Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ZeroAccess.eh Trojan & Lots of messages saying file infected [Sol

Started by khphoto1 , Sep 24 2013 02:04 PM

  • This topic is locked This topic is locked

#16
khphoto1
Posted 26 September 2013 - 01:02 PM

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
The directory is invalid!!!
  • 0

Advertisements

#17
Essexboy
Posted 26 September 2013 - 01:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you save the fixlist to the USB drive ? As that is where you are running FRST from
  • 0

#18
khphoto1
Posted 26 September 2013 - 01:12 PM

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Yes, but
I am now on the desktop computer and it is giving me problems downloading files. I'll have to go back to my laptop and redownload. This desktop has another program (McAfee) which is saying FRst is not a commonly downloaded file. It let me download, but this desktop is now giving me the error message 'invalid' drive. I have to leave now. I'll post back after 7pm my time (4 hrs from now).
  • 0

#19
Essexboy
Posted 26 September 2013 - 01:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there is no need to download it again

Open notepad and copy all the text in the code box below to notepad
Save the notepad file as fixlist to the USB
Then run FRST from the USB and press fix 

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{9a662039-ac21-56da-a4d9-a465d89b88f6}\ \...\???\{9a662039-ac21-56da-a4d9-a465d89b88f6}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Users\Owner\AppData\Local\Google\Desktop
C:\Program Files\Google\Desktop

  • 0

#20
khphoto1
Posted 26 September 2013 - 05:04 PM

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Here is more information. I cannot run FRST from the usb drive. It is reporting that the directory is invalid. This is why I was going to download it again from another computer to a fresh flash drive. Could I try copying the two files from my laptop to a CD? Other problems include not being able to delete any files because the recycle bin is corrupted. To work around that problem I've been renaming files. Is this a registry problem? Could I just edit the registry directly? Should I try running these from Safe Mode? Should I disable McAfee?
  • 0

#21
Essexboy
Posted 27 September 2013 - 06:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No it is not a registry problem, it is the reparse points and the service. Disable McAfee and ensure that FRST is saved to the desktop and also the fixlist is on the desktop. They will not work from a temporary directory
  • 0

#22
khphoto1
Posted 27 September 2013 - 07:22 PM

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Family emergency, going out of town. I will test and reconnect after Thursday Oct 3rd. Do I need to start a new 'ticket' or continue this one?
Thank You.
  • 0

#23
Essexboy
Posted 28 September 2013 - 07:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No continue here I will keep monitoring

Hope things are not too bad
  • 0

#24
khphoto1
Posted 09 October 2013 - 01:31 PM

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I am back. I still could not get around 'Invalid directory' so I looked for more solutions on the internet for this problem. Found a recommendation to run Malwarebytes. I downloaded and ran it, it fixed the Invalid directory. I am now running the FRST program and have been for the last 2 hours. Is it stuck or can it run like a full scan and take overnight to complete?
  • 0

#25
Essexboy
Posted 09 October 2013 - 01:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK stop FRST as that is way too long

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    [img width=426 height=293]http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png[/img]

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

Advertisements

#26
khphoto1
Posted 09 October 2013 - 02:43 PM

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Here is the combo fix log, What next?

ComboFix 13-10-09.01 - Owner 10/09/2013 16:11:57.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2036.728 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\24x7Help
c:\program files\24x7Help\24x7desk.64.dll
c:\program files\24x7Help\24x7desk.dll
c:\program files\24x7Help\App24x7Help.exe
c:\program files\24x7Help\App24x7Hook.dll
c:\program files\24x7Help\App24x7Hook.exe
c:\program files\24x7Help\App24x7Svc.exe
c:\program files\24x7Help\unins000.dat
c:\program files\24x7Help\unins000.exe
c:\program files\24x7Help\unins000.msg
c:\program files\Google\Desktop\Install
c:\program files\Google\Desktop\Install\{9a662039-ac21-56da-a4d9-a465d89b88f6}\0103~1\7154~1\CFFE~1\{9a662039-ac21-56da-a4d9-a465d89b88f6}\@
c:\program files\Google\Desktop\Install\{9a662039-ac21-56da-a4d9-a465d89b88f6}\0103~1\7154~1\CFFE~1\{9a662039-ac21-56da-a4d9-a465d89b88f6}\U\00000001.@
c:\program files\Google\Desktop\Install\{9a662039-ac21-56da-a4d9-a465d89b88f6}\0103~1\7154~1\CFFE~1\{9a662039-ac21-56da-a4d9-a465d89b88f6}\U\00000002.@
c:\program files\Google\Desktop\Install\{9a662039-ac21-56da-a4d9-a465d89b88f6}\0103~1\7154~1\CFFE~1\{9a662039-ac21-56da-a4d9-a465d89b88f6}\U\80000000.@
c:\program files\Google\Desktop\Install\{9a662039-ac21-56da-a4d9-a465d89b88f6}\0103~1\7154~1\CFFE~1\{9a662039-ac21-56da-a4d9-a465d89b88f6}\U\80000001.@
c:\program files\Google\Desktop\Install\{9a662039-ac21-56da-a4d9-a465d89b88f6}\0103~1\7154~1\CFFE~1\{9a662039-ac21-56da-a4d9-a465d89b88f6}\U\800000cb.@
c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help
c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\24x7 Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\24x7Help.org.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\24x7 Help\Uninstall 24x7 Help.lnk
c:\users\Owner\AppData\Local\Google\Desktop\Install
c:\users\Owner\AppData\Local\Google\Desktop\Install\{9a662039-ac21-56da-a4d9-a465d89b88f6}\C3C1~1\01C8~1\CFFE~1\{9a662039-ac21-56da-a4d9-a465d89b88f6}\@
c:\users\Owner\AppData\Roaming\24x7 Help
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7_UploaderDark01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7bubble_Left.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7bubble_Right.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7bubble_X00.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7bubble_X01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7bubble_X02.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_Back00.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_PhoneIcon.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsActive.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsBack.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsHover.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7logoNew_dark01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\24x7man_dark01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\ArrowSmall.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\ArrowSmallHot.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\bubble.xml
c:\users\Owner\AppData\Roaming\24x7 Help\skin\Hardware_Icon.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\HotInactiveTabLeft.bmp
c:\users\Owner\AppData\Roaming\24x7 Help\skin\HotInactiveTabRight.bmp
c:\users\Owner\AppData\Roaming\24x7 Help\skin\MainImg_SettingsDark01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon00_Dark01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon01_Dark01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon00_Dark01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon01_Dark01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\OK_IconGreen01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\PeriodicSystemCheckBubble.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\Phones_Icon.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\PushedInactiveTabLeft.bmp
c:\users\Owner\AppData\Roaming\24x7 Help\skin\PushedInactiveTabRight.bmp
c:\users\Owner\AppData\Roaming\24x7 Help\skin\Security_Icon.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\skin.xml
c:\users\Owner\AppData\Roaming\24x7 Help\skin\Software_Icon.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow00.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\Warning_Icon01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\Warning_IconOrange01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\Warning_IconRed01.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\WhiteTabLeft.png
c:\users\Owner\AppData\Roaming\24x7 Help\skin\WhiteTabRight.png
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\Microsoft At Home.url
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_24x7HelpSvc
-------\Service_24x7HelpSvc
.
.
((((((((((((((((((((((((( Files Created from 2013-09-09 to 2013-10-09 )))))))))))))))))))))))))))))))
.
.
2013-10-09 18:31 . 2013-10-09 18:31 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-10-09 18:30 . 2013-10-09 18:30 -------- d-----w- c:\programdata\Malwarebytes
2013-10-09 18:30 . 2013-10-09 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-09 18:30 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-09 17:28 . 2013-10-09 17:28 -------- d-----w- C:\201689a5e95814bd39
2013-10-09 17:16 . 2013-10-09 17:16 -------- d-----w- c:\windows\Logs
2013-09-26 17:57 . 2013-09-26 18:00 1089329 ----a-w- c:\users\Owner\AppData\Roaming\Microsoft\Windows\Network Shortcuts\FRST.exe
2013-09-26 16:43 . 2013-09-26 16:43 -------- d-----w- C:\FRST
2013-09-18 07:00 . 2013-09-18 07:01 -------- d-----w- C:\c70df3d1364b32f65251fb52e695db7c
2013-09-18 00:55 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-02 04:09 . 2013-08-30 18:31 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-27 00:08 . 2013-07-27 00:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-27 00:08 . 2013-05-07 15:45 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-27 00:08 . 2013-05-07 15:45 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-17 19:41 . 2013-08-17 18:20 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-01-24 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
2013-07-03 02:40 831624 ----a-w- c:\progra~1\REBATE~1\RebateI.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-01 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-01 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-01 138008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-05-08 1261568]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-01-24 1646216]
"InboxToolbar"="c:\program files\Inbox Toolbar\Inbox.exe" [2013-02-20 1708696]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-08-20 1874264]
"RegWork"="c:\program files\RegWork\RegWork.exe" [2012-12-25 13780656]
"MapsGalaxy Search Scope Monitor"="c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe" [2013-07-16 44784]
"MapsGalaxy_39 Browser Plugin Loader"="c:\progra~1\MAPSGA~2\bar\1.bin\39brmon.exe" [2013-07-16 30096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2011-8-19 5828952]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-8-20 1175912]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2012\QBW32.EXE -silent [2011-8-20 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2013-03-13 22:40 1278064 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Online Vault]
2013-04-22 09:37 371808 ----a-w- c:\program files\OnlineVault\OVTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPowerSpeed]
2013-01-30 12:00 374880 ----a-w- c:\program files\PCPowerSpeed\PCPowerTray.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-02 15:31]
.
2013-08-19 c:\windows\Tasks\Regwork.job
- c:\program files\RegWork\RegWork.exe [2012-12-25 12:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.tb.ask.com/index.jhtml?n=77DE8857&p2=^UX^xdm002^YYA^us&ptb=F22E24EA-134C-46DC-82ED-25B4E26656DC&si=CPXC27CjtLgCFcKZ4Aodjw4AEQ
mStart Page = hxxp://broadband.zoomtown.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.200.1
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~1\REBATE~1\RebateI.dll
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-24x7HELP - c:\program files\24x7Help\App24x7Help.exe
AddRemove-{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 - c:\program files\24x7Help\unins000.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1104)
c:\program files\McAfee Online Backup\MOBKshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\windows\system32\mfevtps.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\rundll32.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\program files\McAfee Online Backup\MOBKbackup.exe
c:\windows\system32\vssvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\McAfee\MAT\McPvTray.exe
.
**************************************************************************
.
Completion time: 2013-10-09 16:36:36 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-09 20:36
.
Pre-Run: 238,271,856,640 bytes free
Post-Run: 237,825,929,216 bytes free
.
- - End Of File - - 5D194FE0ABC143A231B63185C29D6BC6
5C616939100B85E558DA92B899A0FC36
  • 0

#27
Essexboy
Posted 09 October 2013 - 02:46 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would now like to check what is still to remove

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

#28
khphoto1
Posted 09 October 2013 - 02:46 PM

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I think I got McAfee shut down after I received the second message it was still running. I'm using McAfee Total Protection and it does not have a 'disable' option to turn everything off at once. So I hope I got them all before Combo fix got very far.
  • 0

#29
Essexboy
Posted 09 October 2013 - 02:48 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It killed the main element but a fair bit looks to be left behind, hence the OTL scan :)
  • 0

#30
khphoto1
Posted 09 October 2013 - 03:02 PM

khphoto1

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Here's the OTL text file:

OTL logfile created on: 10/9/2013 4:49:27 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.65% Memory free
4.21 Gb Paging File | 2.80 Gb Available in Paging File | 66.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 221.53 Gb Free Space | 74.33% Space Free | Partition Type: NTFS

Computer Name: BREWER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/09 16:49:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2013/07/16 11:00:49 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/13 18:40:08 | 001,278,064 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2013/02/02 11:31:03 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/09/10 22:08:30 | 000,513,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MAT\McPvTray.exe
PRC - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/08/20 00:49:48 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/19 22:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2007/05/01 01:47:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - [2013/07/16 11:00:49 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe -- (MapsGalaxy_39Service)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2013/02/02 11:31:04 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/09/11 12:12:18 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.287\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/08/31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/08/20 00:49:48 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/19 22:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/19 22:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/19 15:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/02/19 15:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/02/19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/19 15:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 15:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/02/19 15:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/02/19 15:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/02/19 15:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/09/14 17:26:32 | 000,064,832 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\McPvDrv.sys -- (McPvDrv)
DRV - [2012/04/20 17:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010/04/13 21:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.tb.ask...r={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.c...CFcKZ4Aodjw4AEQ
IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 16 64 E0 A8 01 CE 01 [binary data]
IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\..\SearchScopes\{3565FC24-BBA4-4982-9B5D-C22EADEF05F5}: "URL" = http://websearch.ask...0E-FA8ED1062057
IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\..\SearchScopes\{8C2D655D-0429-465F-866B-3940416A6102}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=244&lng=en
IE - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/10/09 13:12:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin [2013/07/16 11:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/10/08 20:13:11 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/10/09 16:31:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MapsGalaxy Search Scope Monitor] C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [RegWork] C:\Program Files\RegWork\RegWork.exe ()
O4 - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000..\Run: [RebateInformer] C:\Program Files\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2883009866-1394541516-4225121613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07A75A5B-EE61-4038-869D-6885E15CDAE1}: DhcpNameServer = 192.168.200.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/09 16:36:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/10/09 16:31:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/10/09 16:28:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2013/10/09 16:05:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/09 16:05:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/09 16:05:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/09 16:03:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/09 16:03:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/09 15:55:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/10/09 15:53:33 | 005,131,844 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/09 14:31:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/10/09 14:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/09 14:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/09 14:30:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/10/09 14:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/09 13:28:21 | 000,000,000 | ---D | C] -- C:\201689a5e95814bd39
[2013/10/09 13:24:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/09 13:24:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/09 13:24:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/09 13:24:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/09 13:24:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/09 13:24:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/09 13:24:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/09 13:24:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/09 13:18:44 | 001,089,329 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST.exe
[2013/10/09 13:16:48 | 000,000,000 | ---D | C] -- C:\Windows\Logs
[2013/10/08 19:48:59 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/08 19:48:59 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/08 19:48:59 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/08 19:48:59 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/08 19:48:58 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/08 19:48:58 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/08 19:48:58 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/08 19:48:58 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/08 19:48:50 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/08 19:48:49 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 19:48:46 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/08 19:48:21 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/08 19:48:20 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/08 19:48:10 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/08 19:48:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/08 19:48:01 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/09/26 14:46:51 | 001,089,329 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\oldfrst.exe
[2013/09/26 12:43:49 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/18 03:00:54 | 000,000,000 | ---D | C] -- C:\c70df3d1364b32f65251fb52e695db7c

========== Files - Modified Within 30 Days ==========

[2013/10/09 16:37:56 | 000,640,408 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/09 16:37:56 | 000,118,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/09 16:37:17 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2013/10/09 16:31:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/09 16:30:42 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 16:30:42 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 16:30:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/09 16:30:11 | 2135,916,544 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/09 15:59:01 | 000,279,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/09 15:53:33 | 005,131,844 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2013/10/09 14:57:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/09 14:30:58 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/26 14:55:12 | 001,089,329 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST.exe
[2013/09/26 14:47:40 | 001,089,329 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\oldfrst.exe
[2013/09/26 13:49:01 | 000,001,141 | ---- | M] () -- C:\Users\Owner\Documents\fix.bat
[2013/09/26 13:27:46 | 000,002,585 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Excel 2007.lnk
[2013/09/24 16:34:55 | 000,002,627 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
[2013/09/22 06:22:59 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/22 06:14:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/22 06:12:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/22 06:09:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/22 06:08:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/22 06:05:42 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/22 06:03:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/22 05:59:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

========== Files Created - No Company Name ==========

[2013/10/09 16:05:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/09 16:05:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/09 16:05:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/09 16:05:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/09 16:05:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/09 14:40:45 | 2135,916,544 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/09 14:30:58 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/26 13:49:01 | 000,001,141 | ---- | C] () -- C:\Users\Owner\Documents\fix.bat
[2013/03/04 20:45:56 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/02/03 15:16:32 | 000,005,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/02 12:47:48 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/02/02 12:47:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/02/02 12:47:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/02/02 12:47:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/02/02 11:15:46 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2013/02/02 11:15:46 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2013/02/02 11:15:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2013/02/02 10:57:37 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 08:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/23 13:03:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OnlineVault
[2013/09/26 13:32:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCPowerSpeed

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 05:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 00:33:44 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 00:33:02 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 00:28:24 | 000,758,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 00:28:20 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 00:28:20 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 00:33:50 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 00:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 00:28:26 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 00:28:20 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 00:34:10 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 00:28:20 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 00:34:36 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 00:28:22 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 00:28:26 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 00:34:50 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 00:35:38 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 00:35:38 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 00:35:40 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 00:35:58 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 00:28:26 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 10:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 00:28:20 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 00:36:16 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 00:28:26 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 00:28:26 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 00:36:22 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 10:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 00:28:28 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 12:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 00:27:50 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 14:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 00:28:26 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 07:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 00:28:24 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 00:28:12 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 00:28:20 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 00:28:20 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 00:36:22 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 00:28:26 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 00:28:22 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 00:28:26 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 00:27:46 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 00:28:26 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 18:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 00:28:20 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 15:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 07:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2006/11/02 09:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 09:01:23 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/02/02 11:31:05 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/02/03 18:03:29 | 000,000,362 | ---- | C] () -- C:\Windows\Tasks\Regwork.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is E236-736E
Directory of C:\
11/02/2006 09:02 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 09:02 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 09:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 09:02 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 09:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 09:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 09:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 09:02 AM <SYMLINKD> All Users [C:\ProgramData]
11/02/2006 09:02 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 09:02 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 09:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 09:02 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 09:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 09:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 09:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 09:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006 09:02 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
11/02/2006 09:02 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
11/02/2006 09:02 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 09:02 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 09:02 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 09:02 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 09:02 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 09:02 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 09:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
11/02/2006 09:02 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 09:02 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 09:02 AM <JUNCTION> My Music [C:\Users\Default\Music]
11/02/2006 09:02 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
11/02/2006 09:02 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Owner
02/02/2013 10:57 AM <JUNCTION> Application Data [C:\Users\Owner\AppData\Roaming]
02/02/2013 10:57 AM <JUNCTION> Cookies [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Cookies]
02/02/2013 10:57 AM <JUNCTION> Local Settings [C:\Users\Owner\AppData\Local]
02/02/2013 10:57 AM <JUNCTION> My Documents [C:\Users\Owner\Documents]
02/02/2013 10:57 AM <JUNCTION> NetHood [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/02/2013 10:57 AM <JUNCTION> PrintHood [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/02/2013 10:57 AM <JUNCTION> Recent [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Recent]
02/02/2013 10:57 AM <JUNCTION> SendTo [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\SendTo]
02/02/2013 10:57 AM <JUNCTION> Start Menu [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu]
02/02/2013 10:57 AM <JUNCTION> Templates [C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Owner\AppData\Local
02/02/2013 10:57 AM <JUNCTION> Application Data [C:\Users\Owner\AppData\Local]
02/02/2013 10:57 AM <JUNCTION> History [C:\Users\Owner\AppData\Local\Microsoft\Windows\History]
02/02/2013 10:57 AM <JUNCTION> Temporary Internet Files [C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Owner\Documents
02/02/2013 10:57 AM <JUNCTION> My Music [C:\Users\Owner\Music]
02/02/2013 10:57 AM <JUNCTION> My Pictures [C:\Users\Owner\Pictures]
02/02/2013 10:57 AM <JUNCTION> My Videos [C:\Users\Owner\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 09:02 AM <JUNCTION> My Music [C:\Users\Public\Music]
11/02/2006 09:02 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
11/02/2006 09:02 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f
11/02/2006 08:35 AM <SYMLINK> MpEvMsg.dll [...]
1 File(s) 65,640 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6000.16386_none_5585eece5b4407f1
11/02/2006 08:34 AM <SYMLINK> MpAsDesc.dll [...]
11/02/2006 08:34 AM <SYMLINK> MsMpLics.dll [...]
11/02/2006 08:34 AM <SYMLINK> MsMpRes.dll [...]
3 File(s) 681,784 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5
11/02/2006 08:34 AM <SYMLINK> MpAsDesc.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpClient.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpCmdRun.exe [...]
01/19/2008 12:38 AM <SYMLINK> MpOAV.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpRtMon.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpRtPlug.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpSigDwn.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpSvc.dll [...]
01/19/2008 12:38 AM <SYMLINK> MSASCui.exe [...]
01/19/2008 12:38 AM <SYMLINK> MsMpCom.dll [...]
11/02/2006 08:34 AM <SYMLINK> MsMpLics.dll [...]
11/02/2006 08:34 AM <SYMLINK> MsMpRes.dll [...]
12 File(s) 3,765,552 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411
11/02/2006 08:34 AM <SYMLINK> MpAsDesc.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpClient.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpCmdRun.exe [...]
01/19/2008 12:38 AM <SYMLINK> MpOAV.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpRtMon.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpRtPlug.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpSigDwn.dll [...]
04/11/2009 12:27 AM <SYMLINK> MpSoftEx.dll [...]
01/19/2008 12:38 AM <SYMLINK> MpSvc.dll [...]
01/19/2008 12:38 AM <SYMLINK> MSASCui.exe [...]
01/19/2008 12:38 AM <SYMLINK> MsMpCom.dll [...]
11/02/2006 08:34 AM <SYMLINK> MsMpLics.dll [...]
11/02/2006 08:34 AM <SYMLINK> MsMpRes.dll [...]
13 File(s) 4,278,552 bytes
Total Files Listed:
29 File(s) 8,791,528 bytes
49 Dir(s) 237,319,090,176 bytes free

< >

< >

< End of report >
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP