Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help With Trojan Horse Patched_C.LZI [Solved]

Started by gbrbob , Aug 29 2012 07:34 PM

  • This topic is locked This topic is locked

#1
gbrbob
Posted 29 August 2012 - 07:34 PM

gbrbob

    Member

  • Member
  • PipPip
  • 26 posts
I've done all i know to do with nothing to show for it. Help. I've run otl and posted it below. Thanks



OTL logfile created on: 8/29/2012 8:58:27 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Rick\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 48.21% Memory free
8.10 Gb Paging File | 5.35 Gb Available in Paging File | 66.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 187.97 Gb Free Space | 66.33% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 7.95 Gb Free Space | 54.28% Space Free | Partition Type: NTFS

Computer Name: RICK-PC | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/29 20:57:18 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
PRC - [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/29 14:16:59 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/29 14:16:52 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/08/29 14:16:44 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/06/03 17:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 16:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 19:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 19:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/15 13:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 18:28:55 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/17 18:28:54 | 012,236,824 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012/08/17 18:28:52 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/17 18:27:23 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/17 18:27:22 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/17 18:27:21 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2008/12/15 00:13:46 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/15 00:13:30 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/11/20 06:21:12 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/09/24 00:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2006/11/02 07:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2012/08/15 20:13:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/05 18:10:14 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/05 18:10:08 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/08 12:06:24 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/12 09:56:48 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/29 14:16:52 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/29 14:16:44 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/05/07 19:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/05 18:11:18 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/06/08 12:06:24 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/06/08 12:05:56 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/29 14:17:02 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/08/29 14:16:59 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 21:49:07 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2008/12/15 00:13:56 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/09 01:12:36 | 008,036,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/12/08 01:32:48 | 000,068,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/11/20 06:20:52 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/10/27 07:21:50 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/04 01:29:22 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/03 04:44:22 | 000,307,456 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2008/09/03 04:44:22 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/09/01 06:19:24 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/09/01 06:15:58 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/11/14 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2012/06/08 12:06:24 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2006/11/02 16:57:04 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pxhelp20.sys -- (PxHelp20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=3090121
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=3090121
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=3090121
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 9C 7A 55 23 0C CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {547EEAAC-3665-4e6c-B326-C622D698543A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7DKUS_en
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80305&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Fun Web Products Plugin Stub (Enabled) = C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/08/29 20:24:41 | 000,444,466 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 15269 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{485816E4-05F1-43FC-A02C-E21C3AFE12B4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B774CAB-65F7-4EAA-A4B4-9E43EDE2483A}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg
O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{527489f8-a895-11de-8e92-0023ae14ecef}\Shell - "" = AutoRun
O33 - MountPoints2\{527489f8-a895-11de-8e92-0023ae14ecef}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/29 20:57:18 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2012/08/29 20:15:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/29 20:15:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/29 20:15:50 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/29 20:11:56 | 004,740,381 | R--- | C] (Swearware) -- C:\Users\Rick\Desktop\ComboFix.exe
[2012/08/29 19:49:36 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\LogMeIn
[2012/08/29 19:49:29 | 000,034,720 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/08/29 19:49:28 | 000,087,488 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/08/29 19:49:28 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2012/08/29 19:49:24 | 000,080,800 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/08/29 19:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2012/08/29 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2012/08/29 19:29:57 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\{06407AD3-52D6-4795-AD4B-529B6C515579}
[2012/08/21 06:49:27 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\{AAFF3BD8-3794-4FA7-B9F5-CE58D54E4FC2}
[2012/08/16 03:27:52 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\{F8741D5E-B7E8-42D4-B2D8-925386D13C9F}
[2012/08/16 03:27:41 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\{B4146E86-D208-439D-AD0F-F17B2CE10A2C}
[2012/08/16 03:04:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/16 03:04:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/16 03:04:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 03:04:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/16 03:04:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/16 03:04:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/16 03:04:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/16 03:04:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/16 03:04:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/16 03:04:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/16 03:04:18 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/16 03:04:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/16 03:04:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 20:20:36 | 000,788,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 20:20:36 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2012/08/15 20:20:31 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll

========== Files - Modified Within 30 Days ==========

[2012/08/29 20:57:18 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2012/08/29 20:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/29 20:40:18 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 20:40:17 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 20:40:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/29 20:40:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/29 20:30:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/29 20:24:41 | 000,444,466 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/29 20:12:00 | 004,740,381 | R--- | M] (Swearware) -- C:\Users\Rick\Desktop\ComboFix.exe
[2012/08/29 19:49:23 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/08/29 19:31:53 | 063,243,004 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/08/29 19:29:49 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/08/29 07:01:40 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/18 17:43:28 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/18 17:43:28 | 000,605,080 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/18 17:43:28 | 000,104,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/16 03:23:49 | 000,404,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 20:13:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 20:13:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/13 11:55:08 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job

========== Files Created - No Company Name ==========

[2012/08/29 19:49:22 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/08/29 19:49:13 | 000,000,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/08/18 19:33:12 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\00000008.@
[2012/08/18 19:32:44 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\000000cb.@
[2012/08/18 19:32:43 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\00000004.@
[2012/08/18 18:41:17 | 000,093,184 | ---- | C] () -- C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000032.@
[2012/08/18 18:41:17 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000064.@
[2012/08/18 18:41:17 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L\00000004.@
[2012/08/18 18:41:16 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000000.@
[2012/01/21 04:03:41 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\@
[2012/01/21 04:03:41 | 000,002,048 | -HS- | C] () -- C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\@
[2009/08/29 14:28:55 | 000,000,732 | ---- | C] () -- C:\Users\Rick\AppData\Local\d3d9caps64.dat
[2009/06/14 09:18:44 | 000,000,680 | ---- | C] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
[2009/02/19 19:23:24 | 000,005,632 | ---- | C] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/18 22:32:57 | 000,001,600 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\wklnhst.dat

< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 30 August 2012 - 01:22 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello gbrbob

Welcome to Geekstogo.

Bit to do in this post, :)

Before you start please download Combofix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Then

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
[2012/08/16 03:04:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 03:04:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

:Files
ipconfig /flushdns /c

:Commands
[CreateRestorePoint]
[ResetHosts]
[emptyflash]
[emptyjava]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

After that

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Immediately after that:

Run ComboFix

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you come back please post:

OTL.txt
aswmbr log
TSSKiller log.txt
ComboFix.txt
  • 0

#3
gbrbob
Posted 30 August 2012 - 06:10 PM

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Well now we have a new problem windows is trying to repair itself after the first reboot. I did forget to mention that i'm also doing this over the internet for someone else who can't do it themselves thru log me in.com So b/c windows is trying to fix itself i can't log back into it for the time being. Any ideas? Thanks
  • 0

#4
emeraldnzl
Posted 30 August 2012 - 07:16 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Well now we have a new problem windows is trying to repair itself after the first reboot.


Let's wait and see whether it is successful. If this was following running the OTL script then it might take a little time. Tell me if the time becomes excessive.

I did forget to mention that i'm also doing this over the internet for someone else who can't do it themselves



Okay then leave the instructions above and we will work at things more slowly.

Once Windows is up and running just do the aswMBR one and post the report back here.
  • 0

#5
gbrbob
Posted 31 August 2012 - 05:31 PM

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-31 19:00:20
-----------------------------
19:00:20.609 OS Version: Windows x64 6.0.6002 Service Pack 2
19:00:20.609 Number of processors: 2 586 0x170A
19:00:20.609 ComputerName: RICK-PC UserName: Rick
19:00:24.003 Initialize success
19:00:32.661 AVAST engine defs: 12083101
19:00:40.690 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:00:40.696 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
19:00:40.745 Disk 0 MBR read successfully
19:00:40.747 Disk 0 MBR scan
19:00:40.752 Disk 0 Windows VISTA default MBR code
19:00:40.761 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:00:40.783 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
19:00:40.805 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
19:00:40.893 Disk 0 scanning C:\Windows\system32\drivers
19:01:08.068 Service scanning
19:01:34.639 Modules scanning
19:01:34.648 Disk 0 trace - called modules:
19:01:34.685 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
19:01:34.694 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a00560]
19:01:34.700 3 CLASSPNP.SYS[fffffa6000fc8c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800457e050]
19:01:36.531 AVAST engine scan C:\Windows
19:01:54.845 AVAST engine scan C:\Windows\system32
19:08:30.435 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:08:43.169 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:13:27.766 AVAST engine scan C:\Windows\system32\drivers
19:14:03.611 AVAST engine scan C:\Users\Rick
19:20:07.859 AVAST engine scan C:\ProgramData
19:26:58.509 Scan finished successfully
19:29:59.317 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat"
19:29:59.320 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt"
  • 0

#6
emeraldnzl
Posted 31 August 2012 - 06:14 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okay let's do the ComboFix one now.

Leave out TDSSKiller.

ComboFix may take a while so tell your friend to be patient and let it do its thing.

Post the log back here.
  • 0

#7
gbrbob
Posted 01 September 2012 - 05:26 AM

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Well i ran combofix the first time and it went thru quick and updated the registry and the program quit. I waited for like 10 mins and looked @ taskmanager and it wasn't running anymore. So i ran it again this time it got stuck half way thru running and all the icons went off the desktop and never came back. The combofix program also just went away. Waited 10 more mins and looked @ taskmanager again and tried to restart the comp, think it's trying to repair itself again. The virus on it seems to be very smart and evasive. I might just have to reinstall windows to get rid of it.
  • 0

#8
emeraldnzl
Posted 01 September 2012 - 12:38 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

The combofix program also just went away. Waited 10 more mins and looked @ taskmanager again and tried to restart the comp, think it's trying to repair itself again.


Yes as I said in my last post ComboFix can take a while... up to an hour or two. Often it doesn't look like it is doing anything for quite long periods. The machine needs to be left while it is doing that; see from my above ComboFix instructions... even a mouse click can interfere with the program.

Now - from what you tell me it looks like ComboFix was trying to do its job. The repairing itself bit seems quite right... needs to be left to work it's way through.

Before we move onto other things let's just try ComboFix again but this time leave the machine and let it do its job. If it does go on for say more than 2 hours come back and tell me.
  • 0

#9
gbrbob
Posted 04 September 2012 - 01:55 PM

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I've asked my friend to mail me the laptop so that i can see everything in person and to be able to shorten the time frame on fixing it. I will run the combofix when i get it and post back. Thanks
  • 0

#10
emeraldnzl
Posted 04 September 2012 - 02:47 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okie dokie. Look forward to hearing from you. :thumbsup:
  • 0

Advertisements

#11
gbrbob
Posted 07 September 2012 - 04:09 PM

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Ok I have the laptop in hand and it continually tries to repair itself which takes awhile only to end in a bsod. I've tried running onboard diagnostics that came with the laptop in the bios to no avail. It seems like i'll have to reload windows. So I have a new question. Do you think I should create a sandbox mode on my own computer so that I can mount the laptop hard drive as an external so that I can pull off files? Would I be able to get rid of the virus b/c none of the files are going to be used by windows on the laptop hd while being an external drive? Thanks
  • 0

#12
emeraldnzl
Posted 07 September 2012 - 04:15 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Ok I have the laptop in hand and it continually tries to repair itself which takes awhile only to end in a bsod.


Are you able to boot to the desktop at all or maybe in safe mode?

If so try running this one on it:

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • Click on Scan

    Posted Image
  • Wait for the scan to finish.
  • The report is created on your desktop.
  • Click on the Delete button

    Posted Image
  • The report is created on your desktop.
  • Next click on the ShortcutsFix button.

    Posted Image
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of all the RKreport.txt files from your desktop in your next Reply.
  • 0

#13
gbrbob
Posted 07 September 2012 - 04:19 PM

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
No I cannot as soon as it starts to load windows it goes to bsod and does a memory dump. I've tried safe mode, command prompt,etc they all have the same effect. Any ideas on the sandbox mode?
  • 0

#14
emeraldnzl
Posted 07 September 2012 - 04:27 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

sandbox mode?


I am not a techie so don't know for sure but here is a link that suggests you would be okay.

We do have some other options we can try if you like.

Here is one:

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
  • 0

#15
gbrbob
Posted 07 September 2012 - 04:49 PM

gbrbob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2012
Ran by SYSTEM at 07-09-2012 18:44:23
Running from D:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [272896 2008-09-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3863040 2008-11-20] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [2037328 2008-08-20] (Dell Inc.)
HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462336 2008-12-14] (IDT, Inc.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2012-06-08] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [446635 2008-06-03] (Creative Technology Ltd.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe [2042208 2011-10-29] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [28738 2001-08-16] (Microsoft® Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Rick\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-01-21] (Google Inc.)
HKU\Rick\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Rick\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Rick\...\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized [26192168 2010-05-13] (Skype Technologies S.A.)
HKU\Rick\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\RunOnce: [OTL] "C:\Users\Rick\Desktop\OTL.exe" [598528 2012-08-29] (OldTimer Tools)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
AppInit_DLLs: avgrssta.dll
IMEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\LogMeInRemoteUser\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rick\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rick\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)

==================== Services ====================

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [88576 2008-12-14] (Andrea Electronics Corporation)
2 avg8emc; C:\PROGRA~2\AVG\AVG8\avgemc.exe [908056 2009-08-29] (AVG Technologies CZ, s.r.o.)
2 avg8wd; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [297752 2009-08-29] (AVG Technologies CZ, s.r.o.)
2 gupdate1c9a572192110f0; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-03-15] (Google Inc.)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-05] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-05] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2012-06-08] (LogMeIn, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe [281600 2008-12-14] (IDT, Inc.)
2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe [2930688 2008-11-20] (Dell Inc.)
2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [x]

==================== Drivers =================================

1 AvgLdx64; C:\Windows\System32\Drivers\AvgLdx64.sys [427016 2009-08-29] (AVG Technologies CZ, s.r.o.)
1 AvgMfx64; C:\Windows\System32\Drivers\AvgMfx64.sys [33416 2009-08-29] (AVG Technologies CZ, s.r.o.)
1 AvgTdiA; C:\Windows\System32\Drivers\AvgTdiA.sys [133640 2009-05-06] (AVG Technologies CZ, s.r.o.)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2012-06-08] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2012-06-08] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2012-06-08] (LogMeIn, Inc.)
3 OA009Ufd; C:\Windows\System32\Drivers\OA009Ufd.sys [168864 2008-09-03] (Creative Technology Ltd.)
3 OA009Vid; C:\Windows\System32\Drivers\OA009Vid.sys [307456 2008-09-03] (Creative Technology Ltd.)
0 PxHelp20; C:\Windows\SysWow64\Drivers\PxHelp20.sys [36624 2006-11-02] (Sonic Solutions)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
4 LMIRfsClientNP; [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-09-07 06:27 - 2012-09-07 06:27 - 00001532 ____A C:\Windows\PFRO.log
2012-09-01 02:56 - 2012-09-01 02:56 - 00000000 ____D C:\ComboFix
2012-08-31 15:29 - 2012-08-31 15:29 - 00002096 ____A C:\Users\Rick\Desktop\aswMBR.txt
2012-08-31 15:29 - 2012-08-31 15:29 - 00000512 ____A C:\Users\Rick\Desktop\MBR.dat
2012-08-31 14:31 - 2012-08-31 14:31 - 00000000 ____D C:\users\LogMeInRemoteUser.Rick-PC
2012-08-31 14:31 - 2011-01-29 13:19 - 00000000 ____D C:\Users\LogMeInRemoteUser.Rick-PC\AppData\Roaming\Mozilla
2012-08-31 14:23 - 2012-08-31 14:24 - 00000000 ____D C:\Users\Rick\AppData\Local\{0E8EFDA9-DFDC-479B-B2C1-BDD88F5CAEEC}
2012-08-30 16:21 - 2012-08-30 16:21 - 00000000 ____D C:\Users\Rick\AppData\Local\{338B037F-01A0-4AF2-B94D-4BBA156EBD39}
2012-08-30 15:26 - 2012-08-30 15:26 - 00000000 ____D C:\_OTL
2012-08-30 12:43 - 2012-08-30 12:43 - 00000000 ____D C:\Users\Rick\AppData\Local\{506D863F-68E4-4206-ACD1-CF01112837D9}
2012-08-29 17:12 - 2012-08-29 17:12 - 00044724 ____A C:\Users\Rick\Desktop\Extras.Txt
2012-08-29 17:10 - 2012-08-30 15:22 - 00084566 ____A C:\Users\Rick\Desktop\OTL.Txt
2012-08-29 16:57 - 2012-08-29 16:57 - 00598528 ____A (OldTimer Tools) C:\Users\Rick\Desktop\OTL.exe
2012-08-29 16:15 - 2012-09-07 10:41 - 00000000 ___SD C:\32788R22FWJFW
2012-08-29 16:15 - 2012-09-07 10:41 - 00000000 ____D C:\Windows\erdnt
2012-08-29 16:15 - 2012-09-07 10:41 - 00000000 ____D C:\Qoobox
2012-08-29 16:11 - 2012-08-29 16:12 - 04740381 ___RA (Swearware) C:\Users\Rick\Desktop\ComboFix.exe
2012-08-29 15:50 - 2012-08-29 15:50 - 00000020 __ASH C:\Users\LogMeInRemoteUser\ntuser.ini
2012-08-29 15:50 - 2011-01-29 13:19 - 00000000 ____D C:\Users\LogMeInRemoteUser\AppData\Roaming\Mozilla
2012-08-29 15:50 - 2009-12-08 19:35 - 00000000 ____D C:\Users\LogMeInRemoteUser\AppData\Roaming\Macromedia
2012-08-29 15:49 - 2012-09-07 10:41 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2012-08-29 15:49 - 2012-09-01 02:41 - 00000000 ____D C:\Users\All Users\LogMeIn
2012-08-29 15:49 - 2012-08-31 14:29 - 00001024 ____A C:\.rnd
2012-08-29 15:49 - 2012-08-29 15:49 - 00000000 ____D C:\Users\Rick\AppData\Local\LogMeIn
2012-08-29 15:49 - 2012-07-05 14:11 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-08-29 15:49 - 2012-07-05 14:10 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-08-29 15:49 - 2012-07-05 14:10 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-08-29 15:49 - 2012-06-08 08:06 - 00072216 ____A (LogMeIn, Inc.) C:\Windows\System32\Drivers\LMIRfsDriver.sys
2012-08-29 15:29 - 2012-08-29 15:30 - 00000000 ____D C:\Users\Rick\AppData\Local\{06407AD3-52D6-4795-AD4B-529B6C515579}
2012-08-21 02:49 - 2012-08-29 02:59 - 00000000 ____D C:\Users\Rick\AppData\Local\{AAFF3BD8-3794-4FA7-B9F5-CE58D54E4FC2}
2012-08-15 23:27 - 2012-08-19 01:40 - 00000000 ____D C:\Users\Rick\AppData\Local\{B4146E86-D208-439D-AD0F-F17B2CE10A2C}
2012-08-15 23:27 - 2012-08-15 23:28 - 00000000 ____D C:\Users\Rick\AppData\Local\{F8741D5E-B7E8-42D4-B2D8-925386D13C9F}
2012-08-15 23:04 - 2012-07-04 06:33 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 23:04 - 2012-06-27 20:10 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 23:04 - 2012-06-27 19:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 23:04 - 2012-06-27 19:28 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 23:04 - 2012-06-27 19:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 23:04 - 2012-06-27 19:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 23:04 - 2012-06-27 19:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 23:04 - 2012-06-27 19:19 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 23:04 - 2012-06-27 19:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 23:04 - 2012-06-27 19:16 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 23:04 - 2012-06-27 19:16 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 23:04 - 2012-06-27 19:14 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 23:04 - 2012-06-27 19:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 23:04 - 2012-06-27 19:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 23:04 - 2012-06-27 19:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 23:04 - 2012-06-27 16:50 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-15 23:04 - 2012-06-27 16:28 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-15 23:04 - 2012-06-27 16:27 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-15 23:04 - 2012-06-27 16:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-15 23:04 - 2012-06-27 16:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-15 23:04 - 2012-06-27 16:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-15 23:04 - 2012-06-27 16:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-15 23:04 - 2012-06-27 16:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-15 23:04 - 2012-06-27 16:12 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-15 23:04 - 2012-06-27 16:10 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-15 23:04 - 2012-06-27 16:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-15 23:04 - 2012-06-27 16:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-15 23:04 - 2012-06-27 16:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-15 23:04 - 2012-06-27 16:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-15 16:20 - 2012-06-29 08:20 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 16:20 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-15 16:20 - 2012-05-11 08:34 - 00788480 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 16:20 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll


==================== 3 Months Modified Files ================================

2012-09-07 11:57 - 2012-04-17 15:21 - 426472011 ____A C:\Windows\MEMORY.DMP
2012-09-07 10:42 - 2006-11-02 04:33 - 83623936 ____A C:\Windows\System32\config\software_previous
2012-09-07 10:42 - 2006-11-02 04:33 - 16515072 ____A C:\Windows\System32\config\system_previous
2012-09-07 10:28 - 2006-11-02 04:33 - 58458112 ____A C:\Windows\System32\config\components_previous
2012-09-07 10:28 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-09-07 06:27 - 2012-09-07 06:27 - 00001532 ____A C:\Windows\PFRO.log
2012-09-01 07:14 - 2006-11-02 04:33 - 04194304 ____A C:\Windows\System32\config\default_previous
2012-09-01 07:14 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-08-31 22:23 - 2009-01-20 18:14 - 01205725 ____A C:\Windows\WindowsUpdate.log
2012-08-31 15:29 - 2012-08-31 15:29 - 00002096 ____A C:\Users\Rick\Desktop\aswMBR.txt
2012-08-31 15:29 - 2012-08-31 15:29 - 00000512 ____A C:\Users\Rick\Desktop\MBR.dat
2012-08-31 14:29 - 2012-08-29 15:49 - 00001024 ____A C:\.rnd
2012-08-30 16:20 - 2009-06-14 05:18 - 00000680 ____A C:\Users\Rick\AppData\Local\d3d9caps.dat
2012-08-30 15:22 - 2012-08-29 17:10 - 00084566 ____A C:\Users\Rick\Desktop\OTL.Txt
2012-08-30 14:56 - 2012-05-02 16:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-30 14:40 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-30 14:40 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-30 14:30 - 2009-07-12 16:23 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-30 12:40 - 2009-07-12 16:23 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-30 12:40 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-29 20:45 - 2006-11-02 07:42 - 00032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-29 17:12 - 2012-08-29 17:12 - 00044724 ____A C:\Users\Rick\Desktop\Extras.Txt
2012-08-29 16:57 - 2012-08-29 16:57 - 00598528 ____A (OldTimer Tools) C:\Users\Rick\Desktop\OTL.exe
2012-08-29 16:12 - 2012-08-29 16:11 - 04740381 ___RA (Swearware) C:\Users\Rick\Desktop\ComboFix.exe
2012-08-29 15:50 - 2012-08-29 15:50 - 00000020 __ASH C:\Users\LogMeInRemoteUser\ntuser.ini
2012-08-29 15:29 - 2009-06-14 04:40 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
2012-08-29 03:01 - 2009-04-17 14:56 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-18 13:43 - 2006-11-02 04:46 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-15 23:23 - 2006-11-02 07:21 - 00404352 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 23:00 - 2006-11-02 04:35 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-08-15 16:13 - 2012-05-02 16:31 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 16:13 - 2011-06-13 08:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-13 07:55 - 2009-03-01 11:39 - 00000398 ____A C:\Windows\Tasks\EasyShare Registration Task.job
2012-07-23 09:26 - 2009-02-18 18:32 - 00001600 ____A C:\Users\Rick\AppData\Roaming\wklnhst.dat
2012-07-05 14:11 - 2012-08-29 15:49 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-07-05 14:10 - 2012-08-29 15:49 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-07-05 14:10 - 2012-08-29 15:49 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-07-04 06:33 - 2012-08-15 23:04 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-29 08:20 - 2012-08-15 16:20 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-06-29 08:01 - 2012-08-15 16:20 - 00467968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-06-27 20:10 - 2012-08-15 23:04 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-27 19:39 - 2012-08-15 23:04 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-27 19:28 - 2012-08-15 23:04 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-27 19:22 - 2012-08-15 23:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-27 19:21 - 2012-08-15 23:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-27 19:20 - 2012-08-15 23:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-27 19:19 - 2012-08-15 23:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-27 19:17 - 2012-08-15 23:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-27 19:16 - 2012-08-15 23:04 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-27 19:16 - 2012-08-15 23:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-27 19:14 - 2012-08-15 23:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-27 19:13 - 2012-08-15 23:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-27 19:12 - 2012-08-15 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-27 19:08 - 2012-08-15 23:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-27 16:50 - 2012-08-15 23:04 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-27 16:28 - 2012-08-15 23:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-27 16:27 - 2012-08-15 23:04 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-27 16:19 - 2012-08-15 23:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-27 16:18 - 2012-08-15 23:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-27 16:18 - 2012-08-15 23:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-27 16:16 - 2012-08-15 23:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-27 16:13 - 2012-08-15 23:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-27 16:12 - 2012-08-15 23:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-27 16:10 - 2012-08-15 23:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-27 16:08 - 2012-08-15 23:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-27 16:08 - 2012-08-15 23:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-27 16:07 - 2012-08-15 23:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-27 16:04 - 2012-08-15 23:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-18 08:30 - 2012-06-18 08:09 - 05827983 ____A C:\Users\Rick\Documents\instructor guide.xps
2012-06-18 08:27 - 2012-06-18 08:26 - 05827983 ____A C:\Users\Rick\Documents\insturctor guide.xps
2012-06-18 05:36 - 2012-06-18 05:36 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-18 05:28 - 2012-06-18 05:28 - 00001758 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-18 05:26 - 2012-05-02 14:12 - 00001866 ____A C:\Users\Public\Desktop\Safari.lnk


ZeroAccess:
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L\00000004.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L\201d3dde
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\00000004.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\00000008.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\000000cb.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000000.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000032.@
C:\Windows\Installer\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U\80000064.@

ZeroAccess:
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\@
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\L
C:\Users\Rick\AppData\Local\{0821d87c-b90d-d0e3-33ca-fe12b6dac087}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-06-22 13:16:00
Restore point made on: 2012-06-22 13:16:42
Restore point made on: 2012-06-22 13:17:46
Restore point made on: 2012-06-22 13:18:51
Restore point made on: 2012-06-24 07:09:08
Restore point made on: 2012-06-26 15:51:05
Restore point made on: 2012-07-02 18:32:27
Restore point made on: 2012-07-08 04:29:41
Restore point made on: 2012-07-11 06:19:57
Restore point made on: 2012-07-11 23:00:45
Restore point made on: 2012-07-15 12:27:02
Restore point made on: 2012-07-23 09:30:25
Restore point made on: 2012-07-23 09:38:30
Restore point made on: 2012-07-26 14:18:01
Restore point made on: 2012-07-26 14:19:21
Restore point made on: 2012-07-26 14:20:00
Restore point made on: 2012-07-30 13:11:28
Restore point made on: 2012-08-02 17:39:26
Restore point made on: 2012-08-04 05:25:18
Restore point made on: 2012-08-04 05:27:41
Restore point made on: 2012-08-09 18:00:12
Restore point made on: 2012-08-15 16:15:10
Restore point made on: 2012-08-15 23:00:31
Restore point made on: 2012-08-18 13:40:45
Restore point made on: 2012-08-29 15:48:51
Restore point made on: 2012-08-30 15:26:58
Restore point made on: 2012-08-31 14:28:55

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 4057.45 MB
Available physical RAM: 3626.84 MB
Total Pagefile: 3931.09 MB
Available Pagefile: 3601.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions ============================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:190.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
8 Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.95 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1910 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 15 GB 40 MB
Partition 3 Primary 283 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1909 MB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D FAT32 Removable 1909 MB Healthy

==================================================================================

Last Boot: 2012-08-31 15:02

==================== End Of Log =============================
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP