Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus after downloading Windows Security Essentials [Closed]

Started by foofoo200 , Jul 28 2012 12:55 PM

  • This topic is locked This topic is locked

#1
foofoo200
Posted 28 July 2012 - 12:55 PM

foofoo200

    New Member

  • Member
  • Pip
  • 8 posts
Hi

I am having problems after downloading WSE. First it infected with my computer as a pop up box kept coming up saying warning, something has been detected, to protect your comuter your computer will automatically restate in 1 minute....or something to that effect.

Somehow i managed to keep the computer on long enough to download Malwarebytes which has cleaned up 3 of the 4 viruses but it now can't get rid of one. The problem is called

windows\installer\{{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@

Is this a virus and do you know how i can get rid of this?

Thanks
  • 0

Advertisements

#2
Essexboy
Posted 28 July 2012 - 01:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi are you sure it is windows security essentials and not Microsoft security essentials

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
foofoo200
Posted 28 July 2012 - 01:34 PM

foofoo200

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL Extras logfile created on: 28/07/2012 20:07:14 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Administrator.mattsolari-PC\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 30.43% Memory free
4.10 Gb Paging File | 1.81 Gb Available in Paging File | 44.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.69 Gb Total Space | 39.88 Gb Free Space | 28.55% Space Free | Partition Type: NTFS
Drive D: | 9.36 Gb Total Space | 1.70 Gb Free Space | 18.16% Space Free | Partition Type: NTFS

Computer Name: MATTSOLARI-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06504E2A-EE00-4D29-9DCF-C846BB8DF588}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{2A4FCDD5-6AEB-4CB8-9FF5-857ACEC18230}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4BAFBB28-7131-4388-8025-17B99BE9EC04}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{66C0BD20-22C0-400E-BB84-208529B68AC1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71B4AFF8-1EBC-4D8E-9A91-9528826FF61A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{79406B32-9F5E-4C48-8A4B-4C2211E13A37}" = protocol=6 | dir=in | app=c:\users\mattsolari\appdata\local\temp\7zs5f9c.tmp\symnrt.exe |
"{86827079-4594-42FB-BA94-48E665EA1D6E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A60A640A-87CD-4C0B-9D04-864844550A7F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A6A8A360-C00B-43FF-8B56-9626DBF0A8FE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A6D5D852-7287-428C-9A65-B8450F81133B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A7C2BA07-3053-4132-8319-6201448D7160}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AAAB13BA-4D07-4EB9-B6E1-DA9B564EC255}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE7F4719-D74E-4DEE-AFF5-4E465E6CDC6E}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{C246D1C3-6957-4872-9FA4-30BC9A81A1E6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D84C3C39-1972-4961-959F-4E60008C3FD3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DE0077EA-7AA3-45FB-94B2-D6D4788A9356}" = protocol=17 | dir=in | app=c:\users\mattsolari\appdata\local\temp\7zs5f9c.tmp\symnrt.exe |
"{E4F6A5EB-31C2-45D0-849F-F11E128F4CE6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{382CD908-722F-4ED2-AAD9-6ED461277A39}C:\windows\system32\dwm.exe" = protocol=6 | dir=in | app=c:\windows\system32\dwm.exe |
"TCP Query User{545C78F1-7996-42D6-8F1C-3C55C85A8213}C:\users\mattsolari\appdata\local\temp\winnxsw.exe" = protocol=6 | dir=in | app=c:\users\mattsolari\appdata\local\temp\winnxsw.exe |
"TCP Query User{CB446170-C514-4EC3-89A3-2F182057C007}F:\ujkhae.pif" = protocol=6 | dir=in | app=f:\ujkhae.pif |
"TCP Query User{F96780F9-6F9E-49D1-941B-CE66BAC90F26}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{FFEE3C82-4F3C-479E-99C4-FCDB3E5A7479}C:\windows\system32\mobsync.exe" = protocol=6 | dir=in | app=c:\windows\system32\mobsync.exe |
"UDP Query User{02E2B668-40AB-4A17-96F1-1FDFCDBEFCA1}C:\windows\system32\dwm.exe" = protocol=17 | dir=in | app=c:\windows\system32\dwm.exe |
"UDP Query User{06E13B5D-5ADC-41B4-B06D-F91432AB3764}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{8AB1094E-2928-431F-828A-3A01982CB880}C:\windows\system32\mobsync.exe" = protocol=17 | dir=in | app=c:\windows\system32\mobsync.exe |
"UDP Query User{A9D2C281-5B0A-4829-9F15-5549F08A2C8A}F:\ujkhae.pif" = protocol=17 | dir=in | app=f:\ujkhae.pif |
"UDP Query User{F2308F37-5598-4E90-9BAF-BAB61900379C}C:\users\mattsolari\appdata\local\temp\winnxsw.exe" = protocol=17 | dir=in | app=c:\users\mattsolari\appdata\local\temp\winnxsw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F413B69D-4AD6-42AB-AEA5-0548989FAD50}" = Norton 360
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 2.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"PokerStars" = PokerStars
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WOLAPI" = Westwood Shared Internet Components

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28/07/2012 09:24:27 | Computer Name = mattsolari-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 28/07/2012 09:25:49 | Computer Name = mattsolari-PC | Source = VSS | ID = 8194
Description =

Error - 28/07/2012 09:25:50 | Computer Name = mattsolari-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 28/07/2012 09:34:48 | Computer Name = mattsolari-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 28/07/2012 09:42:44 | Computer Name = mattsolari-PC | Source = VSS | ID = 8194
Description =

Error - 28/07/2012 09:42:54 | Computer Name = mattsolari-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 28/07/2012 09:48:21 | Computer Name = mattsolari-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 28/07/2012 09:49:42 | Computer Name = mattsolari-PC | Source = VSS | ID = 8194
Description =

Error - 28/07/2012 09:49:43 | Computer Name = mattsolari-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 28/07/2012 09:50:33 | Computer Name = mattsolari-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 28/07/2012 09:52:47 | Computer Name = mattsolari-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 28/07/2012 09:52:51 | Computer Name = mattsolari-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 28/07/2012 09:52:52 | Computer Name = mattsolari-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 28/07/2012 09:52:52 | Computer Name = mattsolari-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 28/07/2012 09:53:58 | Computer Name = mattsolari-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 28/07/2012 09:53:58 | Computer Name = mattsolari-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 28/07/2012 09:53:59 | Computer Name = mattsolari-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 28/07/2012 09:53:59 | Computer Name = mattsolari-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 28/07/2012 13:46:34 | Computer Name = mattsolari-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 28/07/2012 13:47:15 | Computer Name = mattsolari-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 28/07/2012 13:47:33 | Computer Name = mattsolari-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >
  • 0

#4
foofoo200
Posted 28 July 2012 - 01:35 PM

foofoo200

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Administrator.mattsolari-PC\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 30.43% Memory free
4.10 Gb Paging File | 1.81 Gb Available in Paging File | 44.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.69 Gb Total Space | 39.88 Gb Free Space | 28.55% Space Free | Partition Type: NTFS
Drive D: | 9.36 Gb Total Space | 1.70 Gb Free Space | 18.16% Space Free | Partition Type: NTFS

Computer Name: MATTSOLARI-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/07/28 19:35:15 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.mattsolari-PC\Downloads\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/02/07 20:54:54 | 000,078,624 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/26 09:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/01/21 03:23:43 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/07 20:54:54 | 000,078,624 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/23 15:04:16 | 000,814,160 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
MOD - [2007/08/14 20:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 20:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 20:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/04/26 09:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Users\MATTSO~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\MATTSO~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Disabled | Stop_Pending] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/28 13:28:13 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\kxii.sys -- (blfkl)
DRV - [2012/07/03 17:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 17:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 17:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 17:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 17:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/07/03 17:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/10/01 01:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 01:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 01:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 01:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009/09/05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/04 18:54:22 | 000,113,664 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/12 17:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2006/11/02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {A933DCA9-5102-4BC9-944C-5C40AF831F29}
IE - HKLM\..\SearchScopes\{2D95AC75-45C9-4169-86EC-EA08A9868369}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{A933DCA9-5102-4BC9-944C-5C40AF831F29}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKLM\..\SearchScopes\{CDD7A2D0-16E4-4851-B22A-AE96EED169A8}: "URL" = http://uk.kelkoopart...tnerId=96913936


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3033820574-4051440754-3240399450-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKU\S-1-5-21-3033820574-4051440754-3240399450-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKU\S-1-5-21-3033820574-4051440754-3240399450-500\..\SearchScopes,DefaultScope = {A933DCA9-5102-4BC9-944C-5C40AF831F29}
IE - HKU\S-1-5-21-3033820574-4051440754-3240399450-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()



O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O3 - HKU\S-1-5-21-3033820574-4051440754-3240399450-500\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3033820574-4051440754-3240399450-500\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3033820574-4051440754-3240399450-500..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3033820574-4051440754-3240399450-500..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Fern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O7 - HKU\S-1-5-21-3033820574-4051440754-3240399450-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3033820574-4051440754-3240399450-500\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {2616E301-9414-11DA-8AEB-00B0D099C2B6} https://bst.environc.../BSTCOP0400.CAB (Reg Error: Key error.)
O16 - DPF: {2A00324E-751C-11D3-A5D3-00C04F7F81E2} https://bst.environc.../BSTEIT0040.CAB (Reg Error: Key error.)
O16 - DPF: {85DAA0B2-F005-11D5-9271-00B0D07DCA5B} https://bst.environc...STGUI000013.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {90C8812D-81C2-45EA-8101-6C6F29835AE8} https://bst.environc...TeInstaller.CAB (BSTEnterpriseInstaller.clsBSTeInstaller)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {DB797690-40E0-11D2-9BD5-0060082AE372} https://bst.environc...STeDepFiles.CAB (Xceed Zip Control v5.0)
O16 - DPF: {DCFEDB58-DB3F-4DEB-A4C4-D8107FBBDAC3} https://bst.environc...ReportsCE12.CAB (Crystal ActiveX Report Viewer Control 12.0)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E6671596-1F52-11D3-8162-00C04F8DF62C} https://bst.environc...AuroraShell.CAB (AuroraShell.ShellControl)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97CD502E-8452-426D-9B61-601453559BE0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE2C4C18-DD58-419B-842C-416938D589DB}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Dots.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Dots.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/09 06:45:46 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 18:33:27 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/07/28 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator.mattsolari-PC\AppData\Local\Seven Zip
[2012/07/28 14:53:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator.mattsolari-PC\AppData\Roaming\SoftGrid Client
[2012/07/28 14:53:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator.mattsolari-PC\AppData\Local\SoftGrid Client
[2012/07/28 14:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Business (English)
[2012/07/28 14:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/07/28 14:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/07/28 14:50:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/07/28 14:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/07/28 14:49:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator.mattsolari-PC\AppData\Roaming\TP
[2012/07/28 14:48:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator.mattsolari-PC\AppData\Local\Windows Live
[2012/07/28 14:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012/07/28 14:46:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/28 14:34:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/28 13:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/26 17:45:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator.mattsolari-PC\AppData\Roaming\Malwarebytes
[2012/07/26 17:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/26 17:45:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/26 17:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/24 23:03:45 | 000,000,000 | ---D | C] -- C:\a2904bb50e0569e3cfaada
[2012/07/24 23:03:44 | 000,000,000 | ---D | C] -- C:\308fff14dbdb6e3f56
[2012/07/24 22:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/19 18:52:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator.mattsolari-PC\AppData\Local\Apple
[2012/07/19 18:52:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator.mattsolari-PC\AppData\Roaming\Macromedia
[2012/07/19 18:51:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator.mattsolari-PC\AppData\Roaming\Adobe
[2012/07/19 18:51:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator.mattsolari-PC\AppData\Local\AOL
[2012/07/03 18:45:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[1 C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\*.tmp files -> C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/28 19:59:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033820574-4051440754-3240399450-1000UA.job
[2012/07/28 19:51:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033820574-4051440754-3240399450-1001UA.job
[2012/07/28 18:48:22 | 000,000,013 | ---- | M] () -- C:\Users\Administrator.mattsolari-PC\AppData\Roaming\mbam.context.scan
[2012/07/28 18:30:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/28 18:30:47 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 18:30:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 14:52:15 | 000,598,540 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/28 14:52:15 | 000,105,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/28 13:28:13 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\kxii.sys
[2012/07/28 13:24:21 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/28 13:24:15 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/28 12:55:15 | 2075,336,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/26 21:15:35 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033820574-4051440754-3240399450-1000Core.job
[2012/07/26 18:01:40 | 000,312,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/26 17:45:44 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/26 17:44:38 | 000,000,680 | ---- | M] () -- C:\Users\Administrator.mattsolari-PC\AppData\Local\d3d9caps.dat
[2012/07/26 16:48:35 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/24 22:56:09 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033820574-4051440754-3240399450-1001Core.job
[2012/07/19 18:51:38 | 000,000,943 | ---- | M] () -- C:\Users\Administrator.mattsolari-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/03 17:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 17:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 17:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 17:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 17:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/03 17:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 17:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 17:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/28 18:48:22 | 000,000,013 | ---- | C] () -- C:\Users\Administrator.mattsolari-PC\AppData\Roaming\mbam.context.scan
[2012/07/28 13:34:12 | 000,019,968 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\800000cb.@
[2012/07/28 13:28:13 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\kxii.sys
[2012/07/28 13:24:21 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/28 13:08:46 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@
[2012/07/26 18:01:18 | 2075,336,704 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/26 17:45:44 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/26 17:43:40 | 000,000,680 | ---- | C] () -- C:\Users\Administrator.mattsolari-PC\AppData\Local\d3d9caps.dat
[2012/07/24 22:58:11 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/24 22:57:40 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/19 18:51:38 | 000,000,943 | ---- | C] () -- C:\Users\Administrator.mattsolari-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/07 11:45:02 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@
[2012/05/16 19:08:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/17 22:53:12 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2012/01/17 22:53:12 | 000,002,048 | -HS- | C] () -- C:\Users\Fern\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011/08/06 17:18:50 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/03/29 12:42:47 | 000,002,080 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2011/01/12 04:00:56 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BSTRegIT.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2012/07/26 16:49:04 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=8737764F4FD36D6808EE80578409C843 -- C:\Windows\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< End of report >
  • 0

#5
foofoo200
Posted 28 July 2012 - 01:44 PM

foofoo200

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
yes, sorry, iw was microsoft security essentials you are right.

Attached also FYI
  • 0

#6
foofoo200
Posted 28 July 2012 - 01:45 PM

foofoo200

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
attached

Attached Files

  • Attached File  MBR.dat   512bytes   178 downloads

  • 0

#7
Essexboy
Posted 28 July 2012 - 01:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There should be an aswMBR .txt file on the desktop, could you post that

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    DRV - [2012/07/28 13:28:13 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\kxii.sys -- (blfkl)
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
    [2012/07/24 23:03:45 | 000,000,000 | ---D | C] -- C:\a2904bb50e0569e3cfaada
    [2012/07/24 23:03:44 | 000,000,000 | ---D | C] -- C:\308fff14dbdb6e3f56

    :Files
    ipconfig /flushdns /c
    C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
    C:\Users\Fern\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
foofoo200
Posted 28 July 2012 - 02:02 PM

foofoo200

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
attached

Attached Files


  • 0

#9
Essexboy
Posted 28 July 2012 - 02:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thanks
  • 0

#10
foofoo200
Posted 28 July 2012 - 04:14 PM

foofoo200

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 12-07-27.03 - Administrator 28/07/2012 21:52:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1978.905 [GMT 1:00]
Running from: c:\users\Administrator.mattsolari-PC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mattsolari\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\DM.0
c:\windows\XSxS
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 20:02 . 2012-07-28 20:02 -------- d-----w- C:\_OTL
2012-07-28 19:42 . 2012-07-28 19:42 -------- d-----w- c:\programdata\VirtualizedApplications
2012-07-28 17:33 . 2012-07-28 17:33 -------- d--h--w- c:\windows\PIF
2012-07-28 17:31 . 2012-07-28 17:31 -------- d-----w- c:\users\Administrator.mattsolari-PC\AppData\Local\Seven Zip
2012-07-28 13:53 . 2012-07-28 21:05 -------- d-----w- c:\users\Administrator.mattsolari-PC\AppData\Roaming\SoftGrid Client
2012-07-28 13:53 . 2012-07-28 13:53 -------- d-----w- c:\users\Administrator.mattsolari-PC\AppData\Local\SoftGrid Client
2012-07-28 13:51 . 2012-07-28 13:51 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2012-07-28 13:50 . 2012-07-28 13:50 -------- d-----w- c:\windows\PCHEALTH
2012-07-28 13:50 . 2012-07-28 13:50 -------- d-----w- c:\program files\Windows Live
2012-07-28 13:49 . 2012-07-28 13:54 -------- d-----w- c:\users\Administrator.mattsolari-PC\AppData\Roaming\TP
2012-07-28 13:48 . 2012-07-28 13:48 -------- d-----w- c:\users\Administrator.mattsolari-PC\AppData\Local\Windows Live
2012-07-28 13:48 . 2012-07-28 13:48 -------- d-----w- c:\program files\Common Files\Windows Live
2012-07-28 13:34 . 2012-07-28 13:34 -------- d-----w- c:\windows\Sun
2012-07-26 16:45 . 2012-07-26 16:45 -------- d-----w- c:\users\Administrator.mattsolari-PC\AppData\Roaming\Malwarebytes
2012-07-26 16:45 . 2012-07-26 16:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-26 16:45 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 15:36 . 2012-07-26 15:57 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FA834B4-CF59-4BB7-B7BB-ED6A15D78BA5}\offreg.dll
2012-07-24 22:03 . 2012-07-16 01:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FA834B4-CF59-4BB7-B7BB-ED6A15D78BA5}\mpengine.dll
2012-07-24 21:57 . 2012-07-26 16:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-19 17:52 . 2012-07-19 17:52 -------- d-----w- c:\users\Administrator.mattsolari-PC\AppData\Local\Apple
2012-07-19 17:51 . 2012-07-19 17:51 -------- d-----w- c:\users\Administrator.mattsolari-PC\AppData\Local\AOL
2012-07-03 17:45 . 2012-07-03 17:45 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 13:50 . 2011-03-28 17:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-03 16:21 . 2011-03-29 16:03 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-03-29 16:03 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-03-29 16:03 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-03-29 16:03 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2011-03-29 16:03 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-03-29 16:03 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-03-29 16:02 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-03-29 16:02 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-08 16:40 . 2012-06-18 09:30 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E6BE0FC-8B92-4E0F-AA1C-EAE3093FA534}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-26 17:23 1493160 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-26 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-26 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-26 397992]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 07:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-25 18:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 08:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-25 18:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 18:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 21:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-25 18:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-12 22:10 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-06-12 05:17 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 19:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 11:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033820574-4051440754-3240399450-1000Core.job
- c:\users\mattsolari\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 20:30]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033820574-4051440754-3240399450-1000UA.job
- c:\users\mattsolari\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-05 20:30]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033820574-4051440754-3240399450-1001Core.job
- c:\users\Fern\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-21 16:57]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3033820574-4051440754-3240399450-1001UA.job
- c:\users\Fern\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-21 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {2616E301-9414-11DA-8AEB-00B0D099C2B6} - hxxps://bst.environcorp.com/auroraweb/ClientComponents/BSTCOP0400.CAB
DPF: {2A00324E-751C-11D3-A5D3-00C04F7F81E2} - hxxps://bst.environcorp.com/AuroraWeb/ClientComponents/BSTEIT0040.CAB
DPF: {85DAA0B2-F005-11D5-9271-00B0D07DCA5B} - hxxps://bst.environcorp.com/auroraweb/ClientComponents/BSTGUI000013.CAB
DPF: {90C8812D-81C2-45EA-8101-6C6F29835AE8} - hxxps://bst.environcorp.com/AuroraWeb/BSTeInstaller.CAB
DPF: {DB797690-40E0-11D2-9BD5-0060082AE372} - hxxps://bst.environcorp.com/AuroraWeb/BSTeDepFiles.CAB
DPF: {DCFEDB58-DB3F-4DEB-A4C4-D8107FBBDAC3} - hxxps://bst.environcorp.com/AuroraWeb/BSTeReportsCE12.CAB
DPF: {E6671596-1F52-11D3-8162-00C04F8DF62C} - hxxps://bst.environcorp.com/AuroraWeb/AuroraShell.CAB
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-ASORegistryOptimizer - c:\program files\Advanced System Optimizer 3\RegistryOptimizer.exe
AddRemove-My HP Game Console - c:\program files\HP Games\My HP Game Console\Uninstall.exe
AddRemove-Origin - c:\program files\Origin\OriginUninstall.exe
AddRemove-WT034699 - c:\program files\HP Games\Blasterball 3\Uninstall.exe
AddRemove-WT034710 - c:\program files\HP Games\Crystal Maze\Uninstall.exe
AddRemove-WT034713 - c:\program files\HP Games\FATE\Uninstall.exe
AddRemove-WT034714 - c:\program files\HP Games\Fish Tycoon\Uninstall.exe
AddRemove-WT034723 - c:\program files\HP Games\Magic Academy\Uninstall.exe
AddRemove-WT034724 - c:\program files\HP Games\Mah Jong Quest\Uninstall.exe
AddRemove-WT034729 - c:\program files\HP Games\Peggle\Uninstall.exe
AddRemove-WT034730 - c:\program files\HP Games\Penguins!\Uninstall.exe
AddRemove-WT034735 - c:\program files\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT034736 - c:\program files\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT034737 - c:\program files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe
AddRemove-WT034739 - c:\program files\HP Games\Ricochet Lost Worlds\Uninstall.exe
AddRemove-WT034743 - c:\program files\HP Games\Super Granny\Uninstall.exe
AddRemove-WT034744 - c:\program files\HP Games\Tradewinds\Uninstall.exe
AddRemove-WT034747 - c:\program files\HP Games\Virtual Villagers - A New Home\Uninstall.exe
AddRemove-WT035847 - c:\program files\HP Games\Treasure Island\Uninstall.exe
AddRemove-WT035849 - c:\program files\HP Games\Sudoku Quest\Uninstall.exe
AddRemove-WT035854 - c:\program files\HP Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT035860 - c:\program files\HP Games\Gem Shop\Uninstall.exe
AddRemove-WT035865 - c:\program files\HP Games\Slingo Deluxe\Uninstall.exe
AddRemove-WT035877 - c:\program files\HP Games\Ocean Express\Uninstall.exe
AddRemove-WT035883 - c:\program files\HP Games\Insaniquarium Deluxe\Uninstall.exe
AddRemove-WT035888 - c:\program files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe
AddRemove-WT035896 - c:\program files\HP Games\Bricks of Egypt\Uninstall.exe
AddRemove-WT035900 - c:\program files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT035914 - c:\program files\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT035920 - c:\program files\HP Games\Puzzle Express\Uninstall.exe
AddRemove-WT035934 - c:\program files\HP Games\Digby's Donuts\Uninstall.exe
AddRemove-WT036322 - c:\program files\HP Games\Diner Dash\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-28 22:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3033820574-4051440754-3240399450-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3b,4c,
94,19,f6,d2,05,b5,21,97,3f,04,ca,cd,1b
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,85,9a,
82,19,1f,b0,04,80,db,9a,c6,6f,ab,3d,a1
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,3b,1b,4b,e2,e0,
8d,38,7d,a2,01,9a,46,6b,9a,4a,6a,a3,83
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,83,17,
e5,6e,97,43,03,a6,37,d0,a9,2d,95,15,1e
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c3,f8,
a7,51,99,bd,5c,a5,e1,46,e0,cd,49,f5,12
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,3b,1b,8f,83,96,
1c,e3,93,34,00,a1,71,3e,0b,79,28,a0,ae
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,ca,fe,
34,70,03,f4,07,ad,ba,52,2b,fc,41,21,26
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,06,
6c,c4,8d,41,0b,af,e7,92,9a,f5,9a,6d,5e
.
[HKEY_USERS\S-1-5-21-3033820574-4051440754-3240399450-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:85,a8,91,25,d7,65,cd,01
.
[HKEY_USERS\S-1-5-21-3033820574-4051440754-3240399450-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,5d,f8,99,27,43,54,48,aa,18,f8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fa,5d,f8,99,27,43,54,48,aa,18,f8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\SMINST\BLService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2012-07-28 22:19:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 21:18
.
Pre-Run: 43,461,779,456 bytes free
Post-Run: 61,513,437,184 bytes free
.
- - End Of File - - DE551160284EA8DF72FBFE1AFF03B966
  • 0

#11
foofoo200
Posted 28 July 2012 - 04:24 PM

foofoo200

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
just ran malware bytes and there are now no bad files so it has worked - thanks for all your help!!!
  • 0

#12
Essexboy
Posted 29 July 2012 - 02:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now try to update MSES if it fails then do the following :

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#13
Essexboy
Posted 02 August 2012 - 08:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP