 4/16/2012 Platform: Unknown Windows (WinNT 6.00.1906 SP2) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files\Napster\napster.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Belkin Storage Manager\StorageManager.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe C:\Program Files\eFax Messenger 4.4\J2GTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Robert\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [belkin Storage Manager] "C:\Program Files\Belkin Storage Manager\StorageManager.exe" O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [HP CP1020 System Tray] "C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [efdecdfabdct] "C:\ProgramData\efdecdfabdct.exe" O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe O4 - Startup: Launch Jawbone Updater.lnk = C:\Program Files\Jawbone\LaunchJU.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: CardMinder Viewer.lnk = ? O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ? O4 - Global Startup: Event Reminder.lnk = C:\Program Files\The Print Shop 23\Remind.exe O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: ScanSnap Manager.lnk = ? O4 - Global Startup: XSites Desktop.lnk = C:\Program Files\a la mode\XSites Desktop\alamode.XSitesDesktop.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O16 - DPF: Deployer - http://www.pcthreat.com/autoinstall/shsafeinstall.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} (Dvr Net 8116) - http://192.168.1.8/DvrOcx.cab O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://mls.realist.com/mapviewer/mapviewer.cab O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Firebird Server - LP_SERVER (FirebirdServerLP_SERVER) - Unknown owner - C:\Program Files\LawnPro 4\DB\bin\fbserver.exe" -s LP_SERVER (file missing) O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) -
ZeroAccess has my pc up against the wall
ralvarezjr1 posted a topic in Resolved Malware Removal Logs
I ran DDS but it just runs and runs... I've been fighting it since Friday! I have attached logs from OTL, High Jack This, and a few other tools that I have run. Combofix is the only program that reports that I have ZeroAccess and that it has infected the TCP/IP stack, but iCombofix just runs but never runs any steps. I appreciate the help! Robert AntiZeroAccess_Log.txt AntiZeroAccess_Log.txt dberr.txt Extras.Txt hijackthis.log OTL.Txt SCHEDLGU.TXT