Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

get-answers-fast redirects, slow loading vista system

Started by builder4580 , Jan 04 2012 07:32 PM

  • Please log in to reply

#16
Jintan
Posted 11 January 2012 - 08:24 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
AVG's Security Center info is loading to something called the WMI, so just remnant info, and not actually there. But let's check. Good, and expected, that you will experience improvements there, but still, one of our scan tools failing to run means not all the malware or it's changes have been dealt with.

Please run Gmer now, and post that log. Then we will check an OTL scan.
  • 0

Advertisements

#17
builder4580
Posted 11 January 2012 - 09:14 PM

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
No having a lot of luck!!
Downloaded GMER and ran it - but not for long!

GMER dtoq!v07.exe has stopped working

Windows can check online for a solution to the problem


Clicked on View problem details-
Problem signature:
Problem Event Name: APPCRASH
Application Name: dtoq1v07.exe
Application Version: 1.0.15.15641
Application Timestamp: 4e21f2b1
Fault Module Name: dtoq1v07.exe
Fault Module Version: 1.0.15.15641
Fault Module Timestamp: 4e21f2b1
Exception Code: c0000005
Exception Offset: 0000c676
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additional Information 1: fd00
Additional Information 2: ea6f5fe8924aaa756324d57f87834160
Additional Information 3: fd00
Additional Information 4: ea6f5fe8924aaa756324d57f87834160

Read our privacy statement:
http://go.microsoft....63&clcid=0x0409

Then checked online for a solution, but nothing returned.
  • 0

#18
builder4580
Posted 11 January 2012 - 09:20 PM

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Tried to re-run GMER, but just got a BSOD
  • 0

#19
Jintan
Posted 11 January 2012 - 09:47 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Need to find what's still active behind the scenes there.

Download RogueKiller (http://www.sur-la-to...om/RogueKiller/) to your desktop (click next to "Lien de téléchargement:").

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
When prompted, type 1, and press Enter.
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.
  • 0

#20
builder4580
Posted 11 January 2012 - 09:57 PM

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
RogueKiller V6.2.3 [01/09/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User: cormact [Admin rights]
Mode: Scan -- Date : 01/11/2012 21:55:59

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F8E68292-91F9-4C77-A9B5-BBA0B6764383} : NameServer (68.94.156.1,68.94.157.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{F8E68292-91F9-4C77-A9B5-BBA0B6764383} : NameServer (68.94.156.1,68.94.157.1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 35ca6813515173c68859a08079a39560
[BSP] 597689f9fd584ba824a36be87199a262 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 82 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 161792 | Size: 10737 Mo
2 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 21133312 | Size: 236553 Mo
3 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 483151872 | Size: 2684 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#21
Jintan
Posted 11 January 2012 - 10:04 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
¤¤¤ Driver: [NOT LOADED] ¤¤¤

May be a Safe Mode issue. But really nothing of merit in that log.

Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

That scan method is less likely to hit the same snags.

-------

Also run and post a new OTL scan log please.
  • 0

#22
builder4580
Posted 11 January 2012 - 10:16 PM

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Copy and pasted here direct - desktop text doc was blank!

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-11 22:14:15
Windows 6.0.6002 Service Pack 2
Running: dtoq1v07.exe; Driver: C:\Users\cormact\AppData\Local\Temp\uwriafoc.sys


---- Modules - GMER 1.0.15 ----

Module \SystemRoot\system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) 82602000-826A2000 (655360 bytes)
Module \SystemRoot\system32\drivers\iastor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) 826A2000-82760000 (778240 bytes)
Module \SystemRoot\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) 827C8000-827D1000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\NETw4v32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) 8E807000-8EA30000 (2265088 bytes)
Module \SystemRoot\system32\DRIVERS\b57nd60x.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver./Broadcom Corporation) 8EA30000-8EA5F000 (192512 bytes)
Module \SystemRoot\system32\DRIVERS\rimmptsk.sys (RICOH MMC Driver/REDC) 8EA7D000-8EA8B000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\rimsptsk.sys (RICOH MS Driver/REDC) 8EA8B000-8EA9F000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\rixdptsk.sys (RICOH XD SM Driver/REDC) 8EA9F000-8EAF0000 (331776 bytes)
Module \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) 8EB03000-8EB2E000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 8E71B000-8E725000 (40960 bytes)
Module \SystemRoot\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) 8E7C1000-8E7C9000 (32768 bytes)
Module \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation) 81AD0000-81AD9000 (36864 bytes)
Module \??\C:\Users\cormact\AppData\Local\Temp\uwriafoc.sys (GMER) 827D1000-827EA000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Windows\system32\wbem\wmiprvse.exe (WMI Provider Host/Microsoft Corporation) 344
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 532
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 568
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000

Process C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 576
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75680000

Process C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 612
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000

Process C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 648
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75680000

Process C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 676
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75680000
Library C:\Windows\system32\psqlpwd.dll (Logon stub/UPEK Inc.) 0x316E0000
Library C:\Program Files\Fingerprint Reader Suite\homefus2.dll (PS QL Logon Kernel/UPEK Inc.) 0x31320000
Library C:\Program Files\Fingerprint Reader Suite\infra.dll (Infrastructure utility library/UPEK Inc.) 0x30000000

Process C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 688
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75680000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 824
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75680000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 880
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75680000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 976
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75680000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x74480000
Library C:\Windows\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x71670000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1036
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library c:\windows\system32\l2gpstore.dll (Policy Storage dll/Microsoft Corporation) 0x75910000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75680000
Library C:\Windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x72FC0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1072
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library c:\windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x74480000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75680000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1088
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75680000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x74140000

Process C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1528
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Program Files\Fingerprint Reader Suite\farchns.dll (PSQL file safe/UPEK Inc.) 0x31DA0000
Library C:\Program Files\Fingerprint Reader Suite\infra.dll (Infrastructure utility library/UPEK Inc.) 0x30000000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x75670000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x74140000
Library C:\Program Files\FileZilla FTP Client\fzshellext.dll 0x67080000
Library C:\Windows\system32\btncopy.dll (BTNCopy Module/Broadcom Corporation.) 0x10000000
Library C:\PROGRA~1\ArcSoft\RAWTHU~1\ShellContextMenu.dll (ShellContextMenu Module/ArcSoft Inc.) 0x031E0000
Library C:\PROGRA~1\ArcSoft\RAWTHU~1\RawEngine.dll (RawEngine/ArcSoft Inc.) 0x04610000
Library C:\PROGRA~1\ArcSoft\RAWTHU~1\RawExtend.dll (RawExtend/ArcSoft) 0x03250000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation) 0x74390000
Library C:\Program Files\jZip\jZipShell.dll (jZip shell extension/Discordia Limited) 0x038D0000
Library C:\PROGRA~1\ArcSoft\MEDIAC~1\AMCExt.dll (ShlExt/ArcSoft, Inc.) 0x02410000
Library C:\PROGRA~1\ArcSoft\MEDIAC~1\DeviceList.dll (DeviceLi Dynamic Link Library/ArcSoft) 0x02480000
Library C:\PROGRA~1\ArcSoft\MEDIAC~1\MagCore.dll (MagCore/ArcSoft Inc.) 0x024A0000
Library C:\PROGRA~1\ArcSoft\MEDIAC~1\XMLWrapper.dll (XMLWrapper Dynamic Link Library/ArcSoft, Inc.) 0x027B0000

Process C:\Users\cormact\Downloads\dtoq1v07.exe 1548
Library C:\Users\cormact\Downloads\dtoq1v07.exe 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000

Process C:\Program Files\Mozilla Firefox\plugin-container.exe (Plugin Container for Firefox/Mozilla Corporation) 1652
Library C:\Program Files\Mozilla Firefox\plugin-container.exe (Plugin Container for Firefox/Mozilla Corporation) 0x00010000
Library C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x6D860000
Library C:\Program Files\Mozilla Firefox\mozjs.dll 0x706B0000
Library C:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x737E0000
Library C:\Program Files\Mozilla Firefox\mozutils.dll (Mozilla Foundation) 0x73960000
Library C:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x71840000
Library C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x714C0000
Library C:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x718D0000
Library C:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x738A0000
Library C:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x73890000
Library C:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x717D0000
Library C:\Program Files\Mozilla Firefox\mozsqlite3.dll (SQLite Database Library/sqlite.org) 0x71300000
Library C:\Program Files\Mozilla Firefox\mozalloc.dll (Mozilla Foundation) 0x73880000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x75670000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (NPRuntime Script Plug-in Library for Java™ Deploy/Sun Microsystems, Inc.) 0x10000000

Process C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 1812
Library C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x013A0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000
Library C:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x737E0000
Library C:\Program Files\Mozilla Firefox\mozutils.dll (Mozilla Foundation) 0x73960000
Library C:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x738A0000
Library C:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x73890000
Library C:\Program Files\Mozilla Firefox\mozalloc.dll (Mozilla Foundation) 0x73880000
Library C:\Program Files\Mozilla Firefox\mozsqlite3.dll (SQLite Database Library/sqlite.org) 0x71300000
Library C:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x718D0000
Library C:\Program Files\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x71800000
Library C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x714C0000
Library C:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x717D0000
Library C:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x71840000
Library C:\Program Files\Mozilla Firefox\mozjs.dll 0x706B0000
Library C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x6D860000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x75670000
Library C:\Program Files\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x73870000
Library C:\Program Files\Mozilla Firefox\components\browsercomps.dll (Mozilla Foundation) 0x71700000
Library C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}\components\RadioWMPCoreGecko9.dll 0x10000000
Library C:\Program Files\Fingerprint Reader Suite\farchns.dll (PSQL file safe/UPEK Inc.) 0x31DA0000
Library C:\Program Files\Fingerprint Reader Suite\infra.dll (Infrastructure utility library/UPEK Inc.) 0x30000000
Library C:\Program Files\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x712E0000
Library C:\Program Files\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x70530000
Library C:\Program Files\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x70470000
Library C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Next Generation Java Plug-in 1.6.0_30 for Mozilla browsers/Sun Microsystems, Inc.) 0x0B510000
Library C:\PROGRA~1\Java\jre6\bin\client\jvm.dll (Java HotSpot™ Client VM/Sun Microsystems, Inc.) 0x10A00000
Library C:\PROGRA~1\Java\jre6\bin\verify.dll (Java™ Platform SE binary/Sun Microsystems, Inc.) 0x6D7A0000
Library C:\PROGRA~1\Java\jre6\bin\java.dll (Java™ Platform SE binary/Sun Microsystems, Inc.) 0x6D320000
Library C:\PROGRA~1\Java\jre6\bin\zip.dll (Java™ Platform SE binary/Sun Microsystems, Inc.) 0x6D7E0000
Library C:\Program Files\Java\jre6\bin\jp2native.dll 0x6D420000
Library C:\Program Files\Java\jre6\bin\deploy.dll (Java™ Deployment Library/Sun Microsystems, Inc.) 0x6D1D0000
Library C:\Program Files\Java\jre6\bin\net.dll (Java™ Platform SE binary/Sun Microsystems, Inc.) 0x6D600000
Library C:\Program Files\Java\jre6\bin\nio.dll (Java™ Platform SE binary/Sun Microsystems, Inc.) 0x6D620000
Library C:\Program Files\Java\jre6\bin\regutils.dll (Java™ Platform SE binary/Sun Microsystems, Inc.) 0x6D6A0000

Process C:\Program Files\Windows Media Player\wmpnscfg.exe (Windows Media Player Network Sharing Service Configuration Application/Microsoft Corporation) 1900
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000

Process C:\Windows\system32\wbem\unsecapp.exe (Sink to receive asynchronous callbacks for WMI client application/Microsoft Corporation) 2044
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x766A0000

---- Services - GMER 1.0.15 ----

Service C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Connect Service/ArcSoft Inc.) [AUTO] ACDaemon
Service C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated) [AUTO] AdobeARMservice
Service C:\Windows\system32\aestsrv.exe (Andrea filters APO access service (32-bit)/Andrea Electronics Corporation) [AUTO] AESTFilters
Service Avg
Service C:\Windows\system32\DRIVERS\b57nd60x.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver./Broadcom Corporation) [MANUAL] b57nd60x
Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service C:\Program Files\Browny02\BrYNSvc.exe (BrYNCSvc/Brother Industries, Ltd.) [MANUAL] BrYNSvc
Service BTKRNL
Service C:\Windows\system32\drivers\btwaudio.sys (Bluetooth Audio Device/Broadcom Corporation.) [MANUAL] btwaudio
Service C:\Windows\system32\drivers\btwavdt.sys (Broadcom Bluetooth AVDT Service/Broadcom Corporation.) [MANUAL] btwavdt
Service C:\Windows\system32\DRIVERS\btwrchid.sys (Bluetooth Remote Control HID Minidriver/Broadcom Corporation.) [MANUAL] btwrchid
Service C:\Users\cormact\AppData\Local\Temp\catchme.sys [MANUAL] catchme
Service system32\DRIVERS\cdrom.sys [SYSTEM] cdrom
Service C:\Users\cormact\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [MANUAL] cpuz134
Service C:\Windows\system32\DRIVERS\e1e6032.sys (Intel® PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] e1express
Service C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel® PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
Service C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel® PROSet/Wireless Event Log/Intel Corporation) [AUTO] EvtEng
Service C:\Windows\system32\drivers\iastor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) [BOOT] iaStor
Service C:\Windows\system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) [BOOT] iaStorV
Service C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\Windows\system32\DRIVERS\NETw4v32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) [MANUAL] NETw4v32
Service C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 186.21 /NVIDIA Corporation) [MANUAL] nvlddmkm
Service C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 186.21/NVIDIA Corporation) [MANUAL] nvsvc
Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Windows\system32\DRIVERS\OEM02Dev.sys (Video Capture Device Driver/Creative Technology Ltd.) [MANUAL] OEM02Dev
Service C:\Windows\system32\DRIVERS\OEM02Vfx.sys (Advanced Video FX Filter
Driver (Win2K based)/EyePower Games Pte. Ltd.) [MANUAL] OEM02Vfx
Service system32\DRIVERS\pcdrndisuio.sys [MANUAL] PcdrNdisuio
Service C:\Windows\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.) [MANUAL] R300
Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel® PROSet/Wireless Registry Service/Intel Corporation) [AUTO] RegSrvc
Service C:\Windows\system32\DRIVERS\rimmptsk.sys (RICOH MMC Driver/REDC) [AUTO] rimmptsk
Service C:\Windows\system32\DRIVERS\rimsptsk.sys (RICOH MS Driver/REDC) [AUTO] rimsptsk
Service C:\Windows\system32\DRIVERS\rixdptsk.sys (RICOH XD SM Driver/REDC) [AUTO] rismxdp
Service C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (RoxMediaDB9 Module/Sonic Solutions) [MANUAL] RoxMediaDB9
Service C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (RoxSniffer9 Module/Sonic Solutions) [AUTO] RoxWatch9
Service SDFirewallService
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service C:\Program [AUTO] sprtsvc_dellsupportcenter
Service C:\Windows\system32\STacSV.exe (STacSV Module/IDT, Inc.) [AUTO] STacSV
Service C:\Windows\system32\drivers\stwrt.sys (NDHF/IDT, Inc.) [MANUAL] STHDA
Service C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (SureThing Labelflash Disc Printer Service Module/MicroVision Development, Inc.) [MANUAL] stllssvr
Service SynPS2Enable
Service C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP
Service C:\Windows\System32\Drivers\tcusb.sys (TouchChip USB Kernel Driver/UPEK Inc.) [MANUAL] TcUsb
Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service Windows Workflow Foundation 3.0.0.0
Service WSearchIdxPi

---- EOF - GMER 1.0.15 ----
  • 0

#23
builder4580
Posted 11 January 2012 - 10:30 PM

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
OTL logfile created on: 1/11/2012 10:25:43 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\cormact\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 74.60% Memory free
6.19 Gb Paging File | 5.64 Gb Available in Paging File | 91.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.31 Gb Total Space | 154.02 Gb Free Space | 69.91% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.81 Gb Free Space | 58.12% Space Free | Partition Type: NTFS

Computer Name: CORMACT-PC | User Name: cormact | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/11 22:24:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\cormact\Downloads\OTL.exe
PRC - [2012/01/11 20:50:31 | 000,302,592 | ---- | M] () -- C:\Users\cormact\Downloads\dtoq1v07.exe
PRC - [2012/01/08 21:39:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/11 20:50:31 | 000,302,592 | ---- | M] () -- C:\Users\cormact\Downloads\dtoq1v07.exe
MOD - [2012/01/08 21:39:55 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/04 03:26:30 | 000,076,800 | ---- | M] () -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}\components\RadioWMPCoreGecko9.dll
MOD - [2011/12/16 10:19:32 | 000,008,192 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2011/08/28 15:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2007/09/07 12:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 15:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2009/06/16 13:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/07 12:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/28 23:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 23:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/13 03:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/28 05:25:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/28 05:25:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/02/28 05:25:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...E-D302366B6C78}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80126
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\cormact\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2009/12/25 22:13:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2009/12/25 22:16:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/27 09:12:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/08 21:39:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/16 10:23:18 | 000,000,000 | ---D | M]

[2011/08/29 11:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cormact\AppData\Roaming\Mozilla\Extensions
[2012/01/09 10:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions
[2010/06/19 10:53:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/18 10:25:01 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/09 10:51:28 | 000,000,000 | ---D | M] (vshare.tv Bar Community Toolbar) -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2012/01/05 21:44:12 | 000,000,000 | ---D | M] (TenchisTV Community Toolbar) -- C:\Users\cormact\AppData\Roaming\Mozilla\Firefox\Profiles\njucu1qh.default\extensions\{ece24dcf-8548-4655-b392-47a388721482}
[2012/01/08 21:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/25 07:05:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/08 21:39:55 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/16 10:19:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011/08/23 20:29:38 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011/11/10 08:08:59 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ToolbarBHO Class) - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (RAW Thumbnail Viewer) - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Fingerprint Reader Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\cormact\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] https in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8E68292-91F9-4C77-A9B5-BBA0B6764383}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8E68292-91F9-4C77-A9B5-BBA0B6764383}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Red.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_Red.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/11 21:55:34 | 000,000,000 | ---D | C] -- C:\Users\cormact\Desktop\RK_Quarantine
[2012/01/11 18:08:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/10 23:23:31 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshflxgd.ocx
[2012/01/10 23:23:31 | 000,422,848 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx
[2012/01/10 23:23:31 | 000,331,776 | ---- | C] (VideoSoft) -- C:\Windows\System32\VSPRINT7.ocx
[2012/01/10 23:23:31 | 000,081,920 | ---- | C] (VideoSoft) -- C:\Windows\System32\vsStr7.ocx
[2012/01/10 23:23:30 | 000,460,232 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\sstbars2.ocx
[2012/01/10 23:23:30 | 000,376,832 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pe3do32a.ocx
[2012/01/10 23:23:30 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2012/01/10 23:23:29 | 000,103,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMM32.OCX
[2012/01/10 23:23:24 | 003,063,808 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\PEGRP32D.DLL
[2012/01/10 23:23:24 | 001,763,328 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\PEGRP32a.dll
[2012/01/10 23:23:24 | 001,051,648 | ---- | C] (Genesis Financial Data Services) -- C:\Windows\System32\G32_GD.dll
[2012/01/10 23:23:24 | 000,507,904 | ---- | C] (Sequiter Software Inc.) -- C:\Windows\System32\c4dll.dll
[2012/01/10 23:23:24 | 000,335,872 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pepco32a.ocx
[2012/01/10 23:23:24 | 000,286,720 | ---- | C] (Genesis Financial Data Services) -- C:\Windows\System32\G32_zip.dll
[2012/01/10 23:23:24 | 000,237,568 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsocx6.ocx
[2012/01/10 23:23:24 | 000,143,360 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pego32a.ocx
[2012/01/10 23:23:24 | 000,073,728 | ---- | C] (Interactive Brokers) -- C:\Windows\System32\TwsSocketClient.dll
[2012/01/10 23:23:24 | 000,063,488 | ---- | C] (Spider Eye Studios P/L) -- C:\Windows\System32\FlexBag.dll
[2012/01/10 23:23:03 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSRDO20.DLL
[2012/01/10 23:23:03 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdocurs.dll
[2012/01/10 23:23:03 | 000,007,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ODBCCP32.CPL
[2012/01/10 23:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TransactAPI
[2012/01/10 23:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PhotonAPI
[2012/01/10 23:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LindWaldockAPI
[2012/01/10 23:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InteractiveBrokersAPI
[2012/01/10 23:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genesis
[2012/01/10 23:23:00 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2012/01/10 23:23:00 | 000,000,000 | ---D | C] -- C:\Genesis
[2012/01/10 22:12:07 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{2F3250ED-9AA7-4A62-9F29-900E548C9ABF}
[2012/01/10 22:11:55 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{E9AF8E7B-1E38-4783-825E-C2175BA3126E}
[2012/01/09 22:29:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/09 22:29:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/09 22:29:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/09 21:53:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/09 21:27:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/09 20:55:38 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{9457B99F-E4D7-44A5-9869-F868F337EAE9}
[2012/01/09 20:55:29 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{C87A6A4D-8EC8-4C24-A1CA-CD559DD1159F}
[2012/01/09 08:11:50 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{683C51AA-119C-4541-B3A1-F4C9DF596F30}
[2012/01/09 08:09:46 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{F7E8CD32-B3A3-469D-9B81-055A00CEEAFF}
[2012/01/08 21:36:44 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{FF990BD4-F4CE-443B-AF62-3415CE29B450}
[2012/01/07 12:16:25 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2012/01/07 10:00:32 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{D19CF87F-990E-4125-A1B5-F193086162FB}
[2012/01/02 23:27:00 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{9B462714-650F-448D-9DF6-7DB633F93558}
[2012/01/02 23:26:39 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{5652AC2F-4587-4674-AA15-BB444ACFA734}
[2012/01/02 08:00:09 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{846B23B4-EBE6-41CE-A28A-D93242C87FD5}
[2012/01/01 08:27:37 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{E96E452B-DF95-4EC5-9DA5-834E7748C090}
[2012/01/01 08:27:10 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{0D0F0BA0-FA39-42B8-AA71-A6FE76E0B109}
[2011/12/31 21:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/31 21:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011/12/31 20:42:03 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\PackageAware
[2011/12/31 09:11:36 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{14460796-B467-4A8A-A333-BC6160A50E19}
[2011/12/31 09:11:23 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{4E64CF22-C644-467C-A163-6D640C6C23E3}
[2011/12/27 08:01:12 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{DB46FA76-63F3-4425-88CB-7B9181725D65}
[2011/12/27 08:01:03 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{D2E0171E-DBDA-4F38-B5E2-B7514EA1DD03}
[2011/12/25 11:17:11 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{298745A9-4573-4D33-B125-32D90C39AA2E}
[2011/12/24 12:48:43 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{EA3208B4-1E01-4697-B715-F630368D5DBE}
[2011/12/23 22:34:13 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{CEFA4BA7-FF72-4C11-A79E-B3BFF7FB78E8}
[2011/12/18 10:22:29 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{E0851EB8-A3B3-4315-9CC3-E7B74CAA28EA}
[2011/12/18 10:22:16 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{7EBE2D1F-FCAC-4D93-B09C-E2B7E6999111}
[2011/12/16 23:59:17 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{7D18A82C-5181-4F55-B37B-CE5C1BD6831C}
[2011/12/16 23:59:03 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{FEBA97C4-A424-4683-ADB8-59805962F393}
[2011/12/16 10:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/16 10:19:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/16 10:19:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/16 10:19:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/16 10:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/15 09:31:58 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{A4C9FBCF-726F-43C6-B329-7C0EE8DAA25A}
[2011/12/15 08:07:48 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{DC2783E3-21DB-4F51-BEB8-1C0B60DC297F}
[2011/12/15 03:03:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 03:03:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 03:03:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 03:03:30 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 03:03:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 03:03:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 19:39:08 | 000,000,000 | ---D | C] -- C:\Users\cormact\AppData\Local\{083229A2-D9C0-4B22-B282-ED08CB8E0A86}
[2011/12/14 04:06:28 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 04:06:28 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 04:06:26 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 04:06:13 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 04:05:52 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 04:05:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/04/30 15:04:31 | 000,008,192 | ---- | C] ( ) -- C:\Windows\System32\cshost.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/11 22:25:24 | 000,000,824 | ---- | M] () -- C:\Users\cormact\Desktop\OTL.exe - Shortcut.lnk
[2012/01/11 21:54:22 | 000,000,870 | ---- | M] () -- C:\Users\cormact\Desktop\RogueKiller.exe - Shortcut.lnk
[2012/01/11 21:21:43 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/11 21:21:43 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/11 21:21:07 | 000,000,680 | ---- | M] () -- C:\Users\cormact\AppData\Local\d3d9caps.dat
[2012/01/11 21:16:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/11 21:16:28 | 197,210,018 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/11 20:54:05 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 20:54:05 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 20:54:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/11 20:54:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/11 20:51:21 | 000,000,548 | ---- | M] () -- C:\Users\cormact\Desktop\dtoq1v07.exe - Shortcut.lnk
[2012/01/11 20:49:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/11 20:39:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1305091848-4078153160-3836742915-1000UA.job
[2012/01/11 19:53:30 | 000,114,119 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/01/11 19:48:34 | 000,000,681 | ---- | M] () -- C:\Users\cormact\Desktop\Windows Media Player - Shortcut.lnk
[2012/01/11 17:44:04 | 000,000,855 | ---- | M] () -- C:\Users\cormact\Desktop\ComboFix.exe - Shortcut.lnk
[2012/01/10 23:39:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1305091848-4078153160-3836742915-1000Core.job
[2012/01/10 23:36:15 | 000,000,087 | ---- | M] () -- C:\Windows\NavWin.INI
[2012/01/10 23:29:24 | 000,001,675 | ---- | M] () -- C:\Users\Public\Desktop\Trade Navigator.lnk
[2012/01/10 22:27:03 | 000,000,536 | ---- | M] () -- C:\Users\cormact\Desktop\aswMBR.exe - Shortcut.lnk
[2012/01/08 22:39:09 | 000,000,512 | ---- | M] () -- C:\Users\cormact\Documents\MBR.dat
[2012/01/03 20:22:04 | 000,060,304 | ---- | M] () -- C:\Users\cormact\g2mdlhlpx.exe
[2012/01/02 23:55:23 | 000,001,030 | ---- | M] () -- C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/01/02 09:27:06 | 000,012,032 | ---- | M] () -- C:\Users\cormact\Documents\MARKET HOLIDAYS 2012.odt
[2011/12/27 22:50:22 | 000,000,813 | ---- | M] () -- C:\Users\cormact\Desktop\i_view32 - Shortcut.lnk
[2011/12/27 22:43:41 | 000,000,595 | ---- | M] () -- C:\Users\cormact\Desktop\explorer - Shortcut.lnk
[2011/12/18 03:35:36 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/17 11:40:33 | 000,001,003 | ---- | M] () -- C:\Users\cormact\Desktop\OpenOffice.org.lnk
[2011/12/16 10:19:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/12/16 10:19:31 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/16 10:19:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/16 10:19:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/15 03:29:39 | 000,298,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 08:27:28 | 000,001,396 | ---- | M] () -- C:\Users\cormact\Desktop\notepad - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/11 22:25:24 | 000,000,824 | ---- | C] () -- C:\Users\cormact\Desktop\OTL.exe - Shortcut.lnk
[2012/01/11 21:54:22 | 000,000,870 | ---- | C] () -- C:\Users\cormact\Desktop\RogueKiller.exe - Shortcut.lnk
[2012/01/11 20:51:21 | 000,000,548 | ---- | C] () -- C:\Users\cormact\Desktop\dtoq1v07.exe - Shortcut.lnk
[2012/01/11 19:48:34 | 000,000,681 | ---- | C] () -- C:\Users\cormact\Desktop\Windows Media Player - Shortcut.lnk
[2012/01/11 17:44:04 | 000,000,855 | ---- | C] () -- C:\Users\cormact\Desktop\ComboFix.exe - Shortcut.lnk
[2012/01/10 23:29:23 | 000,000,087 | ---- | C] () -- C:\Windows\NavWin.INI
[2012/01/10 23:23:34 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\Trade Navigator.lnk
[2012/01/10 23:23:24 | 000,118,784 | ---- | C] () -- C:\Windows\System32\G32_TICK.DLL
[2012/01/10 23:23:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\G32_rkey.dll
[2012/01/10 23:23:24 | 000,007,680 | ---- | C] () -- C:\Windows\System32\free_res.exe
[2012/01/10 22:27:03 | 000,000,536 | ---- | C] () -- C:\Users\cormact\Desktop\aswMBR.exe - Shortcut.lnk
[2012/01/10 22:24:24 | 197,210,018 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/09 22:29:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/09 22:29:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/09 22:29:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/09 22:29:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/09 22:29:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/08 22:39:09 | 000,000,512 | ---- | C] () -- C:\Users\cormact\Documents\MBR.dat
[2012/01/02 23:55:23 | 000,001,030 | ---- | C] () -- C:\Users\cormact\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/01/02 09:27:04 | 000,012,032 | ---- | C] () -- C:\Users\cormact\Documents\MARKET HOLIDAYS 2012.odt
[2011/12/27 22:50:22 | 000,000,813 | ---- | C] () -- C:\Users\cormact\Desktop\i_view32 - Shortcut.lnk
[2011/12/27 22:43:41 | 000,000,595 | ---- | C] () -- C:\Users\cormact\Desktop\explorer - Shortcut.lnk
[2011/12/17 11:40:33 | 000,001,003 | ---- | C] () -- C:\Users\cormact\Desktop\OpenOffice.org.lnk
[2011/12/13 08:27:06 | 000,001,396 | ---- | C] () -- C:\Users\cormact\Desktop\notepad - Shortcut.lnk
[2011/12/11 12:37:58 | 000,001,180 | -HS- | C] () -- C:\Users\cormact\AppData\Local\vssccn8v5nix1mvd1ytf7e741l7k
[2011/12/11 12:37:58 | 000,001,180 | -HS- | C] () -- C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k
[2011/12/04 16:38:29 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011/12/02 00:01:56 | 000,001,328 | -HS- | C] () -- C:\Users\cormact\AppData\Local\6m72ty5l22j837
[2011/12/02 00:01:56 | 000,001,328 | -HS- | C] () -- C:\ProgramData\6m72ty5l22j837
[2011/12/01 19:44:13 | 000,001,140 | -HS- | C] () -- C:\Users\cormact\AppData\Local\08455368k8t88sw5klh3d8vkse5rhtf0020
[2011/12/01 19:44:13 | 000,001,140 | -HS- | C] () -- C:\ProgramData\08455368k8t88sw5klh3d8vkse5rhtf0020
[2011/09/28 16:11:55 | 000,332,298 | ---- | C] () -- C:\Users\cormact\AppData\Local\fswiv
[2011/08/11 19:02:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/08/11 19:02:27 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/08/11 19:02:26 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2011/04/20 21:01:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/27 08:50:56 | 000,280,082 | ---- | C] () -- C:\ProgramData\12345.zip
[2010/09/25 23:52:43 | 000,000,271 | ---- | C] () -- C:\Users\cormact\AppData\Roaming\hgksfg.bat
[2009/10/20 18:25:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 18:25:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/01 06:43:00 | 000,116,840 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/04/17 20:33:25 | 000,114,119 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/17 20:32:55 | 000,114,119 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/18 23:00:41 | 000,000,680 | ---- | C] () -- C:\Users\cormact\AppData\Local\d3d9caps.dat
[2008/10/16 07:32:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/04 16:32:10 | 000,054,527 | ---- | C] () -- C:\Users\cormact\AppData\Roaming\nvModes.001
[2008/06/29 17:20:11 | 000,054,527 | ---- | C] () -- C:\Users\cormact\AppData\Roaming\nvModes.dat
[2008/05/17 13:41:23 | 000,031,232 | ---- | C] () -- C:\Users\cormact\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/28 16:29:50 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/28 16:29:40 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/12/28 08:50:47 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2007/12/28 08:36:23 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/10 07:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,298,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

< End of report >
  • 0

#24
Jintan
Posted 12 January 2012 - 04:46 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
From the Gmer log, this does not appear correct:

Service system32\DRIVERS\cdrom.sys [SYSTEM] cdrom

And in checking the TDSSKiller logs, it also is the only service where TDSSKiller doesn't associate a file with it:

21:05:42.0099 5116 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:05:42.0101 5116 cdfs - ok
21:05:42.0192 5116 cdrom - ok
21:05:42.0241 5116 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:05:42.0242 5116 circlass - ok

So something amiss with that, and we'll need to get a handle on it. Likely the culprit in running our tools there.


I am not too familiar with SpyBot lately, so am surprised to see it adding a firewall service, and a process loading in Winlogon. Please be very sure all of it's functions are disable when doing these repairs (if not already).

------------

Open Firefox - Tools - Add-ons, and locate and remove these adware/search hijackers:

vshare.tv Bar Community Toolbar
TenchisTV Community Toolbar

-------

Open OTL again.

Under the Custom Scans/Fixes box at the bottom, paste in the following (inside the Code box):

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...E-D302366B6C78}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80126
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
:Files 
C:\Users\cormact\AppData\Local\vssccn8v5nix1mvd1ytf7e741l7k
C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k
C:\Users\cormact\AppData\Local\6m72ty5l22j837  
C:\ProgramData\6m72ty5l22j837  
C:\Users\cormact\AppData\Local\08455368k8t88sw5klh3d8vkse5rhtf0020  
C:\ProgramData\08455368k8t88sw5klh3d8vkse5rhtf0020  
C:\Users\cormact\AppData\Local\fswiv


Then click the Run Fix button at the top of the OTL display.

Once the scan completes the results will open in Notepad - copy/paste those back here please.

-----------

Let's check files.

Click here and download jpshortstuff's SystemLook to your desktop, then click that file to open the scan display. In the open textbox, copy and paste the following (inside the Code box below):

:filefind
cdrom.sys

Then click Look. Once the scan completes Notepad will open - copy/paste those contents back here please. That will also be saved as a log where you have the scan file, named SystemLook.txt.

-----------

Let's check the results of all that for now. We will probably need to see what temp disabling that cdrom driver will do, but better to make sure of things right now.
  • 0

#25
builder4580
Posted 12 January 2012 - 08:31 PM

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I was trying to use my dvd earlier, but my system does not recognize its existance.
When I click on 'my computer' the panel shows: Hard Drives (2) - OS (C:) RECOVERY (D:)
and an entry under Network Location 1 - desktop.ini. Does RECOVERY (D:) mean the drive needs recovery?

Here's my OTL log:



========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AEB3EFD-E564-43F1-B658-5058A7C5743B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AEB3EFD-E564-43F1-B658-5058A7C5743B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
========== FILES ==========
C:\Users\cormact\AppData\Local\vssccn8v5nix1mvd1ytf7e741l7k moved successfully.
C:\ProgramData\vssccn8v5nix1mvd1ytf7e741l7k moved successfully.
C:\Users\cormact\AppData\Local\6m72ty5l22j837 moved successfully.
C:\ProgramData\6m72ty5l22j837 moved successfully.
C:\Users\cormact\AppData\Local\08455368k8t88sw5klh3d8vkse5rhtf0020 moved successfully.
C:\ProgramData\08455368k8t88sw5klh3d8vkse5rhtf0020 moved successfully.
C:\Users\cormact\AppData\Local\fswiv moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 01122012_202017
  • 0

Advertisements

#26
builder4580
Posted 12 January 2012 - 08:37 PM

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 20:34 on 12/01/2012 by cormact
Administrator - Elevation successful

========== filefind ==========

Searching for "cdrom.sys"
C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys --a---- 67072 bytes [01:53 30/06/2008] [05:49 19/01/2008] 1EC25CEA0DE6AC4718BF89F9E1778B57
C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys --a---- 67072 bytes [00:24 21/10/2009] [04:39 11/04/2009] 6B4BFFB9BECD728097024276430DB314
C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys --a---- 67072 bytes [10:25 02/11/2006] [08:51 02/11/2006] 8D1866E61AF096AE8B582454F5E4D303
C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys --a---- 67072 bytes [01:53 30/06/2008] [05:49 19/01/2008] 1EC25CEA0DE6AC4718BF89F9E1778B57
C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys --a---- 67072 bytes [00:24 21/10/2009] [04:39 11/04/2009] 6B4BFFB9BECD728097024276430DB314

-= EOF =-
  • 0

#27
Jintan
Posted 12 January 2012 - 09:01 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
That recovery drive is usually a hidden partition, where the files are stored for you to access using a bootup key sequence, and do a factory reinstall of the system. If you made the changes to see hidden files, this may now be visible where it wasn't before.

Cdrom.sys seems to have gone missing there.


Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

sc config cdrom start= disabled

You should get a "Success" confirmation. Then just type exit and press Enter to close the command window. If you did not get that confirmation, stop, and post back here for further advice.

-----------

Reboot, and try running ComboFix again, and post that log please.
  • 0

#28
builder4580
Posted 12 January 2012 - 09:37 PM

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Still getting this warning when running Combofix

Warning!!
ComboFix has detected the following real time scanner(s) to be active

Antivirus: AVG Anti-Virus Free Edition 2012
Antispyware: AVG Anti-Virus Free Edition 2012

Antivirus and intrusion prevention programs are known to interfere
with ComboFix's running. This may lead to unpredictable results or
possible machine damage.

Please disable these scanners before clicking OK

Clicked OK
Scan has been running for 20mins+ (in Safe Mode)
  • 0

#29
Jintan
Posted 13 January 2012 - 04:23 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I have had ComboFix scans run for a very long time, yet still succeed. Not sure the status now of course - how did it do after that 20 minutes?
  • 0

#30
builder4580
Posted 13 January 2012 - 10:03 PM

builder4580

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I exited the program shortly after the 20 min mark.
Will re-run it and leave it on all night again.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP