Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows did not start to prevent damage

Started by panicpeace , Aug 01 2012 02:23 PM

  • Please log in to reply

#1
panicpeace
Posted 01 August 2012 - 02:23 PM

panicpeace

    Member

  • Member
  • PipPip
  • 69 posts
My windows 7 is experiencing a blue screen upon start up. It states that it would not start to prevent any damage.
It also says:
collecting data for crash dump...
initializing disk for crash dump...
begining dump of physical memory...

Im operating in safemode at the moment. I ran malwarebyts, but can not update it. It found a couple things and deleted them.
Im putting some OTL results up to get the ball rolling.

OTL logfile created on: 8/1/2012 4:09:42 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\James\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 80.21% Memory free
3.08 Gb Paging File | 2.56 Gb Available in Paging File | 83.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 1.11 Gb Free Space | 1.67% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 16:09:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
PRC - [2012/06/15 23:32:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:44 | 000,360,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 23:32:41 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/13 15:47:45 | 008,527,520 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012/06/19 20:39:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/15 23:32:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/06/20 22:35:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/03 17:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 19:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/15 20:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 22:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/17 20:01:04 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\zntport.sys -- (zntport)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\mkhcndo.sys -- (vtdwh)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\tvicport.sys -- (tvicport)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{569FB9F9-09DE-4F66-81DA-190A8CF72318}\MpKsl56be1c68.sys -- (MpKsl56be1c68)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/16 17:38:52 | 000,857,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2011/11/23 16:35:40 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 23:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/03/11 19:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eLock2burnerlockdriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 18:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS436
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 23:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/15 15:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2012/05/04 19:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\extensions
[2012/04/29 21:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/15 23:32:42 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/01 23:05:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/01 23:05:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2011/11/14 18:44:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Installation Diagnostics] C:\Program Files\Brother\Brmfl06a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe File not found
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11g_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A095F0A-4B3D-4C5F-BD3B-2816076F39DA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C6125A7-3A82-4EF4-A9B9-E9D37D20B66A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59672D88-A6CA-44B9-BC9C-EDE9CFC02C79}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD05BD6-FDAA-49AC-BAF3-5A5757893E76}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F1322A6-6BC9-4297-B549-47EBFD794A4C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC98882A-ABF7-44B4-987E-F1ECD0A37409}: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5EF6364-F8E9-40C0-ACDD-5C4548634571}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\Windows\System32\wxvault.dll) - C:\Windows\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/25 00:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 18:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012/07/31 18:05:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\ElevatedDiagnostics
[2012/07/24 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Diagnostics
[2012/07/19 21:55:58 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/07/19 21:55:58 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

========== Files - Modified Within 30 Days ==========

[2012/08/01 16:03:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/01 16:03:33 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 16:02:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/01 16:02:00 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/08/01 08:40:59 | 000,718,352 | ---- | M] () -- C:\Users\James\Desktop\lease.pdf
[2012/07/31 01:08:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 00:38:01 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2012/07/30 22:56:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:56:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:49:42 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2012/07/28 22:38:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2012/07/12 15:35:56 | 000,002,367 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/08/01 08:40:59 | 000,718,352 | ---- | C] () -- C:\Users\James\Desktop\lease.pdf
[2012/07/31 07:00:12 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/05/20 19:32:31 | 000,001,533 | ---- | C] () -- C:\Users\James\.recently-used.xbel
[2012/03/01 17:51:41 | 000,189,352 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/11/13 15:54:23 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/07/28 15:09:15 | 000,000,419 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/28 15:09:15 | 000,000,027 | -H-- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 15:08:49 | 000,000,248 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 15:08:49 | 000,000,093 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2011/07/28 15:08:49 | 000,000,050 | -H-- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/07/28 15:06:50 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/28 15:06:49 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/06/20 15:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/15 15:49:13 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 15:44:58 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/09/14 13:40:39 | 000,031,232 | -H-- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/14 13:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/14 13:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/14 13:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/14 13:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/14 13:32:36 | 000,140,288 | -H-- | C] () -- C:\Windows\System32\igfxtvcx.dll

< End of report >








AND HERE ARE THE EXTRAS:










OTL Extras logfile created on: 8/1/2012 4:09:42 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\James\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 80.21% Memory free
3.08 Gb Paging File | 2.56 Gb Available in Paging File | 83.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 1.11 Gb Free Space | 1.67% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1261694F-380F-42D6-853F-0CAC8FBFD21D}" = rport=139 | protocol=6 | dir=out | app=system |
"{15F77B3E-E128-4AC6-8187-DCA1F62F838A}" = lport=139 | protocol=6 | dir=in | app=system |
"{364647E5-1AAF-4885-A9F1-27EBCB96AB56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F090CE3-A237-4CDE-B2B5-F0DC04325755}" = lport=137 | protocol=17 | dir=in | app=system |
"{8DA4DBE1-5684-4830-A3A3-F14A8E70F7E4}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{923E6C6B-775F-41A5-AEBE-38A12BC0458E}" = rport=138 | protocol=17 | dir=out | app=system |
"{945416C3-91F0-43D9-A79D-E1D23EE68F01}" = rport=445 | protocol=6 | dir=out | app=system |
"{9DE930E4-AC45-4AEC-B4B2-BF887A8EA949}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1594A3B-755B-471F-BE73-7E9B40663BC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{B16F2CF7-7F6E-4B49-9B3D-7FC53EAD4A27}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B7831416-4769-4A30-A3CE-ECD49B8B8E86}" = lport=138 | protocol=17 | dir=in | app=system |
"{B7BFA22C-57DF-46FE-A849-D30D59678EC6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F2120FCA-5A83-46A5-803E-B901DB4A0515}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FA881A82-A720-4E1C-948C-6420FED6B17F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02306FFD-2C78-450C-B1F1-37176B6663FC}" = protocol=6 | dir=in | app=c:\users\james\appdata\roaming\spotify\spotify.exe |
"{09CE6B68-F9E3-446D-A044-73A91F5532A8}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0E979229-E60D-464F-ABFA-F8FE1DE9D201}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{143BE4D5-67AC-4F02-ADC1-E55987D7F916}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1F5D2FA1-A259-4EB5-904D-DE8E5DF7B23C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F7696A9-9663-47AD-991F-89E22C3CAD7F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2AED0C10-12C4-42A7-9DA3-6E14EACC8EB1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering tactics\launchpad.exe |
"{340598EB-BFB5-4F66-91AB-093B3F1D2A4E}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{353336CE-676A-4B0A-BCD4-73E927EEB164}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{3CD1D44B-8483-4F16-8ADB-B75808B72268}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{6C8B11C9-0D76-4B55-92B9-63D46D6F0549}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe |
"{72D0AF6F-BDBE-44FC-B806-2DAE8B82A608}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{74764233-1F97-4762-BFF0-C609858354AE}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{86B95B78-7D18-4A4F-9943-1DA7425492B5}" = protocol=1 | dir=in | [email protected],-28543 |
"{8E00F9DC-7B73-4A71-BAEA-E9AE949A249F}" = protocol=1 | dir=out | [email protected],-28544 |
"{98FE102E-D74E-40FF-BE5D-5ECF9275CD2A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9CBE37ED-65DD-48E1-821E-36383633B9BA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B126251D-DFDD-4C46-913C-3075B33A98AD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C6656FF6-4625-4A7E-AB53-1F4ED101B659}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\panicpeace\team fortress 2\hl2.exe |
"{C755D054-7E63-40BE-9295-DC0737249C47}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{C8316CAC-BE5C-40F5-A25B-C62CC7AB4310}" = protocol=17 | dir=in | app=c:\users\james\appdata\roaming\spotify\spotify.exe |
"{CD62ABAE-9219-4141-9BBF-CF767AC61C0A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D092EEB3-34AF-44B6-B25E-42B349E1DFF9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\magic the gathering tactics\launchpad.exe |
"{D90AD057-4F05-4F04-ADBD-2606026BCB6C}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl06a\faxrx.exe |
"{E2C93D56-59B5-472D-BC78-947F9249AE88}" = protocol=58 | dir=out | [email protected],-28546 |
"{E3E1596D-D328-4A4D-B687-D99E8FD29DCB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\panicpeace\team fortress 2\hl2.exe |
"{F04AD9B0-07BA-4C5F-8218-B2F7098FF52C}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl06a\faxrx.exe |
"{F080B951-D7E3-4969-999A-D1D1FAC03F21}" = protocol=58 | dir=in | [email protected],-28545 |
"{FCC3644C-8A03-4191-BA41-9E0B29828A9C}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe |
"{FCED709E-5765-48C0-B157-E723DB8B5B85}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{031F27C1-A01A-4902-8FC3-4066861E1A20}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{087FDB8F-F53E-4C59-84B5-638BDF706C3C}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"TCP Query User{12734F66-E22E-4CC1-A2D0-50268D496C6C}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{1ED0D27D-5F40-4A54-B0CC-4AFE781DCC03}C:\users\james\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\james\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4B5D1549-E0E4-48F0-AC3F-30FF2E6DC8F9}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{89875AF3-24D8-4FE9-9983-A8E0D684FA6E}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{98FCDDFE-6E95-40C5-BEDD-62086ECA5E6C}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{AD629E03-0972-440C-B5F1-8F218521E15A}C:\program files\steam\steamapps\panicpeace\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\panicpeace\team fortress 2\hl2.exe |
"TCP Query User{CE680F5B-C1D4-49B6-AAB3-8AD82218179F}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{E703B70D-43A0-4ADA-B749-9E0A4FA4A11B}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{F39756C8-E512-4DE6-B802-7259473830CF}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{040A7F7C-00E0-4032-8507-CAF592E224F5}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{30B26155-8B4A-4BEB-9F14-2E9C6472EA26}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{33EA8546-D7FE-4A44-AAAE-F19872AEF452}C:\program files\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{3482E36D-83E2-46F6-A598-3475E1F33575}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{3D1879C3-F8EE-46E8-A27C-A699EE79FD9D}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{4BC8933C-4377-4B67-AE16-691555838395}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"UDP Query User{57BA9560-D3F9-45BB-BC54-22D650119FDC}C:\program files\steam\steamapps\panicpeace\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\panicpeace\team fortress 2\hl2.exe |
"UDP Query User{5FF7DC89-E317-4A33-8FC6-0A3F9726AF40}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{7ACFB3EE-B4FF-42FE-843F-A3128889124C}C:\program files\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{9399E5B1-F6F1-45BD-95B1-C804C2151BA0}C:\program files\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{F2573DAC-7C5F-498E-9445-1FA6DC2AD484}C:\users\james\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\james\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = Fingerprint Sensor Minimum Install
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5CC23DEB-D22A-4345-9CFF-F8C602BCE792}" = Acer eLock Management
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80e1a4ff-e271-4f37-8ff4-7753475b9a44}" = Nero 9 Essentials
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Framework
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{93E3AA65-716B-4CF0-867F-BA86D331ADFE}" = Wave Infrastructure Installer
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E65215B-9DE9-401A-8541-C82FE2D2BC66}" = Acer SmartBoot
"{A1FFD720-0806-40E9-9554-DB22D593FDEF}" = Acer PowerSaver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78190D6-A513-4C5D-BC20-CFE14F1CD5E3}" = Veriton ControlCenter
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Embassy Trust Suite - Acer Edition
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D38FA7FF-84E7-42F7-ACAC-E85DF086F008}" = Acer QuickMigration
"{DC38FAD0-C4A5-436A-9C24-D29BBB8B2AC7}" = upekmsi
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bejeweled 3" = Bejeweled 3
"D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Identity Card" = Identity Card
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"StarCraft II" = StarCraft II
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 440" = Team Fortress 2
"Steam App 620" = Portal 2
"TVWiz" = Intel® TV Wizard
"WinGimp-2.0_is1" = GIMP 2.6.11
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2012 6:58:37 PM | Computer Name = James-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/28/2012 6:58:37 PM | Computer Name = James-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7214220

Error - 7/28/2012 6:58:37 PM | Computer Name = James-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7214220

Error - 7/28/2012 6:58:41 PM | Computer Name = James-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/28/2012 6:58:41 PM | Computer Name = James-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1279

Error - 7/28/2012 6:58:41 PM | Computer Name = James-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1279

Error - 7/28/2012 6:58:42 PM | Computer Name = James-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/28/2012 6:58:42 PM | Computer Name = James-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2293

Error - 7/28/2012 6:58:42 PM | Computer Name = James-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2293

Error - 7/31/2012 6:16:49 PM | Computer Name = James-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 1/25/2012 11:19:35 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description = The tvicport service failed to start due to the following error: %%2

Error - 1/25/2012 11:19:35 PM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description = The zntport service failed to start due to the following error: %%2

Error - 1/25/2012 11:19:51 PM | Computer Name = James-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/25/2012 11:20:14 PM | Computer Name = James-PC | Source = DCOM | ID = 10010
Description =

Error - 1/26/2012 9:48:25 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description = The tvicport service failed to start due to the following error: %%2

Error - 1/26/2012 9:48:25 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description = The zntport service failed to start due to the following error: %%2

Error - 1/26/2012 9:48:39 AM | Computer Name = James-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 1/26/2012 10:15:47 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description = The tvicport service failed to start due to the following error: %%2

Error - 1/26/2012 10:15:47 AM | Computer Name = James-PC | Source = Service Control Manager | ID = 7000
Description = The zntport service failed to start due to the following error: %%2

Error - 1/26/2012 10:16:02 AM | Computer Name = James-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >
  • 0

Advertisements

#2
BlackOxide
Posted 03 August 2012 - 01:44 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi panicpeace,

Can you perform the steps below, then get back to me with the information please....


1)
Can you let me know what the blue screen Stop code is please. When the PC blue screens, you should see a similar screen to the one below. Can you get back to me with the error code that usually begins with 0x. I've highlighted in the example, where the code should be. For example, on the one below the code would be 0x000000D1. If there is a filename listed below it, like gv3.sys in the example, please state this as well.

Posted Image




2)
Can you post the log from the MBAM scan whereby it removed some items. To find the MBAM log, see below....

  • Open MBAM and click the Logs tab at the top
  • They should be in Date/Time order, please choose the log from the previous run whereby those infections were removed, then click Open.
  • Copy and Paste the log into your next reply




3)
Fresh OTL Scan

OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




4)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

If it asks to download the Avast defintions, just click Yes.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image






In your next reply
Please post the contents of...
MBAM log
OTL log
aswMBR log
Blue Screen Error Code
  • 0

#3
panicpeace
Posted 03 August 2012 - 11:55 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
1.
STOP:0x0000008E
ataport.sys

2.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.03

Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 8.0.7601.17514
James :: JAMES-PC [administrator]

7/31/2012 7:08:02 AM
mbam-log-2012-07-31 (07-08-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191983
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|sp (TrojanProxy.Agent) -> Data: C:\Windows\system32\rundll32.exe "C:\Users\James\AppData\Roaming\Adobe\sp.DLL",ServiceMain -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\James\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Quarantined and deleted successfully.

(end)

3.
OTL logfile created on: 8/4/2012 1:24:07 AM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\James\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 58.20% Memory free
3.14 Gb Paging File | 2.01 Gb Available in Paging File | 63.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 1.09 Gb Free Space | 1.64% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 16:09:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/06/15 23:32:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 23:32:41 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012/08/02 08:30:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 20:39:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/15 23:32:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2011/06/20 22:35:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/03 17:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 19:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/15 20:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 22:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/17 20:01:04 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\zntport.sys -- (zntport)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\mkhcndo.sys -- (vtdwh)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\tvicport.sys -- (tvicport)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{569FB9F9-09DE-4F66-81DA-190A8CF72318}\MpKsl56be1c68.sys -- (MpKsl56be1c68)
DRV - [2012/08/04 01:17:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/16 17:38:52 | 000,857,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2011/11/23 16:35:40 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 23:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/03/11 19:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eLock2burnerlockdriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 18:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS436
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 23:32:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/15 15:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2012/05/04 19:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\extensions
[2012/04/29 21:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/15 23:32:42 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/01 23:05:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/01 23:05:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2011/11/14 18:44:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Installation Diagnostics] C:\Program Files\Brother\Brmfl06a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe File not found
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Spotify Web Helper] C:\Users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11g_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A095F0A-4B3D-4C5F-BD3B-2816076F39DA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C6125A7-3A82-4EF4-A9B9-E9D37D20B66A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59672D88-A6CA-44B9-BC9C-EDE9CFC02C79}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD05BD6-FDAA-49AC-BAF3-5A5757893E76}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F1322A6-6BC9-4297-B549-47EBFD794A4C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC98882A-ABF7-44B4-987E-F1ECD0A37409}: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5EF6364-F8E9-40C0-ACDD-5C4548634571}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\Windows\System32\wxvault.dll) - C:\Windows\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/25 00:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 01:17:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/08/02 08:27:25 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/07/31 18:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012/07/31 18:05:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\ElevatedDiagnostics
[2012/07/24 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Diagnostics

========== Files - Modified Within 30 Days ==========

[2012/08/04 01:17:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/08/04 01:17:29 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 01:11:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 01:11:19 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 01:09:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/04 01:09:08 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/08/02 08:30:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 08:40:59 | 000,718,352 | ---- | M] () -- C:\Users\James\Desktop\lease.pdf
[2012/07/31 01:08:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 00:38:01 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2012/07/30 22:56:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:56:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:49:42 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2012/07/28 22:38:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2012/07/12 15:35:56 | 000,002,367 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/08/02 08:30:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/02 08:19:53 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\00000008.@
[2012/08/02 08:19:52 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\80000032.@
[2012/08/02 08:19:52 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\L\00000004.@
[2012/08/02 08:19:51 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\80000000.@
[2012/08/02 08:19:51 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\00000004.@
[2012/08/02 08:19:51 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\000000cb.@
[2012/08/01 08:40:59 | 000,718,352 | ---- | C] () -- C:\Users\James\Desktop\lease.pdf
[2012/07/31 07:00:12 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/05/20 19:32:31 | 000,001,533 | ---- | C] () -- C:\Users\James\.recently-used.xbel
[2012/03/01 17:51:41 | 000,189,352 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/11/13 15:54:23 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/07/28 15:09:15 | 000,000,419 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/28 15:09:15 | 000,000,027 | -H-- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 15:08:49 | 000,000,248 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 15:08:49 | 000,000,093 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2011/07/28 15:08:49 | 000,000,050 | -H-- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/07/28 15:06:50 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/28 15:06:49 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/06/20 15:52:13 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{b09c13de-580b-d878-6290-933d739ae4e6}\@
[2011/06/20 15:52:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\@
[2011/06/20 15:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/15 15:49:13 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 15:44:58 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/09/14 13:40:39 | 000,031,232 | -H-- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/14 13:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/14 13:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/14 13:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/14 13:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/14 13:32:36 | 000,140,288 | -H-- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== LOP Check ==========

[2012/03/22 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/20 19:32:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\gtk-2.0
[2012/07/31 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Spotify
[2012/06/02 16:18:41 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


4.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-04 01:28:11
-----------------------------
01:28:11.580 OS Version: Windows 6.1.7601 Service Pack 1
01:28:11.580 Number of processors: 2 586 0x170A
01:28:11.581 ComputerName: JAMES-PC UserName: James
01:28:16.841 Initialize success
01:29:26.117 AVAST engine defs: 12080301
01:31:09.860 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
01:31:09.863 Disk 0 Vendor: ST3160318AS CC44 Size: 152627MB BusType: 3
01:31:09.865 Disk 0 MBR read successfully
01:31:09.867 Disk 0 MBR scan
01:31:09.871 Disk 0 Windows 7 default MBR code
01:31:09.873 Disk 0 MBR hidden
01:31:09.887 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
01:31:09.906 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
01:31:09.912 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 68046 MB offset 33761280
01:31:09.929 Disk 0 scanning sectors +173119488
01:31:09.985 Disk 0 scanning C:\Windows\system32\drivers
01:31:21.090 Service scanning
01:31:52.845 Modules scanning
01:32:11.681 Disk 0 trace - called modules:
01:32:11.692 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x855e14b1]<<
01:32:11.700 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854fe778]
01:32:11.706 3 CLASSPNP.SYS[8a7c759e] -> nt!IofCallDriver -> [0x85079620]
01:32:11.712 5 ACPI.sys[8a2a23d4] -> nt!IofCallDriver -> \IdeDeviceP2T0L0-4[0x8507c908]
01:32:11.718 \Driver\atapi[0x855a6468] -> IRP_MJ_CREATE -> 0x855e14b1
01:32:15.563 AVAST engine scan C:\Windows
01:32:16.986 AVAST engine scan C:\Windows\system32
01:34:34.911 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
01:35:22.031 AVAST engine scan C:\Windows\system32\drivers
01:35:39.021 AVAST engine scan C:\Users\James
01:41:25.925 File: C:\Users\James\AppData\Local\Temp\1304.tmp **INFECTED** Win32:Alureon-AUQ [Trj]
01:43:00.496 AVAST engine scan C:\ProgramData
01:45:52.214 File: C:\ProgramData\Microsoft\Windows\DRM\BA3.tmp **INFECTED** Win32:Alureon-AUQ [Trj]
01:45:59.101 Scan finished successfully
01:52:32.838 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
01:52:32.843 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"
  • 0

#4
BlackOxide
Posted 04 August 2012 - 01:16 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent, lets start the removal process now :)



1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2012/08/02 08:27:25 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}
C:\Windows\System32\config\systemprofile\AppData\Local\{b09c13de-580b-d878-6290-933d739ae4e6}

:Commands
[purity]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




2)
Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now





In your next reply
Please post the contents of...
OTL log
ComboFix log
  • 0

#5
panicpeace
Posted 05 August 2012 - 04:31 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
OTL logfile created on: 8/5/2012 6:26:22 PM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\James\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 84.95% Memory free
3.55 Gb Paging File | 3.15 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.45 Gb Total Space | 1.17 Gb Free Space | 1.77% Space Free | Partition Type: NTFS
Drive E: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 01:56:59 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/01 16:09:10 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\James\Downloads\OTL.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/04 01:56:59 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012/08/04 01:56:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/02 08:30:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 20:39:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2011/06/20 22:35:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/03 17:53:52 | 000,030,016 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2010/03/30 19:52:34 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/17 18:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/05/15 20:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/05/12 22:07:08 | 000,417,792 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe -- (ASLSvc)
SRV - [2009/02/17 20:01:04 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\zntport.sys -- (zntport)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\mkhcndo.sys -- (vtdwh)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\tvicport.sys -- (tvicport)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{569FB9F9-09DE-4F66-81DA-190A8CF72318}\MpKsl56be1c68.sys -- (MpKsl56be1c68)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/01/16 17:38:52 | 000,857,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2011/11/23 16:35:40 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2010/11/20 08:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 08:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 06:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/15 23:35:44 | 000,237,840 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/03/11 19:31:54 | 000,022,560 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eLock2burnerlockdriver.sys -- (eLock2BurnerLockDriver)
DRV - [2008/03/11 18:03:02 | 000,087,072 | ---- | M] (Acer, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...45u235z47m4r49s
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS436
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/04 01:56:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/15 15:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2012/05/04 19:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\extensions
[2012/04/29 21:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/04 01:56:59 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/01 23:05:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/01 23:05:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2011/11/14 18:44:30 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acer PowerSaver] C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [Acer SmartBoot] C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AutoLockProcess] C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\AutoLockProcess.exe (Acer Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Installation Diagnostics] C:\Program Files\Brother\Brmfl06a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe File not found
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Spotify Web Helper] C:\Users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11g_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A095F0A-4B3D-4C5F-BD3B-2816076F39DA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C6125A7-3A82-4EF4-A9B9-E9D37D20B66A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59672D88-A6CA-44B9-BC9C-EDE9CFC02C79}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD05BD6-FDAA-49AC-BAF3-5A5757893E76}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F1322A6-6BC9-4297-B549-47EBFD794A4C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC98882A-ABF7-44B4-987E-F1ECD0A37409}: DhcpNameServer = 167.206.251.130 167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5EF6364-F8E9-40C0-ACDD-5C4548634571}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\Windows\System32\wxvault.dll) - C:\Windows\System32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/25 00:56:52 | 000,000,046 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2517414903-4262703431-2207850217-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 18:19:22 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/08/05 18:18:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/31 18:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012/07/31 18:05:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\ElevatedDiagnostics
[2012/07/24 17:33:36 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Diagnostics

========== Files - Modified Within 30 Days ==========

[2012/08/05 18:23:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 18:23:21 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 18:21:09 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/08/04 01:52:32 | 000,000,512 | ---- | M] () -- C:\Users\James\Desktop\MBR.dat
[2012/08/04 01:17:29 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 01:09:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/02 08:30:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 08:40:59 | 000,718,352 | ---- | M] () -- C:\Users\James\Desktop\lease.pdf
[2012/07/31 01:08:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 00:38:01 | 000,000,908 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
[2012/07/30 22:56:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:56:39 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 22:49:42 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2012/07/28 22:38:00 | 000,000,856 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
[2012/07/12 15:35:56 | 000,002,367 | ---- | M] () -- C:\Users\James\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/08/04 01:52:32 | 000,000,512 | ---- | C] () -- C:\Users\James\Desktop\MBR.dat
[2012/08/02 08:30:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 08:40:59 | 000,718,352 | ---- | C] () -- C:\Users\James\Desktop\lease.pdf
[2012/07/31 07:00:12 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/05/20 19:32:31 | 000,001,533 | ---- | C] () -- C:\Users\James\.recently-used.xbel
[2012/03/01 17:51:41 | 000,189,352 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/11/13 15:54:23 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/07/28 15:09:15 | 000,000,419 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/28 15:09:15 | 000,000,027 | -H-- | C] () -- C:\Windows\BRPP2KA.INI
[2011/07/28 15:08:49 | 000,000,248 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2011/07/28 15:08:49 | 000,000,093 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2011/07/28 15:08:49 | 000,000,050 | -H-- | C] () -- C:\Windows\System32\bridf06a.dat
[2011/07/28 15:06:50 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2011/07/28 15:06:49 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/06/20 15:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/15 15:49:13 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011/06/15 15:44:58 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\WavXMapDrive.bat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/09/14 13:40:39 | 000,031,232 | -H-- | C] () -- C:\Windows\System32\TSP1.dll
[2010/09/14 13:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll.bak
[2010/09/14 13:40:08 | 000,106,496 | -H-- | C] () -- C:\Windows\System32\bioapi100.dll
[2010/09/14 13:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll.bak
[2010/09/14 13:40:07 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2010/09/14 13:32:36 | 000,140,288 | -H-- | C] () -- C:\Windows\System32\igfxtvcx.dll

========== LOP Check ==========

[2012/03/22 19:14:54 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/20 19:32:58 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\gtk-2.0
[2012/07/31 18:08:03 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Spotify
[2012/06/02 16:18:41 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#6
panicpeace
Posted 05 August 2012 - 05:02 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
It restarted after the combofix and all the .exe seemed to be marked for deletion and didnt work. I restarted again and they worked.

ComboFix 12-08-05.02 - James 08/05/2012 18:37:51.2.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.2242 [GMT -4:00]
Running from: c:\users\James\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\test
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 22:42 . 2012-08-05 22:45 -------- d-----w- c:\users\James\AppData\Local\temp
2012-08-05 22:42 . 2012-08-05 22:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-05 22:42 . 2012-08-05 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 22:19 . 2012-08-05 22:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-05 22:18 . 2012-08-05 22:18 -------- d-----w- C:\_OTL
2012-08-02 12:30 . 2012-08-02 12:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 22:17 . 2012-07-31 22:17 -------- d-----w- c:\program files\Microsoft Games
2012-07-31 22:05 . 2012-07-31 22:05 -------- d-----w- c:\users\James\AppData\Local\ElevatedDiagnostics
2012-07-31 03:01 . 2012-07-31 03:01 110080 ----a-w- c:\programdata\Microsoft\Windows\DRM\BA3.tmp
2012-07-30 04:36 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{569FB9F9-09DE-4F66-81DA-190A8CF72318}\mpengine.dll
2012-07-28 18:52 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-24 21:33 . 2012-07-24 21:33 -------- d-----w- c:\users\James\AppData\Local\Diagnostics
2012-07-20 01:55 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-07-20 01:55 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2012-07-20 01:55 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 02:49 . 2011-06-15 19:44 0 ----a-w- c:\users\James\AppData\Local\WavXMapDrive.bat
2012-07-03 17:46 . 2011-08-11 22:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 05:56 . 2011-06-15 19:49 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-06 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\steam.exe" [2011-12-30 1242448]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
"Spotify Web Helper"="c:\users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-29 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-11-17 261888]
"AutoLockProcess"="c:\program files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe" [2010-06-03 451912]
"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2009-04-17 434176]
"Acer SmartBoot"="c:\program files\Acer\Acer SmartBoot\ASLTray.exe" [2009-05-13 376832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-17 8092192]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-04-19 147328]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2010-04-19 95616]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BRMFCWND.EXE" [2009-05-26 1159168]
"Installation Diagnostics"="c:\program files\Brother\Brmfl06a\Brinstck.exe" [2009-08-18 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-01-13 1081416]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 vtdwh;vtdwh;c:\windows\System32\drivers\mkhcndo.sys [x]
R1 MpKsl56be1c68;MpKsl56be1c68;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{569FB9F9-09DE-4F66-81DA-190A8CF72318}\MpKsl56be1c68.sys [x]
R2 ASLSvc;Acer SmartBoot Service;c:\program files\Acer\Acer SmartBoot\ASLSvc.exe [x]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\DRIVERS\eLock2FSCTLDriver.sys [x]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [x]
R2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\DRIVERS\eLock2BurnerLockDriver.sys [x]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 12:30]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 19:48]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 19:48]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 22:15]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_m275&r=17050611r306p0445u235z47m4r49s
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SetDefPrt - c:\program files\Brother\Brmfl06a\BrStDvPt.exe
SafeBoot-MsMpSvc
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(448)
c:\windows\system32\wvauth.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2012-08-05 18:48:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 22:48
.
Pre-Run: 1,254,154,240 bytes free
Post-Run: 1,077,137,408 bytes free
.
- - End Of File - - 742DC16096649AE5973FEBCAA1DCDA5E
  • 0

#7
BlackOxide
Posted 06 August 2012 - 01:14 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

It restarted after the combofix and all the .exe seemed to be marked for deletion and didnt work. I restarted again and they worked.

Yep, that's nothing to worry about, a restart fixes this, which you did :)


Can you now do the following for me please. The main part of the infection has been sorted though which is good.



1)
Remove Items with ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\System32\drivers\mkhcndo.sys

Driver::
vtdwh


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




2)
Fresh scan with aswMBR

Double click aswMBR.exe to run it.

If it asks to download the Avast defintions, just click No this time.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




3)
Run a Quick Scan with Malwarebytes Anti-Malware (MBAM) after updating...
  • Open MBAM
  • Click the Update tab, then click Check for Updates and let it install any updates if they are available
  • Click the Scanner tab, then make sure Quick Scan is selected and click Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • Post the log that it produces in your next reply




4)
Please download Farbar Service Scanner and run it.
  • Make sure all of the options are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.




In your next reply
Please post the contents of...
ComboFix log
aswMBR log
MBAM log
Farbar Service Scanner log
  • 0

#8
panicpeace
Posted 06 August 2012 - 04:13 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
ComboFix 12-08-05.02 - James 08/06/2012 17:48:29.3.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.2582 [GMT -4:00]
Running from: c:\users\James\Desktop\ComboFix.exe
Command switches used :: c:\users\James\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\System32\drivers\mkhcndo.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\@
c:\windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\L\00000004.@
c:\windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\n
c:\windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\00000004.@
c:\windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\00000008.@
c:\windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\000000cb.@
c:\windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\80000000.@
c:\windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\80000032.@
.
c:\windows\system32\services.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vtdwh
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 21:54 . 2012-08-06 22:06 -------- d-----w- c:\users\James\AppData\Local\temp
2012-08-06 21:54 . 2012-08-06 21:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-06 21:54 . 2012-08-06 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 22:19 . 2012-08-05 22:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-05 22:18 . 2012-08-05 22:18 -------- d-----w- C:\_OTL
2012-08-02 12:30 . 2012-08-02 12:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 22:17 . 2012-07-31 22:17 -------- d-----w- c:\program files\Microsoft Games
2012-07-31 22:05 . 2012-07-31 22:05 -------- d-----w- c:\users\James\AppData\Local\ElevatedDiagnostics
2012-07-31 03:01 . 2012-07-31 03:01 110080 ----a-w- c:\programdata\Microsoft\Windows\DRM\BA3.tmp
2012-07-30 04:36 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{569FB9F9-09DE-4F66-81DA-190A8CF72318}\mpengine.dll
2012-07-28 18:52 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-24 21:33 . 2012-07-24 21:33 -------- d-----w- c:\users\James\AppData\Local\Diagnostics
2012-07-20 01:55 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-07-20 01:55 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2012-07-20 01:55 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 02:49 . 2011-06-15 19:44 0 ----a-w- c:\users\James\AppData\Local\WavXMapDrive.bat
2012-07-03 17:46 . 2011-08-11 22:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 05:56 . 2011-06-15 19:49 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-07-14 . A302BBFF2A7278C0E239EE5D471D86A9 . 259072 . . [6.1.7600.16385] . . c:\windows\System32\services.exe
[7] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-06 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\steam.exe" [2011-12-30 1242448]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
"Spotify Web Helper"="c:\users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-29 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-11-17 261888]
"AutoLockProcess"="c:\program files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe" [2010-06-03 451912]
"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2009-04-17 434176]
"Acer SmartBoot"="c:\program files\Acer\Acer SmartBoot\ASLTray.exe" [2009-05-13 376832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-17 8092192]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-04-19 147328]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2010-04-19 95616]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BRMFCWND.EXE" [2009-05-26 1159168]
"Installation Diagnostics"="c:\program files\Brother\Brmfl06a\Brinstck.exe" [2009-08-18 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-01-13 1081416]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 MpKsl56be1c68;MpKsl56be1c68;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{569FB9F9-09DE-4F66-81DA-190A8CF72318}\MpKsl56be1c68.sys [x]
R2 ASLSvc;Acer SmartBoot Service;c:\program files\Acer\Acer SmartBoot\ASLSvc.exe [x]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\DRIVERS\eLock2FSCTLDriver.sys [x]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [x]
R2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\DRIVERS\eLock2BurnerLockDriver.sys [x]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 12:30]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 19:48]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 19:48]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 22:15]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_m275&r=17050611r306p0445u235z47m4r49s
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(448)
c:\windows\system32\wvauth.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-08-06 18:10:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 22:10
ComboFix2.txt 2012-08-05 22:48
.
Pre-Run: 1,177,571,328 bytes free
Post-Run: 965,455,872 bytes free
.
- - End Of File - - 914899E04E606F5C0FBA34A16527E79B
  • 0

#9
panicpeace
Posted 06 August 2012 - 04:18 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 18:15:40
-----------------------------
18:15:40.602 OS Version: Windows 6.1.7601 Service Pack 1
18:15:40.602 Number of processors: 2 586 0x170A
18:15:40.602 ComputerName: JAMES-PC UserName: James
18:15:44.096 Initialize success
18:16:40.303 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
18:16:40.319 Disk 0 Vendor: ST3160318AS CC44 Size: 152627MB BusType: 3
18:16:40.319 Disk 0 MBR read successfully
18:16:40.334 Disk 0 MBR scan
18:16:40.334 Disk 0 Windows 7 default MBR code
18:16:40.334 Disk 0 MBR hidden
18:16:40.350 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
18:16:40.365 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
18:16:40.365 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 68046 MB offset 33761280
18:16:40.381 Disk 0 scanning sectors +173119488
18:16:40.443 Disk 0 scanning C:\Windows\system32\drivers
18:16:48.446 Service scanning
18:17:10.286 Modules scanning
18:17:17.603 Disk 0 trace - called modules:
18:17:17.618 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x855ea4b1]<<
18:17:17.618 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854f9220]
18:17:17.618 3 CLASSPNP.SYS[8a5ce59e] -> nt!IofCallDriver -> [0x85068918]
18:17:17.634 5 ACPI.sys[8a2a33d4] -> nt!IofCallDriver -> \IdeDeviceP2T0L0-4[0x847ae030]
18:17:17.650 \Driver\atapi[0x855d4920] -> IRP_MJ_CREATE -> 0x855ea4b1
18:17:17.650 Scan finished successfully
18:17:42.703 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
18:17:42.719 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR log 2.txt"
  • 0

#10
panicpeace
Posted 06 August 2012 - 04:41 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.12

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
James :: JAMES-PC [administrator]

8/6/2012 6:19:16 PM
mbam-log-2012-08-06 (18-19-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197033
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

Advertisements

#11
panicpeace
Posted 06 August 2012 - 04:42 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Farbar Service Scanner Version: 06-08-2012
Ran by James (administrator) on 06-08-2012 at 18:42:26
Running from "C:\Users\James\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#12
panicpeace
Posted 06 August 2012 - 07:33 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Then I did a full system scan


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.12

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
James :: JAMES-PC [administrator]

8/6/2012 7:30:57 PM
mbam-log-2012-08-06 (19-30-57).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320167
Time elapsed: 41 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 16
C:\ProgramData\Microsoft\Windows\DRM\BA3.tmp (Rootkit.TDSS.EXPD1) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\assembly\GAC\Desktop.ini.vir (Trojan.0access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\n.vir (Trojan.Zaccess) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\[email protected] (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\[email protected] (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\[email protected] (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\[email protected] (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\[email protected] (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\{b09c13de-580b-d878-6290-933d739ae4e6}\n (Trojan.Zaccess) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08052012_181853\C_Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\n (Trojan.Zaccess) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08052012_181853\C_Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08052012_181853\C_Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08052012_181853\C_Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08052012_181853\C_Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08052012_181853\C_Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08052012_181853\C_Windows\System32\config\systemprofile\AppData\Local\{b09c13de-580b-d878-6290-933d739ae4e6}\n (Trojan.Zaccess) -> Quarantined and deleted successfully.

(end)
  • 0

#13
BlackOxide
Posted 07 August 2012 - 02:06 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Quick questions:

Are you able to boot the PC into Normal Mode now?
Do you have a USB Memory Stick?
  • 0

#14
BlackOxide
Posted 07 August 2012 - 01:04 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Looks like the infection is trying to make a comeback. You can perform these steps in Safe Mode, if Normal Mode is not working properly.


1)
Delete the current copy of ComboFix which is on your Desktop.

Then, download a fresh ComboFix to your Desktop, from one of these locations:

Link 1
Link 2

Do not double click on ComboFix, instead, do the following...

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}
C:\Windows\System32\config\systemprofile\AppData\Local\{b09c13de-580b-d878-6290-933d739ae4e6}

FCopy::
c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe | c:\windows\System32\services.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




2)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Copy and Paste the following into the Custom Scans/Fixes box at the bottom.

    /md5start
services.*
/md5stop
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




3)
RogueKiller

  • Download on the desktop RogueKiller (by tigzy)
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • When the Scan has completed, click the Report button, then copy and paste this log into your next reply.




In your next reply
Please post the contents of...
ComboFix log
OTL log
Roguekiller log
Answer to the questions in the previous post
  • 0

#15
panicpeace
Posted 07 August 2012 - 05:23 PM

panicpeace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
ComboFix 12-08-07.03 - James 08/07/2012 19:08:43.4.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3037.1183 [GMT -4:00]
Running from: c:\users\James\Desktop\ComboFix.exe
Command switches used :: c:\users\James\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{b09c13de-580b-d878-6290-933d739ae4e6}
c:\windows\System32\config\systemprofile\AppData\Local\{b09c13de-580b-d878-6290-933d739ae4e6}
c:\windows\System32\config\systemprofile\AppData\Local\{b09c13de-580b-d878-6290-933d739ae4e6}\@
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --> c:\windows\System32\services.exe
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 23:14 . 2012-08-07 23:14 -------- d-----w- c:\users\James\AppData\Local\temp
2012-08-07 23:14 . 2012-08-07 23:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-07 23:14 . 2012-08-07 23:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 22:19 . 2012-08-05 22:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-05 22:18 . 2012-08-05 22:18 -------- d-----w- C:\_OTL
2012-08-02 12:30 . 2012-08-02 12:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 22:17 . 2012-07-31 22:17 -------- d-----w- c:\program files\Microsoft Games
2012-07-31 22:05 . 2012-07-31 22:05 -------- d-----w- c:\users\James\AppData\Local\ElevatedDiagnostics
2012-07-30 04:36 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{569FB9F9-09DE-4F66-81DA-190A8CF72318}\mpengine.dll
2012-07-28 18:52 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-24 21:33 . 2012-07-24 21:33 -------- d-----w- c:\users\James\AppData\Local\Diagnostics
2012-07-20 01:55 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-07-20 01:55 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2012-07-20 01:55 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 02:49 . 2011-06-15 19:44 0 ----a-w- c:\users\James\AppData\Local\WavXMapDrive.bat
2012-07-03 17:46 . 2011-08-11 22:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 05:56 . 2011-06-15 19:49 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-06 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\Steam\steam.exe" [2011-12-30 1242448]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
"Spotify Web Helper"="c:\users\James\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-29 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-11-17 261888]
"AutoLockProcess"="c:\program files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe" [2010-06-03 451912]
"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2009-04-17 434176]
"Acer SmartBoot"="c:\program files\Acer\Acer SmartBoot\ASLTray.exe" [2009-05-13 376832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-17 8092192]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-04-19 147328]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2010-04-19 95616]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BRMFCWND.EXE" [2009-05-26 1159168]
"Installation Diagnostics"="c:\program files\Brother\Brmfl06a\Brinstck.exe" [2009-08-18 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 MpKsl56be1c68;MpKsl56be1c68;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{569FB9F9-09DE-4F66-81DA-190A8CF72318}\MpKsl56be1c68.sys [x]
R2 ASLSvc;Acer SmartBoot Service;c:\program files\Acer\Acer SmartBoot\ASLSvc.exe [x]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\DRIVERS\eLock2FSCTLDriver.sys [x]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [x]
R2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\DRIVERS\eLock2BurnerLockDriver.sys [x]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 12:30]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 19:48]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-15 19:48]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 22:15]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517414903-4262703431-2207850217-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=veriton_m275&r=17050611r306p0445u235z47m4r49s
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ty45rzpa.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(448)
c:\windows\system32\wvauth.DLL
.
Completion time: 2012-08-07 19:16:20
ComboFix-quarantined-files.txt 2012-08-07 23:16
ComboFix2.txt 2012-08-06 22:10
ComboFix3.txt 2012-08-05 22:48
.
Pre-Run: 725,987,328 bytes free
Post-Run: 733,540,352 bytes free
.
- - End Of File - - 075C34C5B436C93551EC6EFDFBA043DA
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP