Missing "Manage Network Connections" menu -- Vista

[davejjj]

I have a situation on a laptop running Vista that may indicate an infection. I have blue screens several times per week and I have no ability to get to the Manage Network Connections menu. The window for that menu can be seen briefly appearing and then vanishing. MalwareBytes and MSE do not detect anything.

Advice would be appreciated.

I've attached the two logs.

Thanks,

Dave

dds.txt

attach.zip

[TheDarkKnight]

I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear.

Please post the contents of the logs, as malware writers would like nothing more than to infect the computers of helpers, such as myself. Thanks!

[TheDarkKnight]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[TheDarkKnight]

Do you still require help?

[davejjj]

I'm sorry, I haven't checked in here for a week due to some personal distractions. Let me post the first file and then you can tell me what else you might like to see. Thanks.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by User at 10:03:20 on 2013-01-08

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.907 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Apache\Apache Software Foundation\Apache2.2\bin\httpd.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\SearchIndexer.exe

C:\Apache\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Windows\system32\igfxsrvc.exe

C:\Apache\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Users\User\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Mozilla Firefox\firefox.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWindow Title = Internet Explorer, optimized for Bing and MSN

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\apache\apache software foundation\apache2.2\bin\ApacheMonitor.exe

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{267163EB-6683-426F-9573-70622D110D47} : DHCPNameServer = 10.1.1.1

TCP: Interfaces\{5D0B3FA6-DF2B-406A-BC72-3F82FB9639FD} : NameServer = 24.217.0.5,24.217.201.67

TCP: Interfaces\{D43DD3A2-F41C-457F-A54A-08F702645DEE} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

Hosts: 127.0.0.1 ads.mcafee.com

Hosts: 127.0.0.1 analytics.microsoft.com

Hosts: 127.0.0.1 metrics.bitdefender.com

Hosts: 127.0.0.1 metrics.mcafee.com

Hosts: 127.0.0.1 om.symantec.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\cfvgke5q.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]

R2 Apache2.2;Apache2.2;c:\apache\apache software foundation\apache2.2\bin\httpd.exe [2012-1-28 20549]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 99272]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]

S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]

.

=============== File Associations ===============

.

FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-01-07 17:12:01 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a05b0f4a-50a6-4b1f-b7c7-f06809da11aa}\mpengine.dll

2013-01-06 15:54:08 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-12-24 22:19:59 -------- d-----w- c:\users\user\appdata\roaming\Moyea

2012-12-24 22:18:35 -------- d-----w- c:\program files\Moyea

2012-12-24 04:26:16 -------- d-----w- c:\users\user\appdata\local\IsolatedStorage

2012-12-24 04:12:49 -------- d-----w- c:\program files\WPF Toolkit

2012-12-24 04:11:44 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2012-12-24 04:09:34 -------- d-----w- c:\program files\Microsoft Expression

2012-12-22 05:16:27 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-22 05:16:27 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-18 03:31:30 -------- d--h--w- c:\windows\msdownld.tmp

2012-12-12 22:17:10 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-12-12 22:17:08 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-12-12 22:17:08 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-12-12 22:17:08 16896 ----a-w- c:\windows\system32\winusb.dll

2012-12-12 22:17:08 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-12-12 22:17:07 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-12-12 22:17:07 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-12-12 22:17:07 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-12-12 22:17:05 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-12-12 22:17:05 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-12-12 22:17:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-12-12 11:25:09 2048000 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 11:25:08 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 11:25:08 23040 ----a-w- c:\windows\system32\dpnsvr.exe

2012-12-12 11:25:07 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-12-12 11:24:52 2048 ----a-w- c:\windows\system32\tzres.dll

.

==================== Find3M ====================

.

2012-12-25 23:02:45 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-25 23:02:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-25 09:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 09:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 10:04:34.64 ===============

[TheDarkKnight]

davejjj,

My apologies for the delay as I didn't have internet these two days.

Thank you for the log.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

[davejjj]

I tried to paste the log in this message but it complained that it was too long.

So I posted it here: http://pastebin.com/M2MswVbX

----------------------------------------------------------------------------------------------------------------

Below is the beginning and end of the log file:

ComboFix 13-01-21.01 - User 01/21/2013 10:49:05.1.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1062 [GMT -6:00]

Running from: c:\users\User\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\npf.sys

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))

.

[...]

[7] 2008-01-21 . 22CFAEB9172F5F198048401485CD0571 . 9216 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.0.6001.18000_none_cbb305c23187855a\WSHTCPIP.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-05 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-05 81920]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-10-05 86016]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-16 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-16 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-16 133656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Apache Servers.lnk - c:\apache\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2012-1-28 41051]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3667368273-239511518-4274841958-1000]

"EnableNotificationsRef"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:08]

.

2013-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3667368273-239511518-4274841958-1000Core.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 15:58]

.

2013-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3667368273-239511518-4274841958-1000UA.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 15:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

TCP: Interfaces\{5D0B3FA6-DF2B-406A-BC72-3F82FB9639FD}: NameServer = 24.217.0.5,24.217.201.67

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\cfvgke5q.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-21 11:07

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3960)

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\apache\Apache Software Foundation\Apache2.2\bin\httpd.exe

c:\program files\Heimdal\HeimdalSecureDNS\DnsService.exe

c:\apache\Apache Software Foundation\Apache2.2\bin\httpd.exe

c:\program files\Heimdal\Service\HeimdalAgentService.exe

c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE

c:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Heimdal\Client\HeimdalAgent.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\igfxsrvc.exe

.

**************************************************************************

.

Completion time: 2013-01-21 11:22:25 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-21 17:22

.

Pre-Run: 25,610,874,880 bytes free

Post-Run: 27,900,276,736 bytes free

.

- - End Of File - - 8119A578CEE2B81F5232586F859882D3

[TheDarkKnight]

Morning davejjj,

ComboFix didn't find anything.

Please download OTL.exe by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
  
• In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:
  
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click Run Scan and let the program run uninterrupted.
  
• When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  
• You may need to use two posts to get it all.

[davejjj]

Ok, I'm going to wait another day or two on this. I'm afraid I might render this computer unusable. I have some stuff on it that I need. Sorry for the delay.

Dave

[TheDarkKnight]

Hello davejjj,

OTL is a diagnostic tool and won't make any changes to your computer. It will gather information.

[davejjj]

OTL logfile created on: 1/26/2013 12:38:31 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.08% Memory free

4.22 Gb Paging File | 2.63 Gb Available in Paging File | 62.45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 26.35 Gb Free Space | 35.35% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/26 00:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

PRC - [2013/01/16 06:51:32 | 000,094,280 | ---- | M] (Microsoft) -- C:\Program Files\Heimdal\HeimdalSecureDNS\DNSService.exe

PRC - [2013/01/16 06:51:12 | 001,139,272 | ---- | M] (CSIS Security Group) -- C:\Program Files\Heimdal\Client\HeimdalAgent.exe

PRC - [2013/01/16 06:50:56 | 000,150,088 | ---- | M] (CSIS Security Group) -- C:\Program Files\Heimdal\Service\HeimdalAgentService.exe

PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/08/27 10:00:20 | 000,512,000 | ---- | M] (Oracle Corporation) -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE

PRC - [2011/08/27 09:58:50 | 115,773,440 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe

PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/02 15:33:16 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/10 00:41:33 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\a379b2e18ccf462ff63e86ee309c600b\System.WorkflowServices.ni.dll

MOD - [2013/01/10 00:40:40 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b26c0ed378c4b15c60cef0baada4e0dc\System.ServiceModel.Routing.ni.dll

MOD - [2013/01/10 00:40:08 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ebf949aee7febad1902974b1a2bd77a2\System.ServiceModel.Discovery.ni.dll

MOD - [2013/01/10 00:40:05 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\800370766976fd4ec232b4e29781717d\System.ServiceModel.Channels.ni.dll

MOD - [2013/01/10 00:39:44 | 001,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9714573400d1d3724808c63f1fd6de83\System.ServiceModel.Web.ni.dll

MOD - [2013/01/10 00:19:33 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll

MOD - [2013/01/10 00:19:31 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\34b227d0afc72e9f53903ae338ac06a3\Microsoft.VisualBasic.ni.dll

MOD - [2013/01/10 00:19:19 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b15622741724e17f1335c4771c3700a0\System.ServiceModel.Activities.ni.dll

MOD - [2013/01/10 00:19:10 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll

MOD - [2013/01/10 00:19:05 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll

MOD - [2013/01/10 00:14:55 | 012,079,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\269a06a09ecdc960ccbd727f647ceedb\System.Web.ni.dll

MOD - [2013/01/09 14:15:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll

MOD - [2013/01/09 14:15:41 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll

MOD - [2013/01/09 14:15:40 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll

MOD - [2013/01/09 14:15:39 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll

MOD - [2013/01/09 14:15:38 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll

MOD - [2013/01/09 13:58:56 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll

MOD - [2013/01/09 13:58:50 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll

MOD - [2013/01/09 13:58:33 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll

MOD - [2013/01/09 13:58:32 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll

MOD - [2013/01/09 13:58:30 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll

MOD - [2013/01/09 13:58:28 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll

MOD - [2013/01/09 13:58:23 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll

MOD - [2013/01/09 13:58:17 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c300c8ca0910bbffb16a244b56be6d05\System.Numerics.ni.dll

MOD - [2013/01/09 13:58:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll

MOD - [2012/11/29 15:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2007/07/23 13:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld -- (MySQL)

SRV - [2013/01/18 23:51:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/01/16 06:51:32 | 000,094,280 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Heimdal\HeimdalSecureDNS\DNSService.exe -- (HeimdalSecureDNS)

SRV - [2013/01/16 06:50:56 | 000,150,088 | ---- | M] (CSIS Security Group) [Auto | Running] -- C:\Program Files\Heimdal\Service\HeimdalAgentService.exe -- (HeimdalService)

SRV - [2013/01/14 11:08:02 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/08/27 10:01:00 | 000,012,800 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)

SRV - [2011/08/27 10:00:20 | 000,512,000 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE -- (OracleXETNSListener)

SRV - [2011/08/27 09:59:56 | 000,069,632 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)

SRV - [2011/08/27 09:58:52 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)

SRV - [2011/08/27 09:58:50 | 115,773,440 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)

SRV - [2008/01/20 20:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)

DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/09/22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)

DRV - [2009/04/10 22:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)

DRV - [2008/01/20 20:23:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)

DRV - [2007/12/23 15:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)

DRV - [2007/10/04 19:24:00 | 007,628,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/09/26 06:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)

DRV - [2007/07/23 13:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLADResM.SYS -- (DLADResM)

DRV - [2007/07/23 13:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007/07/23 13:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007/07/23 13:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007/07/23 13:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007/07/23 13:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007/07/23 13:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007/07/23 13:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007/07/23 12:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/07/23 12:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 69 0E FE D6 FC CC 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledAddons: redirector%40einaregilsson.com:2.8.1

FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1

FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 23:51:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 23:50:33 | 000,000,000 | ---D | M]

[2012/01/22 14:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions

[2013/01/10 13:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\cfvgke5q.default\extensions

[2013/01/10 13:21:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\cfvgke5q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/05/17 12:38:02 | 000,000,000 | ---D | M] (Redirector) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\cfvgke5q.default\extensions\redirector@einaregilsson.com

[2012/12/12 15:45:06 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\cfvgke5q.default\extensions\firebug@software.joehewitt.com.xpi

[2012/03/07 19:13:13 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\cfvgke5q.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi

[2012/08/23 10:13:17 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\cfvgke5q.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

[2013/01/18 23:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/01/18 23:51:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/10/10 19:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/10/10 19:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL

CHR - plugin: Java Platform SE 7 U9 (Disabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Disabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Disabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Disabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Disabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: HTML5 Outliner = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\afoibpobokebhgfnknfndkgemglggomo\0.5.1.72_0\

CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: FlashBlock = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.12_0\

CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: W3C HTML5 & CSS3 Validator = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kobpbiokkobnmnaefmpcodeeficgbfkg\1.1.1_0\

CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/21 12:06:04 | 000,582,356 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost #[iPv6]

O1 - Hosts: 127.0.0.1 clickbooth.com

O1 - Hosts: 127.0.0.1 jmp.clickbooth.com

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 abcstats.com

O1 - Hosts: 127.0.0.1 a.abv.bg

O1 - Hosts: 127.0.0.1 adserver.abv.bg

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 ca.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 achmedia.com

O1 - Hosts: 127.0.0.1 aconti.net

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 csh.actiondesk.com

O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 15668 more lines...

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.11.2)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.1.0.cab (SysInfo Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{267163EB-6683-426F-9573-70622D110D47}: DhcpNameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D0B3FA6-DF2B-406A-BC72-3F82FB9639FD}: NameServer = 24.217.0.5,24.217.201.67

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D43DD3A2-F41C-457F-A54A-08F702645DEE}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/26 00:35:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2013/01/21 14:44:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\wrt54glv1.1

[2013/01/21 11:22:27 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/01/21 11:22:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp

[2013/01/21 11:04:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013/01/21 10:45:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/01/21 10:45:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/01/21 10:45:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/01/21 10:45:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/21 10:45:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/01/21 09:35:51 | 005,024,380 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe

[2013/01/18 23:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/01/17 11:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSIS Heimdal

[2013/01/14 22:59:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Subversion

[2013/01/14 22:58:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SQL Developer

[2013/01/14 11:09:02 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/01/14 11:08:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/01/14 11:08:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/01/14 11:08:52 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/01/14 11:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CSIS

[2013/01/14 11:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Heimdal

[2013/01/13 11:39:46 | 000,000,000 | ---D | C] -- C:\Users\User\Oracle

[2013/01/13 11:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle Database 11g Express Edition

[2013/01/13 11:37:16 | 000,000,000 | ---D | C] -- C:\oraclexe

[2013/01/10 18:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

[2013/01/10 18:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client

[2013/01/10 12:37:24 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\resumes

[2013/01/09 10:29:39 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013/01/09 10:29:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2013/01/08 10:01:30 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.com

[2013/01/07 10:58:22 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Eduard

[2013/01/02 20:30:44 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\whiskey

[2012/12/31 11:04:08 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\porky

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/26 00:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2013/01/26 00:13:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3667368273-239511518-4274841958-1000UA.job

[2013/01/25 23:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/01/25 23:33:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/25 23:33:25 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/25 23:33:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/25 14:59:35 | 2135,044,096 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/25 14:59:31 | 193,637,919 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/01/22 10:13:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3667368273-239511518-4274841958-1000Core.job

[2013/01/21 12:06:04 | 000,582,356 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013/01/21 09:36:31 | 005,024,380 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe

[2013/01/20 10:51:45 | 001,024,236 | ---- | M] () -- C:\Users\User\Desktop\Three Amigos.zip

[2013/01/14 11:20:00 | 000,711,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/01/14 11:20:00 | 000,145,836 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/01/14 11:08:44 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/01/14 11:08:41 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/01/14 11:08:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/01/14 11:08:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/01/14 11:08:40 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll

[2013/01/14 11:08:40 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/01/14 11:08:01 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/01/14 11:08:01 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/01/11 15:01:59 | 000,000,600 | ---- | M] () -- C:\Users\User\AppData\Local\PUTTY.RND

[2013/01/11 01:07:26 | 000,055,296 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/01/09 22:14:30 | 000,373,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/01/08 10:01:35 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.com

[2013/01/06 12:14:13 | 001,071,787 | ---- | M] () -- C:\Users\User\Desktop\AnvilStudio.pdf

[2012/12/28 16:58:15 | 008,136,935 | ---- | M] () -- C:\Users\User\Desktop\IBM-Smarter-Cities-Challenge-St-Louis-Report.pdf

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/21 10:45:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/01/21 10:45:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/01/21 10:45:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/01/21 10:45:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/01/21 10:45:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/01/20 10:51:43 | 001,024,236 | ---- | C] () -- C:\Users\User\Desktop\Three Amigos.zip

[2013/01/14 11:08:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/01/11 15:01:59 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Local\PUTTY.RND

[2013/01/06 12:14:09 | 001,071,787 | ---- | C] () -- C:\Users\User\Desktop\AnvilStudio.pdf

[2012/12/28 16:58:09 | 008,136,935 | ---- | C] () -- C:\Users\User\Desktop\IBM-Smarter-Cities-Challenge-St-Louis-Report.pdf

[2012/04/10 22:32:49 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/02/02 10:01:33 | 000,055,296 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/21 12:01:05 | 000,019,124 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 06:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2009/08/21 12:49:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2013/01/21 11:22:25 | 000,108,550 | ---- | M] () -- C:\ComboFix.txt

[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2013/01/25 14:59:35 | 2135,044,096 | -HS- | M] () -- C:\hiberfil.sys

[2010/09/16 13:13:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/09/16 13:13:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2013/01/25 14:59:31 | 2450,923,520 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-01-09 20:03:39

< End of report >

[davejjj]

OTL Extras logfile created on: 1/26/2013 12:38:31 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.08% Memory free

4.22 Gb Paging File | 2.63 Gb Available in Paging File | 62.45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 26.35 Gb Free Space | 35.35% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3667368273-239511518-4274841958-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{A4177E65-C9BC-44DB-A227-92C03CC1F6DA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{28A507F8-ADD9-496F-A46E-707D426347F7}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{5D7B4182-3DF9-44C2-B493-574341D2379B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{6183BC37-1598-4185-9BAA-F3F727327A68}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{68A64E0A-80B4-45CC-A47A-AB8134A86A70}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{75A18ACD-A063-4687-B546-B0031D2FD70E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{C947F683-2068-4566-98DE-300584EC0912}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{ED38ED76-ABA6-4056-918D-5FA8CCB0F221}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"TCP Query User{5F1D8545-3109-4E53-B37C-23AB07DF64EA}C:\program files\netbeans 7.1\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe |

"TCP Query User{A13265DE-F393-4A4D-B8BE-29D06AAD02A3}C:\program files\java\jdk1.7.0_02\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.7.0_02\bin\java.exe |

"TCP Query User{BD2C9619-45B6-4021-9233-4F307E16D5DE}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |

"UDP Query User{644C6760-0976-4E5E-B07B-2F5DD8E17C5D}C:\program files\netbeans 7.1\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe |

"UDP Query User{92BB54A0-7A8B-4577-9D51-8A4D87E99EA3}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |

"UDP Query User{DFDD9DCA-77B2-46CC-AA76-8E0B73EBFDC1}C:\program files\java\jdk1.7.0_02\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.7.0_02\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies

"{029A95A8-E814-4760-B5A1-0D46E2D62FB1}" = PHP 5.2.17

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition

"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module

"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4

"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4

"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files

"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{2020045B-8DCF-4449-8D5C-EB5BA37440F1}" = Microsoft SQL Server 2008 Management Studio

"{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK

"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK

"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java SE Development Kit 7 Update 2

"{33933681-9A64-4A5C-97F5-4F6AEDB9FA0F}" = MySQL Server 5.5

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files

"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4

"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1

"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services

"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)

"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)

"{83298573-A6B6-42AB-A234-FE91CA2859C0}" = Microsoft SQL Server 2008 Native Client

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.22

"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime

"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A5F5F0A-BE2D-4763-B764-BF6EFE93A68B}" = Adobe Flash Player 11 ActiveX

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1" = Moyea FLV Editor Lite version: 1.1.1.846

"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1

"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4

"{9B92B20A-6A19-428F-8BD0-52DF859B1C61}" = Adobe Shockwave Player 11.6

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4

"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services

"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer

"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec

"{C28422FB-F2CD-427A-ADED-9F281745CDB2}" = Secure Download Manager

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)

"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver

"{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared

"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support

"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2

"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)

"{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}" = Microsoft SQL Server 2008 Management Studio

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Blend_4.0.20525.0" = Microsoft Expression Blend 4

"Design_7.0.20516.0" = Microsoft Expression Design 4

"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4

"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4

"FileZilla Client" = FileZilla Client 3.6.0.2

"HDMI" = Intel® Graphics Media Accelerator Driver

"Heimdal" = Heimdal

"InstallShield_{05A7B662-80A3-4EB9-AE1D-89A62449431C}" = Oracle Database 11g Express Edition

"InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft Security Client" = Microsoft Security Essentials

"Microsoft SQL Server 10" = Microsoft SQL Server 2008

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"nbi-glassfish-mod-3.1.1.12.0" = GlassFish Server Open Source Edition 3.1.1

"nbi-nb-base-7.1.0.0.0" = NetBeans IDE 7.1

"nbi-tomcat-7.0.22.0.0" = Apache Tomcat 7.0.22

"NVIDIA Drivers" = NVIDIA Drivers

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"Web_4.0.1303.0" = Microsoft Expression Web 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/23/2013 12:23:34 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/24/2013 2:30:18 PM | Computer Name = User-PC | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not reliably determine the server's fully qualified domain name, using 192.168.1.104

for ServerName .

Error - 1/24/2013 2:31:48 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/25/2013 4:36:58 PM | Computer Name = User-PC | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not reliably determine the server's fully qualified domain name, using 192.168.1.104

for ServerName .

Error - 1/25/2013 4:38:27 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/25/2013 5:00:02 PM | Computer Name = User-PC | Source = Apache Service | ID = 3299

Description = The Apache service named reported the following error: >>> httpd.exe:

Could not reliably determine the server's fully qualified domain name, using 192.168.1.104

for ServerName .

Error - 1/25/2013 5:01:22 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10

Description =

Error - 1/25/2013 5:05:26 PM | Computer Name = User-PC | Source = ESENT | ID = 474

Description = Windows (2760) Windows: The database page read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb"

at offset 85278720 (0x0000000005154000) (database page 10409 (0x28A9)) for 8192

(0x00002000) bytes failed verification due to a page checksum mismatch. The expected

checksum was 4799075126007767765 (0x4299bd66881b22d5) and the actual checksum was

4796541890609637205 (0x4290bd6fb4116755). The read operation will fail with error

-1018 (0xfffffc06). If this condition persists then please restore the database

from a previous backup. This problem is likely due to faulty hardware. Please

contact your hardware vendor for further assistance diagnosing the problem.

Error - 1/25/2013 5:05:26 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3026

Description =

Error - 1/25/2013 5:05:26 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3602

Description =

Error - 1/25/2013 5:05:26 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 7040

Description =

[ System Events ]

Error - 1/22/2013 7:10:01 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7011

Description =

Error - 1/23/2013 12:23:35 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 1/24/2013 2:31:49 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 1/25/2013 1:27:24 AM | Computer Name = User-PC | Source = DCOM | ID = 10010

Description =

Error - 1/25/2013 4:38:28 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 1/25/2013 4:59:43 PM | Computer Name = User-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 2:58:34 PM on 1/25/2013 was unexpected.

Error - 1/25/2013 5:01:23 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 1/25/2013 5:04:40 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 1/25/2013 5:04:40 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 1/25/2013 5:04:42 PM | Computer Name = User-PC | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%886 Error Code: 0x8007041d Error description: The service did not respond to the

start or control request in a timely fashion. Reason: %%892

< End of report >

[TheDarkKnight]

G'day davejjj,

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  :OTL
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  :Commands
  [EmptyTemp]
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

You say that Manage Network Connections is missing. In Vista and later versions of Windows it has been renamed to Change Adapter Settings. Is that present?

=====

Please provide the contents of the OTL fix log and if the issue is still present.

[davejjj]

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: User

->Temp folder emptied: 384793 bytes

->Temporary Internet Files folder emptied: 12178012 bytes

->Java cache emptied: 14744829 bytes

->FireFox cache emptied: 207920213 bytes

->Google Chrome cache emptied: 288693723 bytes

->Apple Safari cache emptied: 12232704 bytes

->Flash cache emptied: 85375 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 341759 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 223261330 bytes

Total Files Cleaned = 725.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01272013_000002

Files\Folders moved on Reboot...

C:\Windows\temp\MpCmdRun.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[davejjj]

Change Adapter Settings under what menu? When I go to Control Panel I can click on Network and Sharing Center and then that page lists the following options on the left panel: Tasks: View computers and devices, Connect to a network, Manage network connections, Diagnose and repair. When I click on Manage Network Connections a new page attempts to open but then it dies, so I can't reach the page where you can set your ipconfig settings etc...

[TheDarkKnight]

Hey davejjj,

Please try the suggestions in this article:

http://answers.microsoft.com/en-us/windows/forum/windows_7-networking/cant-open-the-network-and-sharing-center-and-i/9e114764-93e2-4bb6-8e63-8a37d9e9762d

[davejjj]

Hi Dark Knight,

That did not seem to work but I will try searching Microsoft forums for this issue.

Thanks

Dave

[TheDarkKnight]

Hello davjjj,

I do not believe it is malware related, as your logs seem clean.

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start.
  
• When asked, allow the ActiveX control to install.
  
• Click Start.
  
• Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  
• Click Scan.
  Wait for the scan to finish.
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

[davejjj]

I guess I have corrupted Vista or maybe have a hardware problem. Thanks.

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=b1ad05d8db488f4b9b84864167a605c4

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-02-02 07:26:42

# local_time=2013-02-02 01:26:42 (-0600, Central Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 76929414 196397504 0 0

# scanned=201395

# found=0

# cleaned=0

# scan_time=6125

[TheDarkKnight]

Hey davejjj,

I believe that may be the case. If you have a Windows disc handy, you could try a repair.

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=====

Also, please download Windows Repair (all in one) from here.

• Install the program.
  
• Please proceed to run it.
  
• Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:
  
  
• Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:
  
  
• Go to Step 4 and under System Restore click on the Create button:
  
  
• Next, go to the Start Repairs tab and click the Start button.
  
  
• Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
  
  
• Click on the box next to the Restart System when Finished. Then click on Start.

=====

Please provide the contents of checkup.txt and if that program solved the issue.

[davejjj]

Alright, thanks you, let me get started on that. I have not checked in here for a few days.

I did notice that in my Microsoft Security Essentials history box there is a recent item. It says:

Detected item: Trojan:JS/IframeRef:I Date: Jan 22, 2013 Action: Removed

Thanks.

[TheDarkKnight]

Hello davejjj,

OK let me know how you go please.

[davejjj]

Results of screen317's Security Check version 0.99.57

Windows Vista Service Pack 2 x86 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Malwarebytes Anti-Malware version 1.70.0.1100

JavaFX 2.1.1

JavaFX 2.0.2 SDK

Java 7 Update 13

Java SE Development Kit 7 Update 2

Java version out of Date!

Adobe Flash Player 11.5.502.146

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox (18.0.1)

Google Chrome 24.0.1312.56

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

[TheDarkKnight]

Hello davejjj,

I notice that you have the User Account Control turned off. This is a very important security feature on Windows Vista and 7, as it allows you to restrict access to your computer and control programs that try to run. Please see below on how to turn it on:

http://windows.microsoft.com/en-AU/windows-vista/Turn-User-Account-Control-on-or-off

=====

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:

• Please go to the below link and download the latest Windows 7 version:
  

http://www.java.com/en/download/manual.jsp

• Save it to your Desktop.
  
• Please go to Start>Control Panel>Programs.
  
• Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them:
  
• Select Uninstall.
  
• Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

=====

Also, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

• Please go to Start>All Programs>Adobe Reader.
  
• Open Adobe Reader and navigate to Help>Check for Updates.
  
• Please follow the prompts to install the latest version.

=====

In your reply please let me know how the updates go.

[TheDarkKnight]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.