dykesc Posted January 29, 2013 ID:640876 Share Posted January 29, 2013 Experienced mass email distributions to people on my email contact list. Changed email program password but mass virus emails continued. Ran Malwarebytes and got one hit that identified a file which was something like "pup.offer.bundler...". File was removed by Malwarebytes. Unfortunately another mass email distribution occured after removal of this file. To stop the virus I then deleted all of my email contacts. I need to figure out what is causing this problem. See attached dds and attach files.dds.txtattach.txt Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 29, 2013 ID:640952 Share Posted January 29, 2013 I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. Please post the contents of the logs, as malware writers would like nothing more than to infect the computers of helpers, such as myself. Thanks!Please download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:netsvcsdrivers32%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINTHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsClick Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all. Link to post Share on other sites More sharing options...
dykesc Posted January 29, 2013 Author ID:641012 Share Posted January 29, 2013 Away from my computer until Thursday night. I'll run OTL then and post the logs. Thanks for your help. Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 30, 2013 ID:641101 Share Posted January 30, 2013 Hello dykesc,Sounds good. Link to post Share on other sites More sharing options...
dykesc Posted February 1, 2013 Author ID:641913 Share Posted February 1, 2013 DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_30Run by OWner at 9:32:08 on 2013-01-29Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.889 [GMT -6:00].AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\SLsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\ASUS\AASP\1.00.32\aaCenter.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\crypserv.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\nHancer\nHancerService.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\avshadow.exeC:\Program Files\BillP Studios\WinPatrol\WinPatrol.exeC:\Windows\System32\nvraidservice.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uStart Page = hxxp://att.my.yahoo.comuProxyServer = hxxp=127.0.0.1:57910uProxyOverride = <local>;*.localBHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - c:\program files\vshare\vshare_toolbar.dllBHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dllBHO: SBCONVERT Class: {A1056498-D09A-41E4-864B-505EDD640D9E} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Arcadesafari BHO: {adff4c9a-4f49-4a1f-8885-360e107b7938} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dllTB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - c:\program files\vshare\vshare_toolbar.dllTB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenteruRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exeuRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clearuRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressbootmRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [NVRaidService] c:\windows\system32\nvraidservice.exemRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [RtHDVCpl] RtHDVCpl.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0uPolicies-Explorer: DisallowRun = dword:1uPolicies-DisallowRun: 1 = avnotify.exeuPolicies-DisallowRun: 2 = ipmgui.exemPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cabDPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cabDPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cabDPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cabDPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.readyforcrysis.com/sysreqlab2.cabDPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://www.doylevisualmedia.com/activex/AMC.cabDPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cabDPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cabTCP: NameServer = 192.168.1.254 192.168.1.254TCP: Interfaces\{C4006B26-9C86-4752-B5B0-7B114F73878D} : DHCPNameServer = 192.168.1.254 192.168.1.254Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dllSTS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - c:\windows\system32\DreamScene.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.================= FIREFOX ===================.FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\2ympkwwi.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT168755&SearchSource=3&q=FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dllFF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dllFF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dllFF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dllFF - plugin: c:\program files\veetle\player\npvlc.dllFF - plugin: c:\program files\veetle\plugins\npVeetle.dllFF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dllFF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\users\owner\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dllFF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071701000002.dllFF - plugin: c:\users\owner\appdata\roaming\move networks\plugins\npqmp071705000014.dllFF - ExtSQL: !HIDDEN! 2009-08-14 01:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension.============= SERVICES / DRIVERS ===============.R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-31 36000]R1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;c:\windows\system32\drivers\VSPE.sys [2011-7-2 25984]R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-8-31 86224]R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-8-31 110032]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-11 83392]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-5 21504]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-28 398184]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-10-23 682344]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-10-23 21104]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate1c9be0d3d443554;Google Update Service (gupdate1c9be0d3d443554);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-10-26 1153368]S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-7-12 12672]S3 PIXMCV;Victor Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2004-6-3 33792]S3 PIXMCVA;Victor PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2004-3-20 38144]S3 PIXMCVV;Victor PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2004-3-27 32768]S3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\drivers\ser2rs.sys [2007-6-25 76288]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2013-01-20 05:54:56 -------- d-----w- c:\program files\Mozilla Firefox(18)2013-01-09 08:50:22 2048000 ----a-w- c:\windows\system32\win32k.sys2013-01-09 08:49:58 204288 ----a-w- c:\windows\system32\ncrypt.dll2013-01-09 08:49:57 1400832 ----a-w- c:\windows\system32\msxml6.dll2013-01-03 06:15:12 -------- d-----w- c:\users\owner\appdata\local\Arcadesafari.==================== Find3M ====================.2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe2007-07-06 23:29:39 694668 ----a-w- c:\program files\unins000.exe2001-09-28 22:00:28 164864 ------w- c:\program files\UNWISE.EXE.============= FINISH: 9:33:19.30 ===============NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ UltimateBoot Device: \Device\HarddiskVolume1Install Date: 3/24/2007 12:58:52 AMSystem Uptime: 1/28/2013 9:45:30 PM (12 hours ago).Motherboard: ASUSTeK Computer INC. | | P5N-E SLIProcessor: Intel® Core2 CPU 6700 @ 2.66GHz | Socket 775 | 2666/266mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 373 GiB total, 150.095 GiB free.D: is CDROM ()F: is CDROM ().==== Disabled Device Manager Items =============.Class GUID:Description:Device ID: USB\VID_062A&PID_0201&MI_01\6&2BF301B4&0&0001Manufacturer:Name:PNP Device ID: USB\VID_062A&PID_0201&MI_01\6&2BF301B4&0&0001Service:.==== System Restore Points ===================.RP2553: 1/20/2013 1:23:00 AM - Scheduled CheckpointRP2554: 1/21/2013 2:11:22 AM - Scheduled CheckpointRP2555: 1/22/2013 12:07:50 AM - Scheduled CheckpointRP2556: 1/23/2013 4:03:13 AM - Scheduled CheckpointRP2557: 1/24/2013 1:00:01 AM - Scheduled CheckpointRP2558: 1/24/2013 2:33:24 PM - Scheduled CheckpointRP2559: 1/25/2013 4:03:29 AM - Scheduled CheckpointRP2560: 1/26/2013 3:24:00 AM - Scheduled CheckpointRP2561: 1/27/2013 12:00:03 AM - Scheduled CheckpointRP2562: 1/28/2013 12:00:04 AM - Scheduled CheckpointRP2563: 1/29/2013 12:13:57 AM - Scheduled Checkpoint.==== Installed Programs ======================.AAV ColorLab 32-bit 1.0.10.0Active Sky Advanced Upgrade From ASXActive Sky EvolutionActive Sky XADDS Flight Path ToolAdobe AIRAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 8.2.0Amateur Contact Log 3.0Amateur Contact Log 3.0 (C:\Program Files\ACLog 3.0\)AOPA's Real-Time Flight Planner 1.2.2AOPA 177 Cardinal for FSXApple Application SupportApple Mobile Device SupportApple Software UpdateArcadesafariARCS II Version 1.20ArcSoft PhotoImpression 5ASUSUpdateAT&T Yahoo! MessengerATT eChat Support ToolsAutoUpdateAvira Free AntivirusAXIS Media Control EmbeddedBonjourCarenado Mooney M20J FSXCarenado Piper Cherokee 180FCCleaner (remove only)Citrix Presentation Server Client - Web OnlyCitrix XenApp Web PluginCompatibility Pack for the 2007 Office systemCoreAVC Professional Edition (remove only)CPUID CPU-Z 1.51CrystalDiskMark 3.0.1cDe-Kooy-Texel-FADivX CodecDJ_SF_03_D1500_Software_MinDVD Architect Studio 5.0DVDFab 8.1.8.5 (24/05/2012) QtDX Atlas 2.25DXKeeperDXLabLauncherE-Trac XchangeEagle CUDA 240 S/GPS DemoEastern 206 - ATC FlightEasyPal 26/MAY/09EPSON TWAIN 5ESET Online ScannerESET Online Scanner v3EtracEm-V1-enExif Pilot 4.4EZNEC Demo v. 5.0EZNEC v. 5.0Flight Simulator XFlight Simulator X Service Pack 1Flight1 Citation MustangFormatFactory 2.70Fraps (remove only)FS Water Configurator 3.15FSX Bonus Multiplayer Racing MissionsGameShadowGeek Squad 24 Hour Computer SupportGeoAlert-Extreme Wizard 4.1.44GIMP 2.6.4Google ChromeGoogle EarthGoogle Toolbar for Internet ExplorerGoogle Update HelperGSpot Codec Information ApplianceH&R Block Deluxe + Efile + State 2009H&R Block Mississippi 2009Haali Media SplitterHam CAP 1.61Ham Radio DeluxeHijackThis 2.0.2Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Deskjet D1500 Printer Driver 10.0 Rel .3iCloudImgBurnIonoProbe 1.36ISO RecorderITS HF Propagation 2008.01.21ITS HF Propagation 2009.03.26iTunesJava Auto UpdaterJava 6 Update 30Juniper Networks, Inc. Setup ClientJuniper Networks, Inc. Setup Client Activex ControlLightScribe 1.4.142.1LightScribe ApplicationsLightScribe Diagnostic UtilityLightscribe Extended Label Contrast Utilitylink700Malwarebytes Anti-Malware version 1.70.0.1100Media Player Classic - Home Cinema v1.5.1.2903MetaFrame Presentation Server Web Client for Win32Metal Detectives UniversityMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Flight Simulator XMicrosoft Flight Simulator X Service Pack 1Microsoft Flight Simulator X: AccelerationMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft Office Word Viewer 2003Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219mini Ring Core Calculator 1.2MobileMe Control PanelMooney 20J High Definition Virtual CockpitMorse MachineMove Media PlayerMovie Studio Platinum 12.0Mozilla Firefox 18.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRT RedistsMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKNet LoggernHancerNVIDIA Control Panel 306.97NVIDIA DriversNVIDIA Graphics Driver 306.97NVIDIA Install ApplicationNVIDIA nTuneNVIDIA PhysXNVIDIA Stereoscopic 3D DriverNVIDIA Update 1.3.5NVIDIA Update ComponentsOGA Notifier 2.0.0048.0OpenOffice.org Installer 1.0PC Probe IIPdf995 (installed by TaxCut)PdfEdit995 (installed by TaxCut)Ping Plotter FreewarePMapServer7QuickTimeRadar Contact Version 4.3Real Environment XtremeReal Environment Xtreme 2.0RealPlayerRealtek High Definition Audio DriverRealUpgrade 1.0RefManager 1.0RevLoadSafariSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Windows Media Encoder (KB2447961)Security Update for Windows Media Encoder (KB954156)Security Update for Windows Media Encoder (KB979332)Silent Hunter 5Silent Hunter Wolves of the PacificSpeedBit Video DownloaderSpeedFan (remove only)Spelling Dictionaries Support For Adobe Reader 8SpotCollectorSpybot - Search & DestroySpywareBlaster 4.2System Requirements LabTaxCut Mississippi 2007TaxCut Premium + State 2007ToolboxTreasure ValleyTrustedQSL 1.13Ubisoft Game LauncherUI-View32Uninstall Digital Binoculars DriverUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Veetle TV 0.9.17Vegas Movie Studio HD Platinum 11.0Visualizer Photo ResizeVLC media player 1.1.11VOAPropvShare PluginW6ELPropWD Discovery SoftwareWinCAP Wizard 5.0.10Windows 7 Upgrade AdvisorWindows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)Windows Media Encoder 9 SeriesWindows Media Player Firefox PluginWinPatrol 2009WinRAR archiverXPaxYahoo! BrowserPlus 2.9.8.==== Event Viewer Messages From Past Week ========.1/29/2013 2:49:32 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).1/29/2013 2:49:32 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).1/29/2013 1:03:21 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).1/28/2013 9:48:27 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.1/28/2013 9:47:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).1/28/2013 9:47:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).1/28/2013 9:47:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.1/28/2013 9:46:54 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.1/28/2013 9:46:50 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.1/28/2013 9:46:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt1/28/2013 9:46:50 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.1/28/2013 9:46:50 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.1/28/2013 9:46:50 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.1/28/2013 9:46:50 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.1/28/2013 9:46:03 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer PDF995 with shared resource name PDF995. Error 2114. The printer cannot be used by others on the network.1/28/2013 9:45:58 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 192.168.1.97:63331. The error status code is contained within the returned data.1/28/2013 9:45:46 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.1/28/2013 7:27:08 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 24 time(s).1/28/2013 6:24:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 26 time(s).1/28/2013 3:46:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 25 time(s).1/28/2013 1:19:37 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 23 time(s).1/27/2013 6:18:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 22 time(s).1/27/2013 3:05:41 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 21 time(s).1/26/2013 4:13:59 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s).1/26/2013 4:13:58 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s).1/26/2013 2:22:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s).1/26/2013 11:48:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 20 time(s).1/25/2013 7:47:46 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).1/25/2013 7:45:31 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).1/25/2013 4:52:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.1/25/2013 4:52:47 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/25/2013 4:52:46 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).1/25/2013 4:52:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}1/25/2013 3:36:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).1/25/2013 2:11:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).1/25/2013 10:32:10 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).1/24/2013 9:18:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).1/24/2013 9:18:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).1/24/2013 9:17:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).1/24/2013 9:17:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).1/24/2013 10:29:51 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.97 for the Network Card with network address 001A92249F20 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).1/24/2013 10:29:49 AM, Error: EventLog [6008] - The previous system shutdown at 4:57:59 AM on 1/24/2013 was unexpected..==== End Of File =========================== Link to post Share on other sites More sharing options...
dykesc Posted February 1, 2013 Author ID:641914 Share Posted February 1, 2013 OTL logfile created on: 1/31/2013 10:04:18 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OWner\DesktopWindows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.16% Memory free3.89 Gb Paging File | 2.66 Gb Available in Paging File | 68.27% Paging File freePaging file location(s): c:\pagefile.sys 2000 3067 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 372.61 Gb Total Space | 151.19 Gb Free Space | 40.58% Space Free | Partition Type: NTFSComputer Name: RCZMB04N | User Name: OWner | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2013/01/31 22:01:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OWner\Desktop\OTL.exePRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/10/02 13:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exePRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2012/08/31 19:39:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exePRC - [2012/08/31 19:38:31 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exePRC - [2012/08/31 19:38:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exePRC - [2012/08/31 19:38:12 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exePRC - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exePRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exePRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acPRC - [2010/08/02 06:20:23 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exePRC - [2009/06/01 10:41:11 | 000,341,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exePRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exePRC - [2009/01/26 19:37:22 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Program Files\nHancer\nHancerService.exePRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exePRC - [2007/07/11 00:09:52 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exePRC - [2006/12/22 18:12:38 | 000,178,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exePRC - [2006/09/21 17:33:15 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe========== Modules (No Company Name) ==========MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2007/09/14 09:58:00 | 000,059,904 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll========== Services (SafeList) ==========SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)SRV - [2013/01/20 13:22:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2012/08/31 19:39:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)SRV - [2012/08/31 19:38:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)SRV - [2009/01/26 19:37:22 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Program Files\nHancer\nHancerService.exe -- (nHancer)SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)SRV - [2006/09/21 17:33:15 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\OWner\AppData\Local\Temp\mbr.sys -- (mbr)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\OWner\AppData\Local\Temp\catchme.sys -- (catchme)DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)DRV - [2012/08/31 19:40:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)DRV - [2012/08/31 19:40:48 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)DRV - [2012/08/31 19:40:46 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)DRV - [2012/08/31 19:40:45 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)DRV - [2012/08/19 21:14:04 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)DRV - [2012/08/19 21:14:04 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)DRV - [2012/04/13 09:05:20 | 000,062,216 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)DRV - [2012/04/13 09:05:06 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)DRV - [2011/07/02 10:05:20 | 000,025,984 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)DRV - [2011/03/18 10:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)DRV - [2010/09/22 13:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)DRV - [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132)DRV - [2008/07/15 20:10:18 | 000,068,730 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)DRV - [2007/09/04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)DRV - [2007/07/02 23:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)DRV - [2007/06/25 07:14:32 | 000,076,288 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2rs.sys -- (Ser2rs)DRV - [2007/05/03 17:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)DRV - [2007/04/29 16:58:32 | 000,023,944 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)DRV - [2006/12/22 18:07:04 | 000,122,880 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)DRV - [2006/10/18 13:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)DRV - [2006/10/18 12:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)DRV - [2006/01/09 20:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)DRV - [2004/06/03 20:10:36 | 000,033,792 | ---- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pixmcvc.sys -- (PIXMCV)DRV - [2004/03/27 00:56:10 | 000,032,768 | ---- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pixmcvv.sys -- (PIXMCVV)DRV - [2004/03/20 04:27:26 | 000,038,144 | ---- | M] (Pixela) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pixmcva.sys -- (PIXMCVA)DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_enIE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.localIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57910========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"FF - prefs.js..browser.search.defaultthis.enginename: "web-radio Customized Web Search"FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT168755&SearchSource=3&q="FF - prefs.js..browser.search.suggest.enabled: falseFF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0FF - prefs.js..extensions.enabledAddons: module%40com.arcadesafari.firefox:2.1.335FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0FF - user.js - File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\OWner\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\OWner\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\OWner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/23 23:03:55 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/20 13:22:33 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/20 13:22:28 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\OWner\AppData\Roaming\Move Networks [2012/08/23 23:04:06 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\module@com.arcadesafari.firefox: C:\Users\OWner\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox [2013/01/03 00:15:14 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/20 13:22:33 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/20 13:22:28 | 000,000,000 | ---D | M][2009/02/13 19:00:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWner\AppData\Roaming\mozilla\Extensions[2012/12/24 09:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OWner\AppData\Roaming\mozilla\Firefox\Profiles\2ympkwwi.default\extensions[2012/08/23 23:04:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\OWner\AppData\Roaming\mozilla\Firefox\Profiles\2ympkwwi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2012/12/24 09:53:38 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\OWner\AppData\Roaming\mozilla\firefox\profiles\2ympkwwi.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi[2009/01/15 09:58:06 | 000,000,878 | ---- | M] () -- C:\Users\OWner\AppData\Roaming\mozilla\firefox\profiles\2ympkwwi.default\searchplugins\conduit.xml[2013/01/03 00:15:14 | 000,000,000 | ---D | M] (Arcadesafari) -- C:\USERS\OWNER\APPDATA\LOCAL\ARCADESAFARI\MODULE@COM.ARCADESAFARI.FIREFOX[2013/01/20 13:22:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll[2013/01/20 13:22:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2013/01/20 13:22:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - homepage: http://www.google.comCHR - Extension: Arcadesafari = C:\Users\OWner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmeemomfelpigklppifflheakfpkfjjg\CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OWner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.2\O1 HOSTS File: ([2009/07/11 01:41:54 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not foundO4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not foundO4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = avnotify.exeO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ipmgui.exeO9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO15 - HKCU\..Trusted Domains: att.net ([www] http in Trusted sites)O15 - HKCU\..Trusted Domains: dxspots.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: netlogger.org ([www] http in Trusted sites)O15 - HKCU\..Trusted Domains: omiss.net ([]http in Trusted sites)O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.readyforcrysis.com/sysreqlab2.cab (Reg Error: Key error.)O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://www.doylevisualmedia.com/activex/AMC.cab (AxisMediaControlEmb Class)O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab (Reg Error: Value error.)O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4006B26-9C86-4752-B5B0-7B114F73878D}: DhcpNameServer = 192.168.1.254 192.168.1.254O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)O24 - Desktop WallPaper: C:\Users\OWner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmpO24 - Desktop BackupWallPaper: C:\Users\OWner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not foundO37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not foundO38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)NetSvcs: FastUserSwitchingCompatibility - File not foundNetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)NetSvcs: Nla - File not foundNetSvcs: Ntmssvc - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: Sharedaccess - File not foundNetSvcs: SRService - File not foundNetSvcs: WmdmPmSp - File not foundNetSvcs: LogonHours - File not foundNetSvcs: PCAudit - File not foundNetSvcs: helpsvc - File not foundNetSvcs: uploadmgr - File not foundDrivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)Drivers32: VIDC.JDCT - C:\Windows\System32\jl_jdct.drv (JEILIN Tech.)Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)CREATERESTOREPOINTRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2013/01/31 22:01:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OWner\Desktop\OTL.exe[2013/01/28 20:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive[2013/01/20 13:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2013/01/19 23:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(18)[2013/01/09 02:50:22 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys[2013/01/09 02:49:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll[2013/01/03 19:21:08 | 000,000,000 | ---D | C] -- C:\Users\OWner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus[2013/01/03 00:15:17 | 000,000,000 | ---D | C] -- C:\Users\OWner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arcadesafari[2013/01/03 00:15:12 | 000,000,000 | ---D | C] -- C:\Users\OWner\AppData\Local\Arcadesafari[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ][1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2013/01/31 22:01:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OWner\Desktop\OTL.exe[2013/01/31 21:54:56 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job[2013/01/31 21:49:26 | 000,005,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2013/01/31 21:49:26 | 000,005,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2013/01/31 21:18:18 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\Arcadesafari.job[2013/01/31 21:14:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/01/31 08:50:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_OWner.job[2013/01/30 22:14:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/01/30 12:41:28 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_OWner.job[2013/01/28 21:46:02 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_OWner.job[2013/01/28 21:45:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/01/28 21:20:17 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/01/28 01:19:36 | 000,000,157 | ---- | M] () -- C:\Users\OWner\Desktop\Ashokan Farewell.url[2013/01/24 10:36:49 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2013/01/24 10:36:49 | 000,104,202 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2013/01/20 09:29:37 | 000,001,995 | ---- | M] () -- C:\Users\OWner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2013/01/11 18:42:44 | 000,482,017 | ---- | M] () -- C:\Users\OWner\Desktop\Mississippi Comprehensive Health Insurance Risk Pool Application.pdf[2013/01/11 18:11:38 | 000,062,211 | ---- | M] () -- C:\Users\OWner\Desktop\Hill-Burton Facilities Obligated to Provide Free or Reduced-Cost Health Care.htm[2013/01/11 18:06:45 | 000,158,209 | ---- | M] () -- C:\Users\OWner\Desktop\Claiborne County Health Centers.pdf[2013/01/09 03:27:51 | 000,235,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ][1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2013/01/28 01:19:12 | 000,000,157 | ---- | C] () -- C:\Users\OWner\Desktop\Ashokan Farewell.url[2013/01/11 18:42:44 | 000,482,017 | ---- | C] () -- C:\Users\OWner\Desktop\Mississippi Comprehensive Health Insurance Risk Pool Application.pdf[2013/01/11 18:11:38 | 000,062,211 | ---- | C] () -- C:\Users\OWner\Desktop\Hill-Burton Facilities Obligated to Provide Free or Reduced-Cost Health Care.htm[2013/01/11 18:06:45 | 000,158,209 | ---- | C] () -- C:\Users\OWner\Desktop\Claiborne County Health Centers.pdf[2013/01/03 00:15:18 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\Arcadesafari.job[2012/09/15 01:17:25 | 000,001,000 | RHS- | C] () -- C:\Users\OWner\ntuser.pol[2012/08/19 21:14:04 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys[2012/08/19 21:14:04 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys[2012/02/15 19:54:10 | 000,000,079 | ---- | C] () -- C:\Users\OWner\AppData\Local\CrystalDiskMark30.ini[2011/10/16 14:42:17 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini[2011/08/30 20:23:05 | 000,153,795 | ---- | C] () -- C:\Windows\hphins26.dat[2011/08/30 20:23:05 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat[2011/08/18 20:45:54 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI[2011/08/03 09:28:43 | 000,000,942 | ---- | C] () -- C:\Users\OWner\AppData\Roaming\coreavc.ini[2011/08/02 21:34:44 | 000,001,456 | ---- | C] () -- C:\Users\OWner\.recently-used.xbel[2011/07/02 10:05:20 | 000,025,984 | ---- | C] () -- C:\Windows\System32\drivers\VSPE.sys[2010/11/05 19:26:29 | 000,000,140 | ---- | C] () -- C:\Users\OWner\.fptFavorites.dat[2010/10/18 18:52:13 | 000,072,080 | ---- | C] () -- C:\Users\OWner\g2mdlhlpx.exe[2010/06/05 12:10:10 | 000,164,864 | ---- | C] () -- C:\Program Files\UNWISE.EXE[2009/07/29 00:55:28 | 000,000,552 | ---- | C] () -- C:\Users\OWner\AppData\Local\d3d8caps.dat[2009/03/23 22:13:42 | 000,000,137 | ---- | C] () -- C:\Users\OWner\fsx.exe.limited.bat[2009/03/23 22:11:04 | 000,188,416 | ---- | C] () -- C:\Users\OWner\HookHelper.dll[2009/03/23 22:11:04 | 000,172,032 | ---- | C] () -- C:\Users\OWner\Limiter_D3D9.dll[2009/03/23 22:11:04 | 000,122,880 | ---- | C] () -- C:\Users\OWner\FPS_Limiter.exe[2009/03/23 22:11:04 | 000,102,400 | ---- | C] () -- C:\Users\OWner\Limiter_OGL.dll[2009/03/23 22:11:04 | 000,102,400 | ---- | C] () -- C:\Users\OWner\Limiter_D3D8.dll[2009/03/23 22:11:04 | 000,010,956 | ---- | C] () -- C:\Users\OWner\FPS_Limiter_GUI.jar[2007/07/15 12:51:35 | 000,004,892 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2007/07/06 17:30:34 | 000,694,668 | ---- | C] () -- C:\Program Files\unins000.exe[2007/07/06 17:30:34 | 000,015,029 | ---- | C] () -- C:\Program Files\unins000.dat[2007/06/23 19:56:39 | 000,033,792 | ---- | C] () -- C:\Users\OWner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2007/06/21 22:01:14 | 000,001,356 | ---- | C] () -- C:\Users\OWner\AppData\Local\d3d9caps.dat========== ZeroAccess Check ==========[2012/09/21 12:01:15 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\@[2012/09/21 12:01:15 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\L[2012/09/21 12:01:15 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\U[2006/11/02 06:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]"ThreadingModel" = Both"" = shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both========== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat[2007/11/27 21:09:31 | 000,000,360 | ---- | M] () -- C:\avsim.diz[2008/11/14 23:21:10 | 020,066,456 | ---- | M] () -- C:\BLShkcu.reg[2008/11/14 23:21:18 | 197,830,148 | ---- | M] () -- C:\BLShklm.reg[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr[2007/03/15 08:17:55 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK[2008/02/25 22:33:37 | 000,000,068 | ---- | M] () -- C:\CKINFO.TXT[2009/07/11 11:13:32 | 000,018,078 | ---- | M] () -- C:\ComboFix.txt[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys[2009/07/10 01:11:05 | 000,000,286 | ---- | M] () -- C:\cpcerxd.txt[2007/06/20 14:56:16 | 000,000,120 | ---- | M] () -- C:\dfinstall.log[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll[2007/07/11 02:01:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2009/07/11 11:47:24 | 000,005,541 | ---- | M] () -- C:\JavaRa.log[2007/07/11 02:01:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2013/01/28 21:45:46 | 2097,152,000 | -HS- | M] () -- C:\pagefile.sys[2012/05/28 19:27:19 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET[2007/11/27 21:09:31 | 000,002,148 | ---- | M] () -- C:\READ ME.txt[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI< %systemroot%\*. /mp /s >< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-01-09 09:09:21========== Alternate Data Streams ==========@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34< End of report >OTL Extras logfile created on: 1/31/2013 10:04:18 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OWner\DesktopWindows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy2.00 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 54.16% Memory free3.89 Gb Paging File | 2.66 Gb Available in Paging File | 68.27% Paging File freePaging file location(s): c:\pagefile.sys 2000 3067 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 372.61 Gb Total Space | 151.19 Gb Free Space | 40.58% Space Free | Partition Type: NTFSComputer Name: RCZMB04N | User Name: OWner | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].com [@ = ComFile] -- Reg Error: Key error. File not found.exe [@ = exefile] -- Reg Error: Key error. File not found.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation).pif [@ = piffile] -- Reg Error: Key error. File not found========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 0"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0"VistaSp1" = Reg Error: Unknown registry data type -- File not found"VistaSp2" = Reg Error: Unknown registry data type -- File not found========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter Wolves of the Pacific"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox"{11F27647-5229-4508-9056-D4ECB7FF8303}" = Eagle CUDA 240 S/GPS Demo"{167F938F-5AD3-40e2-B05D-2B7C6F0FDE48}" = HP Deskjet D1500 Printer Driver 10.0 Rel .3"{16F124E1-F72B-4314-8DC6-640A7760FA49}" = E-Trac Xchange"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{21ABDAE4-9C9E-446C-B82E-28B143156BE9}" = nHancer"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.1.2903"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 30"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min"{356C1B0F-7ABD-4B52-ADD1-52681D27DBF6}" = Geek Squad 24 Hour Computer Support"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{3C40DA91-58D8-44F8-BD19-969912D8612E}" = Active Sky Evolution"{3EE75730-B5B8-490B-B560-913C5C840719}" = EasyPal 26/MAY/09"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support"{48494430-A8AB-11E0-939A-005056C00008}" = MSVCRT Redists"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme"{4DF979D5-464C-4926-AF73-54C1C219F06A}" = Ham Radio Deluxe"{5002C863-CDA3-4E41-9940-981C552A9140}" = Metal Detectives University"{50C70B7E-C365-4AAF-B9D1-3EC5A8BE1685}" = H&R Block Mississippi 2009"{519FCD20-AB3E-4A4F-AA30-2AAED80513A8}" = Lightscribe Extended Label Contrast Utility"{520B0E53-A06B-4350-BBDB-1D6C101B1986}" = Active Sky Advanced Upgrade From ASX"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud"{600B9FB0-30A0-11E0-9ABC-005056C00008}" = DVD Architect Studio 5.0"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{70365740-1568-4BA4-AE38-25909415D352}" = AAV ColorLab 32-bit 1.0.10.0"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{77EBC8CD-F808-4ECD-93D0-311C27B09827}" = ATT eChat Support Tools"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune"{7D8EB14A-50BF-493F-A6D6-30656E04937C}" = XPax"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003"{90C1F682-9F40-42EC-BBE0-D2A1A4987E1B}" = LightScribe Diagnostic Utility"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X"{97AE8685-3E7D-451E-9E24-70A5872F19D5}" = ITS HF Propagation 2009.03.26"{99341ACA-2A86-4235-A636-02A2A9820987}" = WD Discovery Software"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A06A6679-41D7-48C5-82F8-7D3B0B654720}" = Active Sky X"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8"{AD208F17-0593-43D1-8D2D-C32495B89690}" = De-Kooy-Texel-FA"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR"{B2390904-74BD-48AA-B2CC-6612F8D46379}" = GameShadow"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support"{CDEE9830-92A2-4A65-8ED7-6804C865BA2F}" = ArcSoft PhotoImpression 5"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1"{D112D601-C0E2-11E1-AAB9-F04DA23A5C58}" = Movie Studio Platinum 12.0"{D3621EAA-00D6-4791-97BF-7E8EE3437BF2}" = Visualizer Photo Resize"{D5306D70-E8AB-45B3-BECA-16C0A0E02894}" = TaxCut Mississippi 2007"{D880D80F-C0E2-11E1-8A91-F04DA23A5C58}" = MSVCRT Redists"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX"{DDBA0DC0-A738-11E0-BF44-005056C00008}" = Vegas Movie Studio HD Platinum 11.0"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F32F502E-4398-4159-B3C9-3336AEDE6FEB}" = Real Environment Xtreme 2.0"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II"{FC1CC3C4-0AF2-46B6-8205-5C3F0965B4F6}_is1" = WinCAP Wizard 5.0.10"{FD523531-7EA3-4F11-948C-C5F4B734FDB2}" = FSX Bonus Multiplayer Racing Missions"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"aopa_177" = AOPA 177 Cardinal for FSX"AOPA's Real-Time Flight Planner" = AOPA's Real-Time Flight Planner 1.2.2"ARCS II_is1" = ARCS II Version 1.20"AT&&T Yahoo! Messenger" = AT&T Yahoo! Messenger"Avira AntiVir Desktop" = Avira Free Antivirus"AXIS Media Control Embedded" = AXIS Media Control Embedded"Carenado Mooney M20J FSX" = Carenado Mooney M20J FSX"Carenado Piper Cherokee 180F" = Carenado Piper Cherokee 180F"CCleaner" = CCleaner (remove only)"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c"Digital Binoculars_is1" = Uninstall Digital Binoculars Driver"DVDFab 8 Qt_is1" = DVDFab 8.1.8.5 (24/05/2012) Qt"DX Atlas_is1" = DX Atlas 2.25"Eastern 206 - ATC Flight_is1" = Eastern 206 - ATC Flight"ESET Online Scanner" = ESET Online Scanner v3"EsetOnlineScanner" = ESET Online Scanner"EtracEm-V1-en" = EtracEm-V1-en"Exif Pilot_is1" = Exif Pilot 4.4"EZNEC_5000_is1" = EZNEC v. 5.0"EZNEC_-5000_is1" = EZNEC Demo v. 5.0"f1mustang_FSX" = Flight1 Citation Mustang"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration"FormatFactory" = FormatFactory 2.70"Fraps" = Fraps (remove only)"FS Water Configurator" = FS Water Configurator 3.15"GeoAlert-Extreme Wizard_is1" = GeoAlert-Extreme Wizard 4.1.44"Google Chrome" = Google Chrome"GSpot" = GSpot Codec Information Appliance"HaaliMkx" = Haali Media Splitter"Ham CAP_is1" = Ham CAP 1.61"HijackThis" = HijackThis 2.0.2"ImgBurn" = ImgBurn"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X"IonoProbe_is1" = IonoProbe 1.36"ITS HF Propagation" = ITS HF Propagation 2008.01.21"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control"link700" = link700"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"minirk12_is1" = mini Ring Core Calculator 1.2"Morse Machine" = Morse Machine"Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"Net Logger" = Net Logger"NVIDIA Drivers" = NVIDIA Drivers"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"Pdf995" = Pdf995 (installed by TaxCut)"PdfEdit995" = PdfEdit995 (installed by TaxCut)"Ping Plotter Freeware" = Ping Plotter Freeware"PMapServer7" = PMapServer7"Radar Contact v4.3_is1" = Radar Contact Version 4.3"RealPlayer 12.0" = RealPlayer"RefManager_is1" = RefManager 1.0"RevLoad" = RevLoad"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1"SpeedBit Video Downloader" = SpeedBit Video Downloader"SpeedFan" = SpeedFan (remove only)"SpywareBlaster_is1" = SpywareBlaster 4.2"ST6UNST #1" = Amateur Contact Log 3.0"ST6UNST #2" = Amateur Contact Log 3.0 (C:\Program Files\ACLog 3.0\)"ST6UNST #3" = DXLabLauncher"ST6UNST #4" = SpotCollector"ST6UNST #5" = DXKeeper"SystemRequirementsLab" = System Requirements Lab"Treasure Valley" = Treasure Valley"TrustedQSL_is1" = TrustedQSL 1.13"UI-View32_is1" = UI-View32"Veetle TV" = Veetle TV 0.9.17"VLC media player" = VLC media player 1.1.11"VOAProp" = VOAProp"vShare" = vShare Plugin"W6ELProp" = W6ELProp"Windows Media Encoder 9" = Windows Media Encoder 9 Series"WinGimp-2.0_is1" = GIMP 2.6.4"WinPatrol" = WinPatrol 2009"WinRAR archiver" = WinRAR archiver========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"ADDS Flight Path Tool" = ADDS Flight Path Tool"Arcadesafari" = Arcadesafari"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client"Mooney 20J High Definition Virtual Cockpit" = Mooney 20J High Definition Virtual Cockpit"Move Media Player" = Move Media Player"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8========== Last 20 Event Log Errors ==========[ Application Events ]Error - 1/29/2013 3:03:21 AM | Computer Name = RCZMB04N | Source = Windows Search Service | ID = 1006Description =Error - 1/29/2013 4:49:32 AM | Computer Name = RCZMB04N | Source = Windows Search Service | ID = 1006Description =Error - 1/29/2013 3:08:38 PM | Computer Name = RCZMB04N | Source = Windows Search Service | ID = 1006Description =Error - 1/30/2013 2:14:19 PM | Computer Name = RCZMB04N | Source = Windows Search Service | ID = 1006Description =Error - 1/30/2013 2:17:02 PM | Computer Name = RCZMB04N | Source = Windows Search Service | ID = 1006Description =Error - 1/30/2013 2:17:05 PM | Computer Name = RCZMB04N | Source = Windows Search Service | ID = 1006Description =Error - 1/30/2013 2:17:07 PM | Computer Name = RCZMB04N | Source = Windows Search Service | ID = 1006Description =Error - 2/1/2013 12:02:11 AM | Computer Name = RCZMB04N | Source = Windows Search Service | ID = 1006Description =Error - 2/1/2013 12:02:41 AM | Computer Name = RCZMB04N | Source = Windows Search Service | ID = 1006Description =Error - 2/1/2013 12:03:11 AM | Computer Name = RCZMB04N | Source = Windows Search Service | ID = 1006Description =[ Media Center Events ]Error - 9/7/2009 3:31:56 AM | Computer Name = RCZMB04N | Source = MCUpdate | ID = 0Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.Error - 5/20/2010 10:31:16 PM | Computer Name = RCZMB04N | Source = Media Center Guide | ID = 0Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109 Process: DefaultDomain Object Name: Media Center GuideError - 5/20/2010 10:50:08 PM | Computer Name = RCZMB04N | Source = Media Center Guide | ID = 0Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center GuideError - 5/20/2010 10:51:04 PM | Computer Name = RCZMB04N | Source = Media Center Guide | ID = 0Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center GuideError - 8/23/2011 10:39:51 PM | Computer Name = RCZMB04N | Source = Media Center Guide | ID = 0Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center GuideError - 7/10/2012 7:20:18 PM | Computer Name = RCZMB04N | Source = Media Center Guide | ID = 0Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Process: DefaultDomain Object Name: Media Center Guide[ System Events ]Error - 1/30/2013 2:17:06 PM | Computer Name = RCZMB04N | Source = Service Control Manager | ID = 7024Description =Error - 1/30/2013 2:17:06 PM | Computer Name = RCZMB04N | Source = Service Control Manager | ID = 7034Description =Error - 1/30/2013 2:17:07 PM | Computer Name = RCZMB04N | Source = Service Control Manager | ID = 7024Description =Error - 1/30/2013 2:17:07 PM | Computer Name = RCZMB04N | Source = Service Control Manager | ID = 7034Description =Error - 2/1/2013 12:02:11 AM | Computer Name = RCZMB04N | Source = Service Control Manager | ID = 7024Description =Error - 2/1/2013 12:02:11 AM | Computer Name = RCZMB04N | Source = Service Control Manager | ID = 7031Description =Error - 2/1/2013 12:02:41 AM | Computer Name = RCZMB04N | Source = Service Control Manager | ID = 7024Description =Error - 2/1/2013 12:02:41 AM | Computer Name = RCZMB04N | Source = Service Control Manager | ID = 7031Description =Error - 2/1/2013 12:03:11 AM | Computer Name = RCZMB04N | Source = Service Control Manager | ID = 7024Description =Error - 2/1/2013 12:03:11 AM | Computer Name = RCZMB04N | Source = Service Control Manager | ID = 7034Description =< End of report > Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 1, 2013 ID:641933 Share Posted February 1, 2013 Hello dykesc. I see you have Conduit installed. It is often present when there are other infections on computers, and it is for this reason I recommend removing it (please seehere for more information).Your logs show that the SpeedBit Video Downloader is installed. It has been known to exhibit suspicious behaviour (please see here for further information). I recommend removing it.Please go to Start>Control Panel> Add or Remove Programs and remove the following program (if present): ConduitConduit ToolbarSpeedBit Video DownloaderPlease restart your computer after this program removal.=====Next, please run OTL.exe.Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::OTLFF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO15 - HKCU\..Trusted Domains: att.net ([www] http in Trusted sites)O15 - HKCU\..Trusted Domains: dxspots.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: netlogger.org ([www] http in Trusted sites)O15 - HKCU\..Trusted Domains: omiss.net ([]http in Trusted sites)[2012/09/21 12:01:15 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\@[2012/09/21 12:01:15 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\L[2012/09/21 12:01:15 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\U:Commands[EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.Click the red Run Fix button.A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.Close OTL.exeIf a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.=====In addition,For x32 (x86) bit systems please download the Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.For x64 bit systems please download the Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using the Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt.[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select Computer, find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter.Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Press the Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply.=====In your reply please provide the contents of the OTL fix log and FRST.txt.What issues remain on your computer? Link to post Share on other sites More sharing options...
dykesc Posted February 1, 2013 Author ID:641965 Share Posted February 1, 2013 Hi DarkKnight,Neither Conduit or Conduit Toolbar was in the Windows "Add/Remove Programs" dropdown selection list. SpeedBit Video Downloader was in the list and has now been removed from my computer as you recommended.I ran OTL in Run Fix mode with the parameters you provided. The OTL Fix log is provided in this reply.I don't have access to a thumb drive at this time. I will get one today and then run the Farbar Recovery San Tool 32 bit as you. Afterwards I will post the FRST.txt file.It is difficult to say whether the mass email distribution issue has been corrected. I deleted all my email contacts to stop the malware until I could get the malware removed. I added one "fake" email address back to my contact list so I could watch for further issues. The malware used the fake email address in a distribution one time on 1/29/2013. Since then there have been no other malware email distributions.All processes killed========== OTL ==========Prefs.js: vshareus@toolbar:1.0.0 removed from extensions.enabledItemsRegistry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.C:\Program Files\vShare\vshare_toolbar.dll moved successfully.Prefs.js: vshareus@toolbar:1.0.0 removed from extensions.enabledItemsRegistry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\att.net\www\ deleted successfully.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dxspots.com\ deleted successfully.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\netlogger.org\www\ deleted successfully.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\omiss.net\ deleted successfully.C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\@ moved successfully.C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\L folder moved successfully.C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\U folder moved successfully.========== COMMANDS ==========[EMPTYTEMP]User: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes->Flash cache emptied: 56545 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Experience->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytesUser: OWner->Temp folder emptied: 10204016780 bytes->Temporary Internet Files folder emptied: 338040500 bytes->Java cache emptied: 98305957 bytes->FireFox cache emptied: 197419741 bytes->Google Chrome cache emptied: 6206938 bytes->Apple Safari cache emptied: 2609152 bytes->Flash cache emptied: 309557 bytesUser: PublicUser: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32768 bytes->Flash cache emptied: 2913 bytesUser: UpdatusUser.RCZMB04N->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes->Flash cache emptied: 56545 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 37136 bytes%systemroot%\System32 .tmp files removed: 37136 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 2541133547 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 21934008553 bytesTotal Files Cleaned = 33,686.00 mbOTL by OldTimer - Version 3.2.69.0 log created on 02012013_040820Files\Folders moved on Reboot...PendingFileRenameOperations files...Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
dykesc Posted February 1, 2013 Author ID:642176 Share Posted February 1, 2013 DarkNknightI got a thumb drive and loaded FRST.exe onto it. Unfortunately I can't find a way to boot from a command prompt.I am running Windows Vista Ultimate. There is NO "Advanced Boot Options" item in the menu that displays after pressing the F8 key. I tried restarting several times while pressing the F8 key after the bios loads. Vista was preloaded on this computer by the OEM. I don't have a Windows installation disc. Link to post Share on other sites More sharing options...
dykesc Posted February 1, 2013 Author ID:642184 Share Posted February 1, 2013 More info. I found a CD that came with my Velocity Micro computer many years ago. It is titled Operating System Disc. Instructions on the front of the CD state to place it in a drive and reboot the computer. It also has a WARNING note that states "This process erases all data and files from the hard drive." I hesitate to use this disc because of that warning. Please advise. Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 1, 2013 ID:642207 Share Posted February 1, 2013 Hey dykesc,The disc you have is probably a recovery; in which case it would wipe all your files.Please run OTL.exe.Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::filesC:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225:Commands[EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.Click the red Run Fix button.A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.Close OTL.exeIf a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.=====Also, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).Please go here to see a list of programs that need to be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.****Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**Please include the C:\ComboFix.txt in your next reply for further review.=====In your reply please provide the contents of both logs and let me know how your computer is currently running. Link to post Share on other sites More sharing options...
dykesc Posted February 2, 2013 Author ID:642394 Share Posted February 2, 2013 Computer is running fine Dark Knight. Well accept for the Malware Forums pages. For some reason I lost all the forum graphics. Just text links right now for some reason.I re-populated my email contacts list. I will let you know if I see any more malicious activty.OTL and ComboFix logs follow:All processes killed========== FILES ==========C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225 folder moved successfully.========== COMMANDS ==========[EMPTYTEMP]User: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Experience->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: OWner->Temp folder emptied: 52612 bytes->Temporary Internet Files folder emptied: 172555 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 89423006 bytes->Google Chrome cache emptied: 0 bytes->Apple Safari cache emptied: 0 bytes->Flash cache emptied: 1679 bytesUser: PublicUser: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: UpdatusUser.RCZMB04N->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 6894915 bytesTotal Files Cleaned = 92.00 mbOTL by OldTimer - Version 3.2.69.0 log created on 02012013_193042Files\Folders moved on Reboot...PendingFileRenameOperations files...Registry entries deleted on Reboot...ComboFix 13-02-01.04 - OWner 02/01/2013 20:06:03.2.2 - x86Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.1157 [GMT -6:00]Running from: c:\users\OWner\Desktop\ComboFix.exeAV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\users\OWner\FPS_Limiter.exec:\users\OWner\g2mdlhlpx.exec:\users\OWner\HookHelper.dllc:\users\OWner\Limiter_D3D8.dllc:\users\OWner\Limiter_D3D9.dllc:\users\OWner\Limiter_OGL.dll..((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))..2013-02-02 02:14 . 2013-02-02 02:17 -------- d-----w- c:\users\OWner\AppData\Local\temp2013-02-02 02:14 . 2013-02-02 02:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-02-02 02:14 . 2013-02-02 02:14 -------- d-----w- c:\users\UpdatusUser.RCZMB04N\AppData\Local\temp2013-02-02 02:14 . 2013-02-02 02:14 -------- d-----w- c:\users\Experience\AppData\Local\temp2013-02-02 02:14 . 2013-02-02 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp2013-02-01 10:08 . 2013-02-01 10:08 -------- d-----w- C:\_OTL2013-01-29 02:35 . 2013-01-29 02:35 -------- d-----w- c:\programdata\Motive2013-01-09 08:50 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys2013-01-09 08:49 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll2013-01-09 08:49 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll2013-01-03 06:15 . 2013-01-03 06:15 -------- d-----w- c:\users\OWner\AppData\Local\Arcadesafari...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-12-16 13:12 . 2012-12-23 09:00 34304 ----a-w- c:\windows\system32\atmlib.dll2012-12-16 10:50 . 2012-12-23 09:00 293376 ----a-w- c:\windows\system32\atmfd.dll2012-12-14 22:49 . 2008-10-23 22:35 21104 ----a-w- c:\windows\system32\drivers\mbam.sys2012-11-14 02:09 . 2012-12-13 09:04 1800704 ----a-w- c:\windows\system32\jscript9.dll2012-11-14 01:58 . 2012-12-13 09:04 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2012-11-14 01:57 . 2012-12-13 09:04 1129472 ----a-w- c:\windows\system32\wininet.dll2012-11-14 01:49 . 2012-12-13 09:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe2012-11-14 01:48 . 2012-12-13 09:04 420864 ----a-w- c:\windows\system32\vbscript.dll2012-11-14 01:44 . 2012-12-13 09:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-11-13 01:29 . 2012-12-12 19:01 2048 ----a-w- c:\windows\system32\tzres.dll2007-07-06 23:29 . 2007-07-06 23:30 694668 ----a-w- c:\program files\unins000.exe2001-09-28 22:00 . 2010-06-05 18:10 164864 ------w- c:\program files\UNWISE.EXE2008-08-16 22:42 . 2013-01-20 19:22 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll2008-08-16 22:42 . 2013-01-20 19:22 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll2008-08-16 22:42 . 2013-01-20 19:22 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll2008-08-16 22:42 . 2013-01-20 19:22 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll2008-08-16 22:43 . 2013-01-20 19:22 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll2008-08-16 22:42 . 2013-01-20 19:22 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll2008-08-16 22:42 . 2013-01-20 19:22 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll2008-05-21 13:41 . 2013-01-20 19:22 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll2008-05-21 13:41 . 2013-01-20 19:22 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll2008-05-21 13:41 . 2013-01-20 19:22 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll2008-06-05 18:58 . 2013-01-20 19:22 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll2008-08-16 22:42 . 2013-01-20 19:22 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll2013-01-20 19:22 . 2013-01-20 19:22 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{adff4c9a-4f49-4a1f-8885-360e107b7938}]2009-11-08 15:55 297808 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 39408].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-12-23 178176]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]"RtHDVCpl"="RtHDVCpl.exe" [2007-07-11 4317184]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-02 202256]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-01 348664]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux6"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-01-30 18:14 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-02-02 c:\windows\Tasks\Arcadesafari.job- c:\users\OWner\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [2013-01-03 06:15].2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 21:00].2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 21:00].2013-02-01 c:\windows\Tasks\ReclaimerUpdateFiles_OWner.job- c:\users\OWner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 11:13].2013-02-01 c:\windows\Tasks\ReclaimerUpdateXML_OWner.job- c:\users\OWner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 11:13].2013-02-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_OWner.job- c:\users\OWner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 11:13].2012-08-22 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-10-26 20:31].2013-02-01 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-26 20:31]..------- Supplementary Scan -------.uStart Page = hxxp://att.my.yahoo.comuInternet Settings,ProxyServer = http=127.0.0.1:57910uInternet Settings,ProxyOverride = <local>;*.localTCP: DhcpNameServer = 192.168.1.254 192.168.1.254DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://www.doylevisualmedia.com/activex/AMC.cabDPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cabFF - ProfilePath - c:\users\OWner\AppData\Roaming\Mozilla\Firefox\Profiles\2ympkwwi.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT168755&SearchSource=3&q=FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/FF - ExtSQL: !HIDDEN! 2009-08-14 01:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exeHKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exeSafeBoot-WudfPfSafeBoot-WudfRdAddRemove-Ping Plotter Freeware - c:\progra~1\PINGPL~1\UNWISE.EXE...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-02-01 20:18Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.exe'(1336)c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\nvvsvc.exec:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exec:\program files\NVIDIA Corporation\Display\nvxdsync.exec:\windows\system32\nvvsvc.exec:\program files\Avira\AntiVir Desktop\sched.exec:\program files\ASUS\AASP\1.00.32\aaCenter.exec:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exec:\program files\Avira\AntiVir Desktop\avguard.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\windows\system32\crypserv.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exec:\program files\nHancer\nHancerService.exec:\program files\NVIDIA Corporation\nTune\nTuneService.exec:\program files\Spybot - Search & Destroy\SDWinSec.exec:\windows\System32\WUDFHost.exec:\program files\Avira\AntiVir Desktop\avshadow.exec:\windows\system32\wbem\unsecapp.exec:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exec:\program files\Windows Media Player\wmpnetwk.exec:\program files\Windows Media Player\wmpnscfg.exe.**************************************************************************.Completion time: 2013-02-01 20:23:37 - machine was rebootedComboFix-quarantined-files.txt 2013-02-02 02:23ComboFix2.txt 2009-07-11 17:13ComboFix3.txt 2009-07-11 07:46.Pre-Run: 197,418,160,128 bytes freePost-Run: 197,227,823,104 bytes free.- - End Of File - - F2F04A6E3A38E7EC966DC324E2163FCF Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 2, 2013 ID:642407 Share Posted February 2, 2013 Good afternoon dykesc .Not sure about the graphics issue. Is it present only on the MBAM pages?You had a ZeroAccess infection, which OTL dealt with but to make sure please do the below.Please follow these instructions to remove the remaining malicious entries: Please close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Open Notepad and copy/paste the text in the quotebox below into it:Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.killall::DDS::uInternet Settings,ProxyServer = http=127.0.0.1:57910Save this as CFScript.txt, in the same location as ComboFix.exe.Referring to the picture above, drag CFScript into ComboFix.exe.When finished, it shall produce a log for you at C:\ComboFix.txt.Please post the ComboFix.txt in your next reply.=====Also, please download Malwarebytes Anti-Rootkit here. Unzip the contents to a folder on the Desktop.Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).Follow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Please post the two logs produced.Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.=====In your reply please provide the following contents:ComboFix.txt.Both MBAR logs. Link to post Share on other sites More sharing options...
dykesc Posted February 2, 2013 Author ID:642431 Share Posted February 2, 2013 DarkKnightComboFix and MBAR logs follow. MBAM forums have returned to normal. Must have been a temporary glitch. No malicious emails have occured. Looks like you have my computer cleaned up! MBAM and the support provided here is simply exceptional. Many thanks!ComboFix 13-02-01.04 - OWner 02/01/2013 22:37:32.3.2 - x86Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.1113 [GMT -6:00]Running from: c:\users\OWner\Desktop\ComboFix.exeCommand switches used :: c:\users\OWner\Desktop\CFScript.txtAV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\dfinstall.logC:\Read Me.txtc:\users\OWner\Desktop\Setup.exec:\windows\iun6002.exec:\windows\run.log..((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))..2013-02-02 04:44 . 2013-02-02 04:46 -------- d-----w- c:\users\OWner\AppData\Local\temp2013-02-02 04:44 . 2013-02-02 04:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-02-02 04:44 . 2013-02-02 04:44 -------- d-----w- c:\users\UpdatusUser.RCZMB04N\AppData\Local\temp2013-02-02 04:44 . 2013-02-02 04:44 -------- d-----w- c:\users\Experience\AppData\Local\temp2013-02-02 04:44 . 2013-02-02 04:44 -------- d-----w- c:\users\Default\AppData\Local\temp2013-02-01 10:08 . 2013-02-01 10:08 -------- d-----w- C:\_OTL2013-01-29 02:35 . 2013-01-29 02:35 -------- d-----w- c:\programdata\Motive2013-01-09 08:50 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys2013-01-09 08:49 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll2013-01-09 08:49 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll2013-01-03 06:15 . 2013-01-03 06:15 -------- d-----w- c:\users\OWner\AppData\Local\Arcadesafari...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-12-16 13:12 . 2012-12-23 09:00 34304 ----a-w- c:\windows\system32\atmlib.dll2012-12-16 10:50 . 2012-12-23 09:00 293376 ----a-w- c:\windows\system32\atmfd.dll2012-12-14 22:49 . 2008-10-23 22:35 21104 ----a-w- c:\windows\system32\drivers\mbam.sys2012-11-14 02:09 . 2012-12-13 09:04 1800704 ----a-w- c:\windows\system32\jscript9.dll2012-11-14 01:58 . 2012-12-13 09:04 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2012-11-14 01:57 . 2012-12-13 09:04 1129472 ----a-w- c:\windows\system32\wininet.dll2012-11-14 01:49 . 2012-12-13 09:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe2012-11-14 01:48 . 2012-12-13 09:04 420864 ----a-w- c:\windows\system32\vbscript.dll2012-11-14 01:44 . 2012-12-13 09:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-11-13 01:29 . 2012-12-12 19:01 2048 ----a-w- c:\windows\system32\tzres.dll2007-07-06 23:29 . 2007-07-06 23:30 694668 ----a-w- c:\program files\unins000.exe2001-09-28 22:00 . 2010-06-05 18:10 164864 ------w- c:\program files\UNWISE.EXE2008-08-16 22:42 . 2013-01-20 19:22 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll2008-08-16 22:42 . 2013-01-20 19:22 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll2008-08-16 22:42 . 2013-01-20 19:22 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll2008-08-16 22:42 . 2013-01-20 19:22 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll2008-08-16 22:43 . 2013-01-20 19:22 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll2008-08-16 22:42 . 2013-01-20 19:22 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll2008-08-16 22:42 . 2013-01-20 19:22 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll2008-05-21 13:41 . 2013-01-20 19:22 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll2008-05-21 13:41 . 2013-01-20 19:22 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll2008-05-21 13:41 . 2013-01-20 19:22 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll2008-06-05 18:58 . 2013-01-20 19:22 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll2008-08-16 22:42 . 2013-01-20 19:22 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll2013-01-20 19:22 . 2013-01-20 19:22 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{adff4c9a-4f49-4a1f-8885-360e107b7938}]2009-11-08 15:55 297808 ----a-w- c:\windows\System32\mscoree.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 39408]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-12-23 178176]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]"RtHDVCpl"="RtHDVCpl.exe" [2007-07-11 4317184]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-02 202256]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-01 348664]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux6"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-01-30 18:14 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-02-02 c:\windows\Tasks\Arcadesafari.job- c:\users\OWner\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe [2013-01-03 06:15].2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 21:00].2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 21:00].2013-02-01 c:\windows\Tasks\ReclaimerUpdateFiles_OWner.job- c:\users\OWner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 11:13].2013-02-01 c:\windows\Tasks\ReclaimerUpdateXML_OWner.job- c:\users\OWner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 11:13].2013-02-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_OWner.job- c:\users\OWner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-22 11:13].2012-08-22 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-10-26 20:31].2013-02-01 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-10-26 20:31]..------- Supplementary Scan -------.uStart Page = hxxp://att.my.yahoo.comuInternet Settings,ProxyOverride = <local>;*.localTCP: DhcpNameServer = 192.168.1.254 192.168.1.254DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://www.doylevisualmedia.com/activex/AMC.cabDPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cabFF - ProfilePath - c:\users\OWner\AppData\Roaming\Mozilla\Firefox\Profiles\2ympkwwi.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT168755&SearchSource=3&q=FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/FF - ExtSQL: !HIDDEN! 2009-08-14 01:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.AddRemove-aopa_177 - c:\windows\iun6002.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-02-01 22:46Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.exe'(3936)c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\nvvsvc.exec:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exec:\program files\NVIDIA Corporation\Display\nvxdsync.exec:\windows\system32\nvvsvc.exec:\program files\Avira\AntiVir Desktop\sched.exec:\program files\ASUS\AASP\1.00.32\aaCenter.exec:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exec:\program files\Avira\AntiVir Desktop\avguard.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\windows\system32\crypserv.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exec:\program files\Malwarebytes' Anti-Malware\mbamservice.exec:\program files\nHancer\nHancerService.exec:\program files\Malwarebytes' Anti-Malware\mbamgui.exec:\program files\NVIDIA Corporation\nTune\nTuneService.exec:\program files\Spybot - Search & Destroy\SDWinSec.exec:\windows\System32\WUDFHost.exec:\program files\Avira\AntiVir Desktop\avshadow.exec:\windows\system32\wbem\unsecapp.exec:\program files\Windows Media Player\wmplayer.exec:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exec:\program files\Windows Media Player\wmpnetwk.exec:\windows\servicing\TrustedInstaller.exe.**************************************************************************.Completion time: 2013-02-01 22:52:46 - machine was rebootedComboFix-quarantined-files.txt 2013-02-02 04:52ComboFix2.txt 2013-02-02 02:23ComboFix3.txt 2009-07-11 17:13ComboFix4.txt 2009-07-11 07:46.Pre-Run: 197,090,676,736 bytes freePost-Run: 197,076,606,976 bytes free.- - End Of File - - 702354E878A4161A506F40D6E7CE0B76Malwarebytes Anti-Rootkit BETA 1.01.0.1017www.malwarebytes.orgDatabase version: v2013.02.02.03Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421OWner :: RCZMB04N [administrator]2/1/2013 11:07:26 PMmbar-log-2013-02-01 (23-07-26).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 29485Time elapsed: 9 minute(s), 25 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1017© Malwarebytes Corporation 2011-2012OS version: 6.0.6002 Windows Vista Service Pack 2 x86Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_30File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 2.666000 GHzMemory total: 2145198080, free: 1077096448------------ Kernel report ------------ 02/01/2013 22:55:22------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\acpi.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\DRIVERS\nvrd32.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\nvstor.sys\SystemRoot\system32\drivers\storport.sys\SystemRoot\system32\DRIVERS\nvstor32.sys\SystemRoot\system32\DRIVERS\msahci.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\msrpc.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\system32\speedfan.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\system32\giveio.sys\SystemRoot\System32\drivers\ecache.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\crcdisk.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\tunmp.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\system32\DRIVERS\fdc.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\parport.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\drivers\Afc.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\ohci1394.sys\SystemRoot\system32\DRIVERS\1394BUS.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\nvmfdx32.sys\SystemRoot\system32\DRIVERS\ASACPI.sys\SystemRoot\system32\DRIVERS\msiscsi.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\flpydisk.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHDA.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\smb.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\ssmdrv.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\ckldrv.sys\??\C:\Windows\system32\drivers\VSPE.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\avkmgr.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\avipbb.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\drivers\AsIO.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_nvstor32.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\DRIVERS\avgntflt.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\drivers\mrxdav.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\parvdm.sys\SystemRoot\system32\DRIVERS\atksgt.sys\SystemRoot\system32\DRIVERS\ipfltdrv.sys\SystemRoot\system32\DRIVERS\lirsgt.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\??\C:\Windows\nvoclock.sys\SystemRoot\system32\DRIVERS\cdfs.sys\??\C:\ComboFix\catchme.sys\??\C:\Windows\system32\Drivers\PROCEXP113.SYS\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff8829e968Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\00000070\Lower Device Object: 0xffffffff885215d0Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTORInitialization returned 0x0Load Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff868f4690Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\00000062\Lower Device Object: 0xffffffff8561c890Lower Device Driver Name: \Driver\nvstor32\Driver name found: nvstor32Initialization returned 0x0Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)IRP handler 0 hookedIRP handler 2 hookedIRP handler 14 hookedIRP handler 15 hookedIRP handler 22 hookedIRP handler 23 hookedIRP handler 27 hookedLoad Function returned 0x0Downloaded database version: v2013.02.02.03Downloaded database version: v2013.01.23.01Initializing...Done!<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff868f4690, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff868f4378, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff868f4690, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\DevicePointer: 0xffffffff84c93e00, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8561c890, DeviceName: \Device\00000062\, DriverName: \Driver\nvstor32\------------ End ----------Upper DeviceData: 0xffffffffc1e6a2e8, 0xffffffff868f4690, 0xffffffff85028ac8Lower DeviceData: 0xffffffffa1792f88, 0xffffffff8561c890, 0xffffffff851ec468<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\Windows\system32\drivers...Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: EC78F734Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 781417602 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 400088457216 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-781402768-781422768)...Physical Sector Size: 512Drive: 1, DevicePointer: 0xffffffff8829e968, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff88426020, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff8829e968, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\DevicePointer: 0xffffffff885215d0, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\------------ End ----------Upper DeviceData: 0xffffffffc6d5d668, 0xffffffff8829e968, 0xffffffff884f9ac8Lower DeviceData: 0xffffffffbb52e4a0, 0xffffffff885215d0, 0xffffffff9dc3c798Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 0Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 32 Numsec = 15633376 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 8004304896 bytesSector size: 512 bytesDone!Performing system, memory and registry scan...Done!Scan finished======================================= Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 2, 2013 ID:642442 Share Posted February 2, 2013 Hello dykesc,I am glad to hear your computer seems to be running well.Please run a free online scan with the ESET Online Scanner.Note: You can use Internet Explorer or Mozilla Firefox for this scan.Tick the box next to YES, I accept the Terms of Use.Click Start.When asked, allow the ActiveX control to install.Click Start.Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.Click Scan.Wait for the scan to finish.Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.Copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
dykesc Posted February 2, 2013 Author ID:642673 Share Posted February 2, 2013 DarkKnight,ESET Online Scanner found 3 threats. They are listed at the end of the log file.ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=6# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)# OnlineScanner.ocx=1.0.0.5886# api_version=3.0.2# EOSSerial=7e465eb596223345add74cab2db97809# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2009-07-11 02:18:11# local_time=2009-07-10 09:18:11 (-0600, Central Daylight Time)# country="United States"# lang=9# osver=6.0.6001 NT Service Pack 1# compatibility_mode=5889 61 66 100 465503730961019# scanned=294808# found=3# cleaned=0# scan_time=2825C:\Users\OWner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LO9W8PP\dfuninstaller.prod.v14000.18mar2009.exe[1].10b9665cc5f98c037e9b8dcc0e88929e probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 IC:\Users\OWner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RPW5287\156[1].net probably unknown NewHeur_PE virus 00000000000000000000000000000000 IC:\Users\OWner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3N2Q8LB\163[1].net probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 IESETSmartInstaller@High as downloader log:all ok# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6889# api_version=3.0.2# EOSSerial=7e465eb596223345add74cab2db97809# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2013-02-02 08:14:16# local_time=2013-02-02 02:14:16 (-0600, Central Standard Time)# country="United States"# lang=1033# osver=6.0.6002 NT Service Pack 2# compatibility_mode=1799 16775165 100 98 0 130423315 0 0# compatibility_mode=5892 16776574 100 100 12517686 196443711 0 0# scanned=400746# found=3# cleaned=0# scan_time=7785C:\Flight One Software\Super80FSX.exe Win32/SuspLibLoad.B trojan EAE3012D878EADCF5A36440B819B5F07804CDB19 IC:\Program Files\vShare\imedix-silent.exe Win32/Toolbar.Zugo application BC713E7599E9CCC3EFDE2E96CB5B0B5FA85C2106 IC:\Windows\System32\flt1chk4.dll Win32/SuspLibLoad.B trojan 2BEC3A89EB5BF0BED90AD0923C7D12D44AEB3111 I Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 2, 2013 ID:642710 Share Posted February 2, 2013 Good morning dykesc. Please download TFC to your Desktop.Open the file and close any other windows.It will close all programs itself when run; make sure to let it run uninterrupted.Click the Start button to begin the process. The program should not take long to finish its job.Once its finished it should reboot your machine; if not, do this yourself to ensure a complete clean.=====Then, please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Link to post Share on other sites More sharing options...
dykesc Posted February 3, 2013 Author ID:642799 Share Posted February 3, 2013 TFC completedSecurity Check completedResults of screen317's Security Check version 0.99.57 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` WinPatrol WinPatrol 2009 (Outdated! Latest version is WinPatrol 2012) Out of date HijackThis installed! SpywareBlaster 4.2 Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 HijackThis 2.0.2 CCleaner (remove only) Java 6 Update 30 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.3.181.22 Flash Player out of Date! Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (18.0) Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 %````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 3, 2013 ID:642811 Share Posted February 3, 2013 Good afternoon dykesc. Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.Please follow the instructions below to update Java:Please go to the below link and download the latest Windows 7 version:http://www.java.com/...load/manual.jspSave it to your Desktop. Please go to Start>Control Panel>Programs. Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them: Select Uninstall. Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.=====Next, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it: Please go to Start>All Programs>Adobe Reader.Open Adobe Reader and navigate to Help>Check for Updates.Please follow the prompts to install the latest version.Also, your version of Adobe Flash Player is out of date. Please follow these instructions to update to the latest version:Go to the Adobe Global Notifications Update website here:http://www.macromedi...r05.html#118377A small box to the right within the window should load. Please select how often you would like Adobe to check for a new update for its Flash Player.Note: This has to be done separately for Firefox and IE.If a new version is found:Please tick the License Agreement.Click Install.Note: If you are running Mozilla Firefox all of its windows will need to be closed.Click Done.Note: In future if an update is available Adobe will notify you on your Desktop via the Adobe Download Manager.=====Finally, I notice that your version of Winpatrol is out of date. I recommend updating it.As for HijackThis, it is not very useful for Windows Vista or 7 so rather than updating it I recommend removing it.=====In your reply please let me know how the updates go. Link to post Share on other sites More sharing options...
dykesc Posted February 3, 2013 Author ID:642829 Share Posted February 3, 2013 Old Java version uninstalledLatest Java version has been installedTried to update Adobe Reader but kept getting an error 1116 message (An error occured. Try again later.)Latest Adobe Flash Player version has been installed (Update checks set at 7 days)Latest Winpatrol version installedHiJackThis uninstalled Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 3, 2013 ID:642848 Share Posted February 3, 2013 Hello dykesc,Please uninstall Adobe Reader completely.Then go to the above link and try installing the latest version. Did that work? Link to post Share on other sites More sharing options...
dykesc Posted February 3, 2013 Author ID:642861 Share Posted February 3, 2013 That worked DarkKnight. Latest version of Adobe Reader is now installed.One question I meant to ask you. Earlier you stated that my problem was due to a ZeroAccess rootkit infection that OTL took care of for me. I searched the OTL log files and couldn't find anything that looked like ZeroAccess. Could you let me know where you saw that?Thanks again for all the time you've spent working with me. I made a donation to the Neuroscience Research Institute linked in your signature. Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 3, 2013 ID:642873 Share Posted February 3, 2013 Hello dykesc,One question I meant to ask you. Earlier you stated that my problem was due to a ZeroAccess rootkit infection that OTL took care of for me. I searched the OTL log files and couldn't find anything that looked like ZeroAccess. Could you let me know where you saw that?These 3 lines:2012/09/21 12:01:15 | 000,002,048 | -HS- | M] () -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\@[2012/09/21 12:01:15 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\L[2012/09/21 12:01:15 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$71213cd9c34348feb47e474775353225\UZeroAccess has a few different variants. The one you had is one of the older ones, and tends to be removed more easily. As you can see above, OTL found a folder in the Recycle Bin with random characters and the symbols @, L and U. This is characteristic of this type of variant. Generally, and in your case particularly, removing these folders (and the original one without the symbols) removes the infection. OldTimer (the creator of OTL) recently updated OTL so that it has a section titled ZeroAccess, making it easier to find characteristics of ZA such as these folders.I should warn you that ZA can sometimes give a user remote access, so at the very least you should change your passwords for banking etc.Thanks again for all the time you've spent working with me. I made a donation to the Neuroscience Research Institute linked in your signature.It has been a pleasure. Thank you for your donation; it will be very much appreciated.=====A little housekeeping to uninstall ComboFix:Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:ComboFix /uninstallNote: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.And AdwCleaner:Please double click on adwcleaner.exe to run the tool.Click on Uninstall.Confirm with Yes.To remove all of the tools we used and the files and folders they created do the following:Double click OTL.exe.Click the CleanUp button.Select Yes when the "Begin cleanup Process?" prompt appears.If you are prompted to reboot during the cleanup, select Yes.The tool will delete itself once it finishes.Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.Right-click the Recycle Bin and please select Empty Recycle Bin.=====Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.Please consider installing and running the following program (there is a free version available):SpywareBlasterA tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them. Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:http://www.spywarewarrior.com/rogue_anti-spyware.htmA similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.Please also read Tony Klein's excellent article: How did I get infected in the first place.Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. Link to post Share on other sites More sharing options...
dykesc Posted February 3, 2013 Author ID:643080 Share Posted February 3, 2013 ComboFix uninstalledAdwCleaner is not on my computerOTL uninstalled via cleanup buttonWindows updates are set to automaticAvira antivirus program is active and up to date. Runs daily.Malwarebytes Pro is active and up to date. Runs daily.Windows firewall is enabled.Installed SpywareBlaster. All protection is enabled.Mozilla Firefox is my active browser.Thanks again for your help! Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 5, 2013 ID:643732 Share Posted February 5, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts