Jump to content

Jeffce... Deleted svchost thread


Recommended Posts

I was working with jeffce, and my thread was deleted.

The last step I did was drag a txt file into ComboFix. After doing this, my computer is running great, except I am still gett the message that windows is finding a hard disk problem. Under details it specifies the drive, and I will provide that info next time it pops up.

For now, here is the latest log from combofix:

ComboFix 12-10-31.03 - Laptop 11/01/2012 17:33:00.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4058.1936 [GMT -6:00]

Running from: c:\users\Laptop\Desktop\ComboFix.exe

Command switches used :: c:\users\Laptop\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))

.

.

2012-11-01 23:45 . 2012-11-01 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-01 17:38 . 2012-11-01 17:38 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBB833E7-688F-4714-AE2C-E3A84816ED7F}\offreg.dll

2012-11-01 05:11 . 2012-11-01 05:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-31 17:48 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBB833E7-688F-4714-AE2C-E3A84816ED7F}\mpengine.dll

2012-10-29 19:27 . 2012-10-29 19:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-29 19:27 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-25 22:27 . 2012-10-25 22:28 -------- d-----w- c:\programdata\Zemana AntiMalware

2012-10-25 01:23 . 2012-10-25 01:23 -------- d-----w- c:\users\Laptop\AppData\Local\DoNotTrackPlus

2012-10-25 01:02 . 2012-10-25 01:02 -------- d-----w- c:\users\Laptop\AppData\Local\APN

2012-10-25 01:00 . 2012-10-25 22:57 -------- d-----w- c:\programdata\Avira

2012-10-24 17:56 . 2012-10-24 17:56 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation

2012-10-24 00:52 . 2012-10-24 00:52 -------- d-----w- c:\programdata\CanonIJ

2012-10-24 00:25 . 2012-10-24 00:25 -------- d--h--w- c:\programdata\CanonEPP

2012-10-24 00:25 . 2012-10-24 00:30 -------- d-----w- c:\users\Laptop\AppData\Roaming\Canon

2012-10-23 23:24 . 2012-10-23 23:24 -------- d-----w- c:\programdata\Canon IJ Network Tool

2012-10-23 23:24 . 2011-10-14 17:57 102912 ----a-w- c:\windows\SysWow64\CNC_B1U.dll

2012-10-23 23:24 . 2011-09-22 14:57 316416 ----a-w- c:\windows\SysWow64\CNC_B1L.dll

2012-10-23 23:24 . 2008-08-26 00:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll

2012-10-23 23:21 . 2012-10-23 23:21 -------- d-----w- c:\program files\Common Files\CANON

2012-10-23 23:19 . 2012-10-23 23:19 -------- d-----w- c:\program files\Canon

2012-10-23 23:18 . 2012-10-23 23:18 -------- d--h--w- c:\programdata\CanonBJ

2012-10-23 23:18 . 2011-11-03 11:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPB1.DLL

2012-10-23 23:18 . 2011-11-03 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDB1.DLL

2012-10-23 23:18 . 2012-10-23 23:18 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-10-23 23:18 . 2011-11-03 11:00 385024 ----a-w- c:\windows\system32\CNMLMB1.DLL

2012-10-23 23:18 . 2011-09-21 11:00 302592 ----a-w- c:\windows\system32\CNCALB1.DLL

2012-10-23 23:17 . 2011-09-29 09:23 256000 ----a-w- c:\windows\system32\CNMIUB1.DLL

2012-10-23 23:17 . 2012-10-23 23:17 -------- d-----w- c:\windows\system32\STRING

2012-10-23 23:17 . 2011-08-16 08:30 39424 ----a-w- c:\windows\system32\CNMN6UI.DLL

2012-10-23 23:17 . 2011-08-16 08:30 356864 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2012-10-23 23:05 . 2012-10-24 00:25 -------- d-----w- c:\program files (x86)\Canon

2012-10-10 22:00 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 22:00 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-10 22:00 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 22:00 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-10 22:00 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 22:00 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 22:00 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 22:00 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 22:00 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 22:00 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-06 22:07 . 2012-10-06 22:07 -------- d-----w- c:\users\Laptop\AppData\Roaming\Malwarebytes

2012-10-06 22:07 . 2012-10-06 22:07 -------- d-----w- c:\programdata\Malwarebytes

2012-10-06 00:59 . 2012-10-06 00:59 -------- d-----w- c:\program files\Google

2012-10-06 00:59 . 2012-10-06 01:44 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-06 00:59 . 2012-10-06 00:59 -------- d-----w- c:\windows\system32\Macromed

2012-10-05 22:23 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\program files\iPod

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\program files\iTunes

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\program files (x86)\iTunes

2012-10-04 19:34 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 09:04 . 2011-03-09 16:15 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-06 01:44 . 2011-06-19 01:16 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-22 18:12 . 2012-09-13 23:52 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-13 23:52 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-13 23:50 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-13 23:52 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 19:01 . 2011-03-19 06:22 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 19:01 . 2011-03-19 06:22 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 17:38 . 2012-10-10 22:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-09 16:38 . 2012-08-09 16:38 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-06 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Citi Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2009-07-10 372736]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-07-07 273544]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-14 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 136176]

R3 94600793;94600793; [x]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-10 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-09 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 20:50]

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 20:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-15 10918504]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\uwcdrsmu.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-1ClickDownloader - c:\program files (x86)\1ClickDownload\uninstall.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-01 17:49:46

ComboFix-quarantined-files.txt 2012-11-01 23:49

ComboFix2.txt 2012-11-01 17:52

.

Pre-Run: 186,383,835,136 bytes free

Post-Run: 186,110,853,120 bytes free

.

- - End Of File - - 7314C023A99D4A3A645A09B4086703F5

Link to post
Share on other sites

Under details it specifies the drive, and I will provide that info next time it pops up.
Please do that.

Please run a new scan with DDS and post both of the logs that are created so we can have a reference point here again. :)

Link to post
Share on other sites

OK, so almost immediately after posting this, my computer attempted to autoupdate. I know we arent supposed to download or install anything, spo I tried to shut it down real quick. Upon reboot, I have been hit with tons of warnings. First, it came to a black screem prompting me to run something to check the C drive for consistency. I declined, since I wasnt sure if I should. Now, the normal hard disk message mention earlier is shown, which specifies "Disk name: SAMSUNG HM321HI Volume: C:\".

I also got a message titled "ubd.exe - Corrupt Disk" The text reads, "The file system structure on the disk is coorupt and unusable. Please run Chkdsk utility on the volume C:. Also, the Dell DataSafe Local Backup pop up keeps appearing even if I select "do not remind me". I also get another message stating "The Dell Docks language file, which is necessary for this operation, has failed to load. Please check Dell Dock installation."

I tried to run DDS, but I got another meeage to check that my tempory file folder is valid because it was unable to produce a temporary file. I have not seen any of thosemessages prior to trying to stop the update, so I think doing that screwed something up :(

Link to post
Share on other sites

I also got an intel popup in the system tray, so I clicked on it. I tried to save a screen shot of what it says to my desktop, but it comes with an error reading "The disk structure is corrupt and unreadable".

The Intel box has a heading "Manage Disk" and has:

Port: 0 (Activate Port LED)

Port Location: Internal

Status: At risk (reset disk to normal)

Usage: Unknown

Size: 305,245 MB

Serial Number

Model: Samsung HM321HI

Firmware: 2AJ10003

Link to post
Share on other sites

Hi,

Ok....we need to check your hard drive. I hope I am wrong but your hard drive may be failing. I would recommend at this time you back up all of your pictures, music, videos or any other personal files you want to keep. We don't want your hard drive to crash and lose everything. You can put all of these on CD/DVD or a high capacity flash drive.

Let me now when you get this finished.

Link to post
Share on other sites

First open an elevated command prompt > Click Start and type cmd in Start Search.

When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste >> Press Enter


chkdsk /r

Accept any prompts that may occur.

When your system is finished please run a new scan with DDS and post both of the new logs created. :)

Link to post
Share on other sites

So doing that brought it back to where it was before it attempted to update. Still getting the hard disk message from windows for the same drive, but was able to run DDS. Logs:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25

Run by Laptop at 21:21:38 on 2012-11-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4058.2785 [GMT -6:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DFDWiz.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Windows\SysWOW64\OBroker.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\splwow64.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532} : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\0514E4542514 : DhcpNameServer = 205.139.50.143 63.209.206.118 4.2.2.2

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\14D616E6475602E4F6274786 : DhcpNameServer = 10.1.10.1

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\2375942554138323 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\6457E6E6973456461627D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\743424 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\754564 : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\C696E6B6379737F5355435F56313639303 : DhcpNameServer = 192.168.0.1 38.8.82.2

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\E403F46353 : DhcpNameServer = 192.168.1.1 184.16.4.22

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll

BHO-X64: Virtual Account Numbers Helper - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun-x64: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\uwcdrsmu.default\

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-16 98208]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-16 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-29 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-29 676936]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-16 705856]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-7 136176]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-7 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-29 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-04 00:55:54 -------- d-sh--w- C:\found.000

2012-11-02 19:28:28 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5FE108AD-2F45-47B8-A3CF-E992C49AD3F5}\mpengine.dll

2012-11-02 17:05:06 -------- d-----w- C:\Users\Laptop\AppData\Local\{6CF55B8A-930B-441F-AB42-7F3A91EB56B8}

2012-11-01 23:52:13 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-01 23:15:08 -------- d-----w- C:\Users\Laptop\AppData\Local\{E96C7A6E-28D8-4004-9C59-3D866C45B102}

2012-11-01 17:30:18 98816 ----a-w- C:\Windows\sed.exe

2012-11-01 17:30:18 518144 ----a-w- C:\Windows\SWREG.exe

2012-11-01 17:30:18 256000 ----a-w- C:\Windows\PEV.exe

2012-11-01 17:30:18 208896 ----a-w- C:\Windows\MBR.exe

2012-11-01 05:11:10 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-29 19:27:18 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-10-29 19:27:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-25 22:27:34 -------- d-----w- C:\ProgramData\Zemana AntiMalware

2012-10-25 01:23:20 -------- d-----w- C:\Users\Laptop\AppData\Local\DoNotTrackPlus

2012-10-25 01:02:02 -------- d-----w- C:\Users\Laptop\AppData\Local\APN

2012-10-25 01:00:08 -------- d-----w- C:\ProgramData\Avira

2012-10-24 23:39:31 -------- d-----w- C:\Users\Laptop\AppData\Local\{7CEC4C8F-77AF-4268-8BBE-97D5ED63EEE7}

2012-10-24 17:56:30 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2012-10-24 00:52:02 -------- d-----w- C:\ProgramData\CanonIJ

2012-10-24 00:30:03 -------- d--h--w- C:\ProgramData\CanonIJScan

2012-10-24 00:28:53 -------- d--h--w- C:\ProgramData\CanonIJEGV

2012-10-24 00:25:58 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX

2012-10-24 00:25:56 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2

2012-10-24 00:25:56 -------- d--h--w- C:\ProgramData\CanonEPP

2012-10-24 00:25:55 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter

2012-10-23 23:24:54 -------- d-----w- C:\ProgramData\Canon IJ Network Tool

2012-10-23 23:24:42 316416 ----a-w- C:\Windows\SysWow64\CNC_B1L.dll

2012-10-23 23:24:42 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll

2012-10-23 23:24:42 102912 ----a-w- C:\Windows\SysWow64\CNC_B1U.dll

2012-10-23 23:24:38 -------- d--h--w- C:\ProgramData\CanonIJFAX

2012-10-23 23:21:53 -------- d-----w- C:\Program Files\Common Files\CANON

2012-10-23 23:21:41 -------- d-----w- C:\ProgramData\CanonIJWSpt

2012-10-23 23:19:18 -------- d-----w- C:\Program Files\Canon

2012-10-23 23:18:11 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPB1.DLL

2012-10-23 23:18:11 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDB1.DLL

2012-10-23 23:18:01 385024 ----a-w- C:\Windows\System32\CNMLMB1.DLL

2012-10-23 23:18:00 302592 ----a-w- C:\Windows\System32\CNCALB1.DLL

2012-10-23 23:17:56 256000 ----a-w- C:\Windows\System32\CNMIUB1.DLL

2012-10-23 23:17:41 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL

2012-10-23 23:17:41 356864 ----a-w- C:\Windows\System32\CNMN6PPM.DLL

2012-10-23 23:17:41 -------- d-----w- C:\Windows\System32\STRING

2012-10-23 23:13:00 -------- d-----w- C:\ProgramData\CanonIJPLM

2012-10-23 23:05:36 -------- d--h--w- C:\ProgramData\CanonIJETV

2012-10-23 23:05:01 -------- d-----w- C:\Program Files (x86)\Canon

2012-10-22 19:35:35 -------- d-----w- C:\Users\Laptop\AppData\Local\{C186BED8-196B-4DD0-903C-23AD24C7879C}

2012-10-21 05:45:43 -------- d-----w- C:\Users\Laptop\AppData\Local\{63A3E130-7D90-4050-BD6C-C84976F51CDE}

2012-10-20 00:05:38 -------- d-----w- C:\Users\Laptop\AppData\Local\{4B9E8965-32F1-4FDE-A4C5-35975831CA0A}

2012-10-19 21:47:44 -------- d-----w- C:\Users\Laptop\AppData\Local\{4AFCBFC3-9363-4E21-B75E-7D523E55464E}

2012-10-18 23:03:15 -------- d-----w- C:\Users\Laptop\AppData\Local\{926409AF-C583-47B0-8874-3A4F7E5B9F56}

2012-10-16 18:25:01 -------- d-----w- C:\Users\Laptop\AppData\Local\{BF8E8AA9-0F35-48D0-AEA8-FE76504841A9}

2012-10-15 19:53:41 -------- d-----w- C:\Users\Laptop\AppData\Local\{57B41125-B073-4B21-857C-4219FF980513}

2012-10-14 09:15:57 -------- d-----w- C:\Users\Laptop\AppData\Local\{FA02BFDA-FFA1-4FA7-B1D1-93751E937D99}

2012-10-12 02:48:46 -------- d-----w- C:\Users\Laptop\AppData\Local\{390F1592-71BC-4A19-B29B-6308258E7274}

2012-10-10 22:00:48 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-10-10 22:00:45 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-10-10 22:00:44 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-10-10 22:00:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-10-10 22:00:25 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-10-10 22:00:21 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-10 22:00:21 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-10 22:00:12 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-10 22:00:10 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-10 22:00:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-10 22:00:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-10 22:00:07 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-10 22:00:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-10-10 08:00:52 -------- d-----w- C:\Users\Laptop\AppData\Local\{157816E4-694C-42B3-9687-DC07AEC5EFE2}

2012-10-09 20:00:29 -------- d-----w- C:\Users\Laptop\AppData\Local\{79B0DCE9-10D6-48E2-8F7F-A23FD3055C4C}

2012-10-09 02:02:06 -------- d-----w- C:\Users\Laptop\AppData\Local\{E741BA0A-C0FC-4812-8CD3-188A32463CD1}

2012-10-08 13:51:55 -------- d-----w- C:\Users\Laptop\AppData\Local\{67FE339B-42CC-4902-949D-2E2CE8733DA1}

2012-10-08 01:06:22 -------- d-----w- C:\Users\Laptop\AppData\Local\{B3D31D55-4BBB-4574-A7CC-7A01447C2988}

2012-10-06 22:07:37 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Malwarebytes

2012-10-06 22:07:17 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-06 20:35:10 -------- d-----w- C:\Users\Laptop\AppData\Local\{142E73ED-2B76-42A2-8628-B9F073DA66EB}

2012-10-06 00:59:19 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-05 22:23:47 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-10-05 22:23:14 -------- d-----w- C:\Program Files\iPod

2012-10-05 22:23:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-05 22:23:13 -------- d-----w- C:\Program Files\iTunes

2012-10-05 22:23:13 -------- d-----w- C:\Program Files (x86)\iTunes

2012-10-05 20:39:47 -------- d-----w- C:\Users\Laptop\AppData\Local\{18800A10-A11A-4704-9988-76338E4F86D4}

.

==================== Find3M ====================

.

2012-10-06 01:44:50 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-21 19:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 19:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 21:24:54.23 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/8/2011 9:48:57 AM

System Uptime: 11/3/2012 8:05:42 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0N7J7M

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 175.343 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

1ClickDownloader

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.2

Adobe Shockwave Player 11.6

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

ArcSoft MediaImpression 2

Best Buy pc app

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 5.1

Canon MX430 series On-screen Manual

Canon MX430 series User Registration

Canon My Printer

Canon Solution Menu EX

Canon Speed Dial Utility

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Dock

Dell Getting Started Guide

Dell Product Registration

Dell Webcam Central

Dell Wireless Driver Installation

Digital CAT

FLAC To MP3 V4.0.4

Free FLAC to MP3 Converter 1.0

Free RAR Extract Frog

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

Intel® Control Center

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 25

Junk Mail filter update

K-Lite Codec Pack 7.1.0 (Basic)

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.65.1.1000

Mesh Runtime

Messenger Companion

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird (3.1.17)

MSVCRT

MSVCRT_amd64

Network Recording Player

PokerStars.net

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Roxio Burn

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

swMSM

Take Screenshot 1.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Virtual Account Numbers

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Xvid Video Codec

YourFileDownloader

.

==== Event Viewer Messages From Past Week ========

.

11/3/2012 8:11:54 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

11/3/2012 8:09:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

11/3/2012 6:39:59 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

11/3/2012 6:39:00 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

11/3/2012 11:32:03 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 77 time(s).

11/3/2012 11:32:03 AM, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: The system cannot find the path specified.

11/3/2012 11:30:06 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 76 time(s).

11/3/2012 11:30:00 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 75 time(s).

11/3/2012 11:29:56 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 74 time(s).

11/3/2012 11:29:49 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 73 time(s).

11/3/2012 11:26:45 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 72 time(s).

11/3/2012 11:26:36 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 71 time(s).

11/3/2012 11:26:31 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 70 time(s).

11/3/2012 11:16:05 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 69 time(s).

11/3/2012 11:15:42 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 68 time(s).

11/3/2012 11:15:30 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 67 time(s).

11/3/2012 11:14:58 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 66 time(s).

11/3/2012 11:14:35 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 65 time(s).

11/3/2012 11:10:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 64 time(s).

11/3/2012 11:07:38 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 63 time(s).

11/3/2012 11:07:29 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 62 time(s).

11/3/2012 11:07:22 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 61 time(s).

11/3/2012 11:06:45 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 60 time(s).

11/3/2012 11:05:47 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 59 time(s).

11/3/2012 11:05:19 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 58 time(s).

11/3/2012 11:04:20 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 57 time(s).

11/3/2012 11:04:13 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 56 time(s).

11/3/2012 11:04:08 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 55 time(s).

11/3/2012 11:03:48 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 54 time(s).

11/3/2012 11:03:33 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 53 time(s).

11/3/2012 11:03:28 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 52 time(s).

11/3/2012 11:02:32 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 51 time(s).

11/3/2012 11:01:38 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 50 time(s).

11/3/2012 11:01:19 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 49 time(s).

11/3/2012 11:01:07 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 48 time(s).

11/3/2012 11:01:00 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 47 time(s).

11/3/2012 10:59:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 46 time(s).

11/3/2012 10:59:48 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 45 time(s).

11/3/2012 10:59:22 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 44 time(s).

11/3/2012 10:59:12 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 43 time(s).

11/3/2012 10:59:06 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 42 time(s).

11/3/2012 10:58:57 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 41 time(s).

11/3/2012 10:58:56 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 40 time(s).

11/3/2012 10:58:52 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 39 time(s).

11/3/2012 10:58:49 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 38 time(s).

11/3/2012 10:58:46 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 37 time(s).

11/3/2012 10:58:39 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 36 time(s).

11/3/2012 10:58:16 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 35 time(s).

11/3/2012 10:58:12 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 34 time(s).

11/3/2012 10:57:46 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 33 time(s).

11/3/2012 10:57:12 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 32 time(s).

11/3/2012 10:57:08 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 31 time(s).

11/3/2012 10:50:31 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 30 time(s).

11/3/2012 10:50:17 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 29 time(s).

11/3/2012 10:49:47 AM, Error: volsnap [27] - The shadow copies of volume E: were aborted during detection because a critical control file could not be opened.

11/3/2012 10:49:41 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 28 time(s).

11/3/2012 10:49:40 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 27 time(s).

11/3/2012 10:49:29 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 26 time(s).

11/3/2012 10:49:01 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 25 time(s).

11/3/2012 10:48:56 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 24 time(s).

11/3/2012 10:48:47 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 23 time(s).

11/3/2012 10:46:47 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 22 time(s).

11/3/2012 10:45:31 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 21 time(s).

11/3/2012 10:45:11 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 20 time(s).

11/3/2012 10:43:24 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s).

11/3/2012 10:42:47 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s).

11/3/2012 10:42:37 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s).

11/3/2012 10:42:33 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).

11/3/2012 10:42:29 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).

11/3/2012 10:42:25 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).

11/3/2012 10:42:15 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).

11/3/2012 10:41:58 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).

11/3/2012 10:41:24 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).

11/3/2012 10:41:14 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).

11/3/2012 10:40:50 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).

11/3/2012 10:40:18 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).

11/2/2012 9:56:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).

11/2/2012 9:49:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).

11/2/2012 9:49:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).

11/2/2012 9:49:37 PM, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: The disk structure is corrupted and unreadable.

11/2/2012 9:49:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).

11/2/2012 9:48:58 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/2/2012 9:48:45 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023503

11/2/2012 9:48:27 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/2/2012 9:48:27 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536.

11/2/2012 9:30:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

11/2/2012 9:30:11 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/2/2012 9:29:49 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

11/2/2012 9:29:48 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

11/2/2012 9:28:06 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

11/2/2012 9:27:27 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

11/2/2012 2:20:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.

11/2/2012 2:20:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

11/2/2012 2:20:58 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/2/2012 11:22:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).

11/2/2012 11:04:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

11/2/2012 11:04:46 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/2/2012 11:01:01 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.

11/2/2012 11:00:49 AM, Error: Service Control Manager [7022] - The Remote Access Connection Manager service hung on starting.

11/1/2012 5:46:04 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/1/2012 11:47:28 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

11/1/2012 10:20:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

11/1/2012 10:20:19 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/31/2012 11:44:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

10/31/2012 11:44:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

10/31/2012 1:53:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

10/29/2012 4:11:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

10/29/2012 4:11:17 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/27/2012 2:42:31 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

10/27/2012 2:39:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003179a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102712-21964-01.

10/27/2012 2:34:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ebdab5, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102712-21309-01.

.

==== End Of File ===========================

Link to post
Share on other sites

Hi,

I can see where you are having problems with your hard drive and it has been hindering us from removing all the malware. Let's check that out. If you have a failing hard drive....repairing your system will be, unfortunately, of no help if the system continues to crash.

Please download HD Tune (the free version not the trial), run an error scan on your primary harddrive (full not quick) and report back if any blocks aren't green. It tests your hard drive for bad sectors.

Link to post
Share on other sites

Use the same instructions I provided for chkdsk earlier but this time use the following command instead.... chkdsk /f

Once complete....run a new DDS and post both of the logs.

Link to post
Share on other sites

When entering the command it said the disk was in use and it would be checked upon reboot ( did this last time too). I rebooted, it scanned, and upon windows starting I got the same message about detecting a hard disk problem as well as the Intel pop-up on the system tray. Ran DDS, here are the logs

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25

Run by Laptop at 10:05:37 on 2012-11-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4058.2737 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DFDWiz.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\vds.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Windows\SysWOW64\OBroker.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\splwow64.exe

C:\Windows\system32\PrintIsolationHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532} : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\0514E4542514 : DhcpNameServer = 205.139.50.143 63.209.206.118 4.2.2.2

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\14D616E6475602E4F6274786 : DhcpNameServer = 10.1.10.1

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\2375942554138323 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\6457E6E6973456461627D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\743424 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\754564 : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\C696E6B6379737F5355435F56313639303 : DhcpNameServer = 192.168.0.1 38.8.82.2

TCP: Interfaces\{45C44CE9-A40B-48D0-AA62-9AC7107C0532}\E403F46353 : DhcpNameServer = 192.168.1.1 184.16.4.22

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll

BHO-X64: Virtual Account Numbers Helper - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun-x64: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\uwcdrsmu.default\

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-16 98208]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-29 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-29 676936]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-16 705856]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-7 136176]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-16 13336]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-7 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-29 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-04 16:36:34 -------- d-----w- C:\Users\Laptop\AppData\Local\{DE8E2A50-2878-4F4D-82D9-1E6FCAB903DB}

2012-11-04 03:06:54 -------- d-----w- C:\Program Files (x86)\HD Tune

2012-11-04 00:55:54 -------- d-sh--w- C:\found.000

2012-11-02 19:28:28 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5FE108AD-2F45-47B8-A3CF-E992C49AD3F5}\mpengine.dll

2012-11-02 17:05:06 -------- d-----w- C:\Users\Laptop\AppData\Local\{6CF55B8A-930B-441F-AB42-7F3A91EB56B8}

2012-11-01 23:52:13 -------- d-sh--w- C:\$RECYCLE.BIN

2012-11-01 23:15:08 -------- d-----w- C:\Users\Laptop\AppData\Local\{E96C7A6E-28D8-4004-9C59-3D866C45B102}

2012-11-01 17:30:18 98816 ----a-w- C:\Windows\sed.exe

2012-11-01 17:30:18 518144 ----a-w- C:\Windows\SWREG.exe

2012-11-01 17:30:18 256000 ----a-w- C:\Windows\PEV.exe

2012-11-01 17:30:18 208896 ----a-w- C:\Windows\MBR.exe

2012-11-01 05:11:10 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-29 19:27:18 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-10-29 19:27:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-25 22:27:34 -------- d-----w- C:\ProgramData\Zemana AntiMalware

2012-10-25 01:23:20 -------- d-----w- C:\Users\Laptop\AppData\Local\DoNotTrackPlus

2012-10-25 01:02:02 -------- d-----w- C:\Users\Laptop\AppData\Local\APN

2012-10-25 01:00:08 -------- d-----w- C:\ProgramData\Avira

2012-10-24 23:39:31 -------- d-----w- C:\Users\Laptop\AppData\Local\{7CEC4C8F-77AF-4268-8BBE-97D5ED63EEE7}

2012-10-24 17:56:30 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2012-10-24 00:52:02 -------- d-----w- C:\ProgramData\CanonIJ

2012-10-24 00:30:03 -------- d--h--w- C:\ProgramData\CanonIJScan

2012-10-24 00:28:53 -------- d--h--w- C:\ProgramData\CanonIJEGV

2012-10-24 00:25:58 -------- d--h--w- C:\ProgramData\CanonIJSolutionMenuEX

2012-10-24 00:25:56 -------- d--h--w- C:\ProgramData\CanonIJEPPEX2

2012-10-24 00:25:56 -------- d--h--w- C:\ProgramData\CanonEPP

2012-10-24 00:25:55 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter

2012-10-23 23:24:54 -------- d-----w- C:\ProgramData\Canon IJ Network Tool

2012-10-23 23:24:42 316416 ----a-w- C:\Windows\SysWow64\CNC_B1L.dll

2012-10-23 23:24:42 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll

2012-10-23 23:24:42 102912 ----a-w- C:\Windows\SysWow64\CNC_B1U.dll

2012-10-23 23:24:38 -------- d--h--w- C:\ProgramData\CanonIJFAX

2012-10-23 23:21:53 -------- d-----w- C:\Program Files\Common Files\CANON

2012-10-23 23:21:41 -------- d-----w- C:\ProgramData\CanonIJWSpt

2012-10-23 23:19:18 -------- d-----w- C:\Program Files\Canon

2012-10-23 23:18:11 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPB1.DLL

2012-10-23 23:18:11 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDB1.DLL

2012-10-23 23:18:01 385024 ----a-w- C:\Windows\System32\CNMLMB1.DLL

2012-10-23 23:18:00 302592 ----a-w- C:\Windows\System32\CNCALB1.DLL

2012-10-23 23:17:56 256000 ----a-w- C:\Windows\System32\CNMIUB1.DLL

2012-10-23 23:17:41 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL

2012-10-23 23:17:41 356864 ----a-w- C:\Windows\System32\CNMN6PPM.DLL

2012-10-23 23:17:41 -------- d-----w- C:\Windows\System32\STRING

2012-10-23 23:13:00 -------- d-----w- C:\ProgramData\CanonIJPLM

2012-10-23 23:05:36 -------- d--h--w- C:\ProgramData\CanonIJETV

2012-10-23 23:05:01 -------- d-----w- C:\Program Files (x86)\Canon

2012-10-22 19:35:35 -------- d-----w- C:\Users\Laptop\AppData\Local\{C186BED8-196B-4DD0-903C-23AD24C7879C}

2012-10-21 05:45:43 -------- d-----w- C:\Users\Laptop\AppData\Local\{63A3E130-7D90-4050-BD6C-C84976F51CDE}

2012-10-20 00:05:38 -------- d-----w- C:\Users\Laptop\AppData\Local\{4B9E8965-32F1-4FDE-A4C5-35975831CA0A}

2012-10-19 21:47:44 -------- d-----w- C:\Users\Laptop\AppData\Local\{4AFCBFC3-9363-4E21-B75E-7D523E55464E}

2012-10-18 23:03:15 -------- d-----w- C:\Users\Laptop\AppData\Local\{926409AF-C583-47B0-8874-3A4F7E5B9F56}

2012-10-16 18:25:01 -------- d-----w- C:\Users\Laptop\AppData\Local\{BF8E8AA9-0F35-48D0-AEA8-FE76504841A9}

2012-10-15 19:53:41 -------- d-----w- C:\Users\Laptop\AppData\Local\{57B41125-B073-4B21-857C-4219FF980513}

2012-10-14 09:15:57 -------- d-----w- C:\Users\Laptop\AppData\Local\{FA02BFDA-FFA1-4FA7-B1D1-93751E937D99}

2012-10-12 02:48:46 -------- d-----w- C:\Users\Laptop\AppData\Local\{390F1592-71BC-4A19-B29B-6308258E7274}

2012-10-10 22:00:48 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-10-10 22:00:45 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-10-10 22:00:44 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-10-10 22:00:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-10-10 22:00:25 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-10-10 22:00:21 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-10 22:00:21 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-10 22:00:12 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-10 22:00:10 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-10 22:00:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-10 22:00:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-10 22:00:07 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-10 22:00:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-10-10 08:00:52 -------- d-----w- C:\Users\Laptop\AppData\Local\{157816E4-694C-42B3-9687-DC07AEC5EFE2}

2012-10-09 20:00:29 -------- d-----w- C:\Users\Laptop\AppData\Local\{79B0DCE9-10D6-48E2-8F7F-A23FD3055C4C}

2012-10-09 02:02:06 -------- d-----w- C:\Users\Laptop\AppData\Local\{E741BA0A-C0FC-4812-8CD3-188A32463CD1}

2012-10-08 13:51:55 -------- d-----w- C:\Users\Laptop\AppData\Local\{67FE339B-42CC-4902-949D-2E2CE8733DA1}

2012-10-08 01:06:22 -------- d-----w- C:\Users\Laptop\AppData\Local\{B3D31D55-4BBB-4574-A7CC-7A01447C2988}

2012-10-06 22:07:37 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Malwarebytes

2012-10-06 22:07:17 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-06 20:35:10 -------- d-----w- C:\Users\Laptop\AppData\Local\{142E73ED-2B76-42A2-8628-B9F073DA66EB}

2012-10-06 00:59:19 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-05 22:23:47 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-10-05 22:23:14 -------- d-----w- C:\Program Files\iPod

2012-10-05 22:23:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-05 22:23:13 -------- d-----w- C:\Program Files\iTunes

2012-10-05 22:23:13 -------- d-----w- C:\Program Files (x86)\iTunes

2012-10-05 20:39:47 -------- d-----w- C:\Users\Laptop\AppData\Local\{18800A10-A11A-4704-9988-76338E4F86D4}

.

==================== Find3M ====================

.

2012-10-06 01:44:50 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-21 19:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 19:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 10:10:24.34 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/8/2011 9:48:57 AM

System Uptime: 11/4/2012 10:02:35 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0N7J7M

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 1196/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 175.562 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

1ClickDownloader

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9.2

Adobe Shockwave Player 11.6

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

ArcSoft MediaImpression 2

Best Buy pc app

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 5.1

Canon MX430 series On-screen Manual

Canon MX430 series User Registration

Canon My Printer

Canon Solution Menu EX

Canon Speed Dial Utility

D3DX10

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Dock

Dell Getting Started Guide

Dell Product Registration

Dell Webcam Central

Dell Wireless Driver Installation

Digital CAT

FLAC To MP3 V4.0.4

Free FLAC to MP3 Converter 1.0

Free RAR Extract Frog

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

HD Tune 2.55

Intel® Control Center

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 25

Junk Mail filter update

K-Lite Codec Pack 7.1.0 (Basic)

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.65.1.1000

Mesh Runtime

Messenger Companion

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird (3.1.17)

MSVCRT

MSVCRT_amd64

Network Recording Player

PokerStars.net

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Roxio Burn

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

swMSM

Take Screenshot 1.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Virtual Account Numbers

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Xvid Video Codec

YourFileDownloader

.

==== Event Viewer Messages From Past Week ========

.

11/3/2012 8:11:54 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

11/3/2012 8:09:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

11/3/2012 11:32:03 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 77 time(s).

11/3/2012 11:32:03 AM, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: The system cannot find the path specified.

11/3/2012 11:30:59 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

11/3/2012 11:30:06 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 76 time(s).

11/3/2012 11:30:00 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 75 time(s).

11/3/2012 11:29:56 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 74 time(s).

11/3/2012 11:29:49 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 73 time(s).

11/3/2012 11:26:45 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 72 time(s).

11/3/2012 11:26:36 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 71 time(s).

11/3/2012 11:26:31 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 70 time(s).

11/3/2012 11:16:05 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 69 time(s).

11/3/2012 11:15:42 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 68 time(s).

11/3/2012 11:15:30 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 67 time(s).

11/3/2012 11:14:58 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 66 time(s).

11/3/2012 11:14:35 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 65 time(s).

11/3/2012 11:10:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 64 time(s).

11/3/2012 11:07:38 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 63 time(s).

11/3/2012 11:07:29 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 62 time(s).

11/3/2012 11:07:22 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 61 time(s).

11/3/2012 11:06:45 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 60 time(s).

11/3/2012 11:05:47 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 59 time(s).

11/3/2012 11:05:19 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 58 time(s).

11/3/2012 11:04:20 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 57 time(s).

11/3/2012 11:04:13 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 56 time(s).

11/3/2012 11:04:08 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 55 time(s).

11/3/2012 11:03:48 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 54 time(s).

11/3/2012 11:03:33 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 53 time(s).

11/3/2012 11:03:28 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 52 time(s).

11/3/2012 11:02:32 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 51 time(s).

11/3/2012 11:01:38 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 50 time(s).

11/3/2012 11:01:19 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 49 time(s).

11/3/2012 11:01:07 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 48 time(s).

11/3/2012 11:01:00 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 47 time(s).

11/3/2012 11:00:00 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

11/3/2012 10:59:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 46 time(s).

11/3/2012 10:59:48 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 45 time(s).

11/3/2012 10:59:22 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 44 time(s).

11/3/2012 10:59:12 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 43 time(s).

11/3/2012 10:59:06 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 42 time(s).

11/3/2012 10:58:57 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 41 time(s).

11/3/2012 10:58:56 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 40 time(s).

11/3/2012 10:58:52 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 39 time(s).

11/3/2012 10:58:49 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 38 time(s).

11/3/2012 10:58:46 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 37 time(s).

11/3/2012 10:58:39 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 36 time(s).

11/3/2012 10:58:16 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 35 time(s).

11/3/2012 10:58:12 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 34 time(s).

11/3/2012 10:57:46 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 33 time(s).

11/3/2012 10:57:12 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 32 time(s).

11/3/2012 10:57:08 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 31 time(s).

11/3/2012 10:50:31 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 30 time(s).

11/3/2012 10:50:17 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 29 time(s).

11/3/2012 10:49:47 AM, Error: volsnap [27] - The shadow copies of volume E: were aborted during detection because a critical control file could not be opened.

11/3/2012 10:49:41 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 28 time(s).

11/3/2012 10:49:40 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 27 time(s).

11/3/2012 10:49:29 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 26 time(s).

11/3/2012 10:49:01 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 25 time(s).

11/3/2012 10:48:56 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 24 time(s).

11/3/2012 10:48:47 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 23 time(s).

11/3/2012 10:46:47 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 22 time(s).

11/3/2012 10:45:31 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 21 time(s).

11/3/2012 10:45:11 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 20 time(s).

11/3/2012 10:43:24 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s).

11/3/2012 10:42:47 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s).

11/3/2012 10:42:37 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s).

11/3/2012 10:42:33 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).

11/3/2012 10:42:29 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).

11/3/2012 10:42:25 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).

11/3/2012 10:42:15 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).

11/3/2012 10:41:58 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).

11/3/2012 10:41:24 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).

11/3/2012 10:41:14 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).

11/3/2012 10:40:50 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).

11/3/2012 10:40:18 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).

11/2/2012 9:56:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).

11/2/2012 9:49:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).

11/2/2012 9:49:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).

11/2/2012 9:49:37 PM, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: The disk structure is corrupted and unreadable.

11/2/2012 9:49:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).

11/2/2012 9:48:58 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/2/2012 9:48:45 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023503

11/2/2012 9:48:27 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

11/2/2012 9:48:27 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536.

11/2/2012 9:30:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

11/2/2012 9:30:11 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/2/2012 9:29:49 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

11/2/2012 9:29:48 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

11/2/2012 9:28:06 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

11/2/2012 9:27:27 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

11/2/2012 2:20:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.

11/2/2012 2:20:58 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

11/2/2012 2:20:58 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/2/2012 11:22:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).

11/2/2012 11:04:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

11/2/2012 11:04:46 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/2/2012 11:01:01 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.

11/2/2012 11:00:49 AM, Error: Service Control Manager [7022] - The Remote Access Connection Manager service hung on starting.

11/1/2012 5:46:04 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/1/2012 11:47:28 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

11/1/2012 10:20:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

11/1/2012 10:20:19 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/31/2012 11:44:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

10/31/2012 11:44:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

10/31/2012 1:53:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

10/29/2012 4:11:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

10/29/2012 4:11:17 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Ok...let's see what we can do here.

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.

---------

Link to post
Share on other sites

ComboFix 12-11-04.01 - Laptop 11/04/2012 14:48:24.5.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4058.2311 [GMT -7:00]

Running from: c:\users\Laptop\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))

.

.

2012-11-04 21:58 . 2012-11-04 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-04 03:06 . 2012-11-04 03:06 -------- d-----w- c:\program files (x86)\HD Tune

2012-11-04 00:55 . 2012-11-04 00:55 -------- d-----w- C:\found.000

2012-11-02 19:28 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FE108AD-2F45-47B8-A3CF-E992C49AD3F5}\mpengine.dll

2012-11-01 05:11 . 2012-11-01 05:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-29 19:27 . 2012-10-29 19:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-29 19:27 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-25 22:27 . 2012-10-25 22:28 -------- d-----w- c:\programdata\Zemana AntiMalware

2012-10-25 01:23 . 2012-10-25 01:23 -------- d-----w- c:\users\Laptop\AppData\Local\DoNotTrackPlus

2012-10-25 01:02 . 2012-10-25 01:02 -------- d-----w- c:\users\Laptop\AppData\Local\APN

2012-10-25 01:00 . 2012-10-25 22:57 -------- d-----w- c:\programdata\Avira

2012-10-24 17:56 . 2012-10-24 17:56 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation

2012-10-24 00:52 . 2012-10-24 00:52 -------- d-----w- c:\programdata\CanonIJ

2012-10-24 00:25 . 2012-10-24 00:25 -------- d--h--w- c:\programdata\CanonEPP

2012-10-24 00:25 . 2012-10-24 00:30 -------- d-----w- c:\users\Laptop\AppData\Roaming\Canon

2012-10-23 23:24 . 2012-10-23 23:24 -------- d-----w- c:\programdata\Canon IJ Network Tool

2012-10-23 23:24 . 2011-10-14 17:57 102912 ----a-w- c:\windows\SysWow64\CNC_B1U.dll

2012-10-23 23:24 . 2011-09-22 14:57 316416 ----a-w- c:\windows\SysWow64\CNC_B1L.dll

2012-10-23 23:24 . 2008-08-26 00:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll

2012-10-23 23:21 . 2012-10-23 23:21 -------- d-----w- c:\program files\Common Files\CANON

2012-10-23 23:19 . 2012-10-23 23:19 -------- d-----w- c:\program files\Canon

2012-10-23 23:18 . 2012-10-23 23:18 -------- d--h--w- c:\programdata\CanonBJ

2012-10-23 23:18 . 2011-11-03 11:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPB1.DLL

2012-10-23 23:18 . 2011-11-03 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDB1.DLL

2012-10-23 23:18 . 2012-10-23 23:18 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-10-23 23:18 . 2011-11-03 11:00 385024 ----a-w- c:\windows\system32\CNMLMB1.DLL

2012-10-23 23:18 . 2011-09-21 11:00 302592 ----a-w- c:\windows\system32\CNCALB1.DLL

2012-10-23 23:17 . 2011-09-29 09:23 256000 ----a-w- c:\windows\system32\CNMIUB1.DLL

2012-10-23 23:17 . 2012-10-23 23:17 -------- d-----w- c:\windows\system32\STRING

2012-10-23 23:17 . 2011-08-16 08:30 39424 ----a-w- c:\windows\system32\CNMN6UI.DLL

2012-10-23 23:17 . 2011-08-16 08:30 356864 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2012-10-23 23:05 . 2012-10-24 00:25 -------- d-----w- c:\program files (x86)\Canon

2012-10-10 22:00 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-10 22:00 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-10-10 22:00 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-10-10 22:00 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 22:00 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-10 22:00 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 22:00 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-10 22:00 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 22:00 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 22:00 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 22:00 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 22:00 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 22:00 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-06 22:07 . 2012-10-06 22:07 -------- d-----w- c:\users\Laptop\AppData\Roaming\Malwarebytes

2012-10-06 22:07 . 2012-10-06 22:07 -------- d-----w- c:\programdata\Malwarebytes

2012-10-06 00:59 . 2012-10-06 00:59 -------- d-----w- c:\program files\Google

2012-10-06 00:59 . 2012-10-06 01:44 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-06 00:59 . 2012-10-06 00:59 -------- d-----w- c:\windows\system32\Macromed

2012-10-05 22:23 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\program files\iPod

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\program files\iTunes

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\program files (x86)\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 09:04 . 2011-03-09 16:15 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-06 01:44 . 2011-06-19 01:16 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-24 11:15 . 2012-10-05 18:53 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-10-05 18:53 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-10-05 18:53 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-10-05 18:53 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-10-05 18:53 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-10-05 18:53 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-10-05 18:53 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-10-05 18:53 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-10-05 18:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-10-05 18:53 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-10-05 18:53 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-10-05 18:53 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-10-05 18:53 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-10-05 18:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-10-05 18:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-10-05 18:53 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-10-05 18:53 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-10-05 18:53 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-10-05 18:53 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-10-05 18:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-10-05 18:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-10-05 18:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-13 23:52 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-13 23:52 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-13 23:50 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-13 23:52 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-10-04 19:34 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 19:01 . 2011-03-19 06:22 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 19:01 . 2011-03-19 06:22 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 17:38 . 2012-10-10 22:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-09 16:38 . 2012-08-09 16:38 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-06 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Citi Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2009-07-10 372736]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-07-07 273544]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-14 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 94600793;94600793; [x]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-09 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 20:50]

.

2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 20:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-15 10918504]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\uwcdrsmu.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-1ClickDownloader - c:\program files (x86)\1ClickDownload\uninstall.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

Link to post
Share on other sites

Sorry

ComboFix 12-11-04.01 - Laptop 11/04/2012 14:48:24.5.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4058.2311 [GMT -7:00]

Running from: c:\users\Laptop\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))

.

.

2012-11-04 21:58 . 2012-11-04 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-04 03:06 . 2012-11-04 03:06 -------- d-----w- c:\program files (x86)\HD Tune

2012-11-04 00:55 . 2012-11-04 00:55 -------- d-----w- C:\found.000

2012-11-02 19:28 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FE108AD-2F45-47B8-A3CF-E992C49AD3F5}\mpengine.dll

2012-11-01 05:11 . 2012-11-01 05:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-29 19:27 . 2012-10-29 19:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-29 19:27 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-25 22:27 . 2012-10-25 22:28 -------- d-----w- c:\programdata\Zemana AntiMalware

2012-10-25 01:23 . 2012-10-25 01:23 -------- d-----w- c:\users\Laptop\AppData\Local\DoNotTrackPlus

2012-10-25 01:02 . 2012-10-25 01:02 -------- d-----w- c:\users\Laptop\AppData\Local\APN

2012-10-25 01:00 . 2012-10-25 22:57 -------- d-----w- c:\programdata\Avira

2012-10-24 17:56 . 2012-10-24 17:56 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation

2012-10-24 00:52 . 2012-10-24 00:52 -------- d-----w- c:\programdata\CanonIJ

2012-10-24 00:25 . 2012-10-24 00:25 -------- d--h--w- c:\programdata\CanonEPP

2012-10-24 00:25 . 2012-10-24 00:30 -------- d-----w- c:\users\Laptop\AppData\Roaming\Canon

2012-10-23 23:24 . 2012-10-23 23:24 -------- d-----w- c:\programdata\Canon IJ Network Tool

2012-10-23 23:24 . 2011-10-14 17:57 102912 ----a-w- c:\windows\SysWow64\CNC_B1U.dll

2012-10-23 23:24 . 2011-09-22 14:57 316416 ----a-w- c:\windows\SysWow64\CNC_B1L.dll

2012-10-23 23:24 . 2008-08-26 00:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll

2012-10-23 23:21 . 2012-10-23 23:21 -------- d-----w- c:\program files\Common Files\CANON

2012-10-23 23:19 . 2012-10-23 23:19 -------- d-----w- c:\program files\Canon

2012-10-23 23:18 . 2012-10-23 23:18 -------- d--h--w- c:\programdata\CanonBJ

2012-10-23 23:18 . 2011-11-03 11:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPB1.DLL

2012-10-23 23:18 . 2011-11-03 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDB1.DLL

2012-10-23 23:18 . 2012-10-23 23:18 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-10-23 23:18 . 2011-11-03 11:00 385024 ----a-w- c:\windows\system32\CNMLMB1.DLL

2012-10-23 23:18 . 2011-09-21 11:00 302592 ----a-w- c:\windows\system32\CNCALB1.DLL

2012-10-23 23:17 . 2011-09-29 09:23 256000 ----a-w- c:\windows\system32\CNMIUB1.DLL

2012-10-23 23:17 . 2012-10-23 23:17 -------- d-----w- c:\windows\system32\STRING

2012-10-23 23:17 . 2011-08-16 08:30 39424 ----a-w- c:\windows\system32\CNMN6UI.DLL

2012-10-23 23:17 . 2011-08-16 08:30 356864 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2012-10-23 23:05 . 2012-10-24 00:25 -------- d-----w- c:\program files (x86)\Canon

2012-10-10 22:00 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-10 22:00 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-10-10 22:00 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-10-10 22:00 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 22:00 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-10 22:00 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 22:00 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-10 22:00 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 22:00 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 22:00 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 22:00 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 22:00 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 22:00 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-06 22:07 . 2012-10-06 22:07 -------- d-----w- c:\users\Laptop\AppData\Roaming\Malwarebytes

2012-10-06 22:07 . 2012-10-06 22:07 -------- d-----w- c:\programdata\Malwarebytes

2012-10-06 00:59 . 2012-10-06 00:59 -------- d-----w- c:\program files\Google

2012-10-06 00:59 . 2012-10-06 01:44 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-06 00:59 . 2012-10-06 00:59 -------- d-----w- c:\windows\system32\Macromed

2012-10-05 22:23 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\program files\iPod

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\program files\iTunes

2012-10-05 22:23 . 2012-10-05 22:23 -------- d-----w- c:\program files (x86)\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 09:04 . 2011-03-09 16:15 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-06 01:44 . 2011-06-19 01:16 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-24 11:15 . 2012-10-05 18:53 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-10-05 18:53 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-10-05 18:53 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-10-05 18:53 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-10-05 18:53 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-10-05 18:53 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-10-05 18:53 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-10-05 18:53 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-10-05 18:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-10-05 18:53 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-10-05 18:53 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-10-05 18:53 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-10-05 18:53 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-10-05 18:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-10-05 18:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-10-05 18:53 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-10-05 18:53 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-10-05 18:53 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-10-05 18:53 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-10-05 18:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-10-05 18:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-10-05 18:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-13 23:52 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-13 23:52 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-13 23:50 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-13 23:52 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-10-04 19:34 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 19:01 . 2011-03-19 06:22 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 19:01 . 2011-03-19 06:22 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 17:38 . 2012-10-10 22:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-09 16:38 . 2012-08-09 16:38 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-06 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"Citi Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2009-07-10 372736]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-07-07 273544]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-14 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 94600793;94600793; [x]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-09 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 20:50]

.

2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 20:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-15 10918504]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\uwcdrsmu.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-1ClickDownloader - c:\program files (x86)\1ClickDownload\uninstall.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-04 15:19:14

ComboFix-quarantined-files.txt 2012-11-04 22:19

ComboFix2.txt 2012-11-01 23:49

ComboFix3.txt 2012-11-01 17:52

.

Pre-Run: 188,184,989,696 bytes free

Post-Run: 188,120,305,664 bytes free

.

- - End Of File - - E7D80C494398D4C46D5D2262C8039777

Link to post
Share on other sites

Hi,

Once we get the next step completed I am going to send you to the PC Help forum for further assistance....

----------

I see that your Java software is out of date. Please go to Start >> Control Panel >> Programs and Features >> uninstall all versions of Java.

Now download and install the newest version from here >> http://java.com/en/download/index.jsp

-------------

Clear Java Cache

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets
      Downloaded Applications
      Other Files

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Java Control Panel.

----------

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------

Link to post
Share on other sites

Is it normal for this scan to take a while? It's been going nearly 3.5 hours and is at 49%.

Also, when starting up this scan it indicated that an anti virus was running. I thought this was odd, as I have uninstalled my antivirus software prior to doing any of these scans. It indicated that windows defender was running. I opened it up and real time protection was already disabled, but i turned the whole program off anyway. I'm throwing this out there in case there are other scans I should also run now that I disabled this.

Thanks

Link to post
Share on other sites

OK, well apparently the last 50% went rather fast! Many threats were detected, I think 32? System still running fine except for the warning in the system tray. Have not gotten a message from windows all day. Any way, here are the malwarebytes and ESET logs.

Note: Malwarebytes log was before I completely disabled Windows Defender. Not sure if this matters.

MALWAREBYTES LOG:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.05.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Laptop :: LAPTOP-PC [administrator]

11/5/2012 1:49:14 PM

mbam-log-2012-11-05 (13-49-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206753

Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESET Log:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\YourFileDownloader\uninstall.exe a variant of Win32/YourFileDownloader application

C:\Qoobox\Quarantine\C\Program Files (x86)\LP\4797\9D1D.tmp.vir a variant of Win32/Kryptik.ZNM trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\9B4D.tmp.vir Win64/Olmarik.AD trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\9B8D.tmp.vir Win64/Olmarik.AD trojan

C:\TDSSKiller_Quarantine\31.10.2012_23.09.24\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\31.10.2012_23.09.24\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan

C:\TDSSKiller_Quarantine\31.10.2012_23.09.24\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\31.10.2012_23.09.24\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan

C:\TDSSKiller_Quarantine\31.10.2012_23.09.24\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan

C:\TDSSKiller_Quarantine\31.10.2012_23.09.24\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan

C:\TDSSKiller_Quarantine\31.10.2012_23.09.24\mbr0000\tdlfs0000\tsk0010.dta a variant of Win32/Olmarik.AYG trojan

C:\Users\Laptop\Downloads\cnet2_FreeFLACToMP3Converter_exe.exe a variant of Win32/InstallCore.D application

C:\Users\Laptop\Downloads\finalmediaplayer.exe a variant of Win32/InstallIQ application

C:\Users\Laptop\Downloads\FreeYouTubeToMP3Converter.exe Win32/OpenCandy application

C:\Users\Laptop\Downloads\Greensky_Bluegrass_-_Five_Interstates_(2008)_FLAC_downloader_128a.exe a variant of Win32/YourFileDownloader application

C:\Users\Laptop\Downloads\[1973]_greatest_hits__john_denver__97mb_@_320kbs_[h33t]_[only1joe].exe a variant of Win32/MediaGet application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QNWAWHF\carrot-cat[1].htm HTML/ScrInject.B.Gen virus

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62000LN3\index[1].htm JS/Iframe.CV trojan

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B4IC8HS\ffog_net[1].txt HTML/Iframe.B.Gen virus

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74O4VWRQ\index[5].htm JS/Kryptik.RK trojan

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H30ZT4CS\coicia_info[1].txt HTML/Iframe.B.Gen virus

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWBACSCC\brand_psf20[1].htm JS/Iframe.CV trojan

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QNWAWHF\carrot-cat[1].htm HTML/ScrInject.B.Gen virus

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62000LN3\index[1].htm JS/Iframe.CV trojan

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B4IC8HS\ffog_net[1].txt HTML/Iframe.B.Gen virus

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74O4VWRQ\index[5].htm JS/Kryptik.RK trojan

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H30ZT4CS\coicia_info[1].txt HTML/Iframe.B.Gen virus

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWBACSCC\brand_psf20[1].htm JS/Iframe.CV trojan

Link to post
Share on other sites

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

    ClearJavaCache::
    File::
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QNWAWHF\carrot-cat[1].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62000LN3\index[1].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B4IC8HS\ffog_net[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74O4VWRQ\index[5].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H30ZT4CS\coicia_info[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWBACSCC\brand_psf20[1].htm
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QNWAWHF\carrot-cat[1].htm
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62000LN3\index[1].htm
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B4IC8HS\ffog_net[1].txt
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74O4VWRQ\index[5].htm
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H30ZT4CS\coicia_info[1].txt
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWBACSCC\brand_psf20[1].htm
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Post the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Link to post
Share on other sites

ComboFix 12-11-05.03 - Laptop 11/05/2012 21:06:59.6.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4058.1611 [GMT -7:00]

Running from: c:\users\Laptop\Desktop\ComboFix.exe

Command switches used :: c:\users\Laptop\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QNWAWHF\carrot-cat[1].htm"

"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62000LN3\index[1].htm"

"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B4IC8HS\ffog_net[1].txt"

"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74O4VWRQ\index[5].htm"

"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H30ZT4CS\coicia_info[1].txt"

"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWBACSCC\brand_psf20[1].htm"

"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QNWAWHF\carrot-cat[1].htm"

"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62000LN3\index[1].htm"

"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B4IC8HS\ffog_net[1].txt"

"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74O4VWRQ\index[5].htm"

"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H30ZT4CS\coicia_info[1].txt"

"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWBACSCC\brand_psf20[1].htm"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QNWAWHF\carrot-cat[1].htm

c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62000LN3\index[1].htm

c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B4IC8HS\ffog_net[1].txt

c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74O4VWRQ\index[5].htm

c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H30ZT4CS\coicia_info[1].txt

c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWBACSCC\brand_psf20[1].htm

.

.

((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))

.

.

2012-11-06 04:21 . 2012-11-06 04:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-05 20:54 . 2012-11-05 20:54 -------- d-----w- c:\program files (x86)\ESET

2012-11-05 20:45 . 2012-11-05 20:44 289768 ----a-w- c:\windows\system32\javaws.exe

2012-11-05 20:45 . 2012-11-05 20:44 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-05 20:44 . 2012-11-05 20:44 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-11-05 20:44 . 2012-11-05 20:44 189416 ----a-w- c:\windows\system32\javaw.exe

2012-11-05 20:44 . 2012-11-05 20:44 188904 ----a-w- c:\windows\system32\java.exe

2012-11-04 03:06 . 2012-11-04 03:06 -------- d-----w- c:\program files (x86)\HD Tune

2012-11-04 00:55 . 2012-11-04 00:55 -------- d-----w- C:\found.000

2012-11-02 19:28 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FE108AD-2F45-47B8-A3CF-E992C49AD3F5}\mpengine.dll

2012-11-01 05:11 . 2012-11-01 05:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-29 19:27 . 2012-10-29 19:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-29 19:27 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-25 22:27 . 2012-10-25 22:28 -------- d-----w- c:\programdata\Zemana AntiMalware

2012-10-25 01:23 . 2012-10-25 01:23 -------- d-----w- c:\users\Laptop\AppData\Local\DoNotTrackPlus

2012-10-25 01:02 . 2012-10-25 01:02 -------- d-----w- c:\users\Laptop\AppData\Local\APN

2012-10-25 01:00 . 2012-10-25 22:57 -------- d-----w- c:\programdata\Avira

2012-10-24 17:56 . 2012-10-24 17:56 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation

2012-10-24 00:52 . 2012-10-24 00:52 -------- d-----w- c:\programdata\CanonIJ

2012-10-24 00:25 . 2012-10-24 00:25 -------- d--h--w- c:\programdata\CanonEPP

2012-10-24 00:25 . 2012-10-24 00:30 -------- d-----w- c:\users\Laptop\AppData\Roaming\Canon

2012-10-23 23:24 . 2012-10-23 23:24 -------- d-----w- c:\programdata\Canon IJ Network Tool

2012-10-23 23:24 . 2011-10-14 17:57 102912 ----a-w- c:\windows\SysWow64\CNC_B1U.dll

2012-10-23 23:24 . 2011-09-22 14:57 316416 ----a-w- c:\windows\SysWow64\CNC_B1L.dll

2012-10-23 23:24 . 2008-08-26 00:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll

2012-10-23 23:21 . 2012-10-23 23:21 -------- d-----w- c:\program files\Common Files\CANON

2012-10-23 23:19 . 2012-10-23 23:19 -------- d-----w- c:\program files\Canon

2012-10-23 23:18 . 2012-10-23 23:18 -------- d--h--w- c:\programdata\CanonBJ

2012-10-23 23:18 . 2011-11-03 11:00 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPB1.DLL

2012-10-23 23:18 . 2011-11-03 11:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDB1.DLL

2012-10-23 23:18 . 2012-10-23 23:18 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2012-10-23 23:18 . 2011-11-03 11:00 385024 ----a-w- c:\windows\system32\CNMLMB1.DLL

2012-10-23 23:18 . 2011-09-21 11:00 302592 ----a-w- c:\windows\system32\CNCALB1.DLL

2012-10-23 23:17 . 2011-09-29 09:23 256000 ----a-w- c:\windows\system32\CNMIUB1.DLL

2012-10-23 23:17 . 2012-10-23 23:17 -------- d-----w- c:\windows\system32\STRING

2012-10-23 23:17 . 2011-08-16 08:30 39424 ----a-w- c:\windows\system32\CNMN6UI.DLL

2012-10-23 23:17 . 2011-08-16 08:30 356864 ----a-w- c:\windows\system32\CNMN6PPM.DLL

2012-10-23 23:05 . 2012-10-24 00:25 -------- d-----w- c:\program files (x86)\Canon

2012-10-10 22:00 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-10 22:00 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-10-10 22:00 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-10-10 22:00 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 22:00 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-10 22:00 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 22:00 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-10 22:00 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 22:00 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-10 22:00 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 22:00 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 22:00 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-10 22:00 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 09:04 . 2011-03-09 16:15 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-06 01:44 . 2012-10-06 00:59 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-06 01:44 . 2011-06-19 01:16 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-24 11:15 . 2012-10-05 18:53 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-10-05 18:53 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-10-05 18:53 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-10-05 18:53 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-10-05 18:53 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-10-05 18:53 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-10-05 18:53 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-10-05 18:53 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-10-05 18:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-10-05 18:53 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-10-05 18:53 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-10-05 18:53 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-10-05 18:53 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-10-05 18:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-10-05 18:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-10-05 18:53 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-10-05 18:53 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-10-05 18:53 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-10-05 18:53 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-10-05 18:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-10-05 18:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-10-05 18:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-13 23:52 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-13 23:52 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-13 23:50 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-13 23:52 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-10-04 19:34 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 19:01 . 2012-10-05 22:23 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 19:01 . 2011-03-19 06:22 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 19:01 . 2011-03-19 06:22 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 17:38 . 2012-10-10 22:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-09 16:38 . 2012-08-09 16:38 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-06 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Citi Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2009-07-10 372736]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-07-07 273544]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]

"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-09-27 439440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-14 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 94600793;94600793; [x]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-09 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 20:50]

.

2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-07 20:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-15 10918504]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\uwcdrsmu.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-1ClickDownloader - c:\program files (x86)\1ClickDownload\uninstall.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-05 21:41:54

ComboFix-quarantined-files.txt 2012-11-06 04:41

ComboFix2.txt 2012-11-04 22:19

ComboFix3.txt 2012-11-01 23:49

ComboFix4.txt 2012-11-01 17:52

.

Pre-Run: 186,659,569,664 bytes free

Post-Run: 186,749,472,768 bytes free

.

- - End Of File - - 466EB4CDA8FA58D311122C73CC39F7F0

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.