Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Virus will not delete

(In Progress)
(!)

frodostwin123's Avatar
frodostwin123   (Aaron) frodostwin123 is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2009
Location: South Dakota
Experience: Beginner
21-Aug-2012, 03:04 PM #1
Virus will not delete
I have noticed that randomly with out a program running (also with programs running) random adds and crap will start playing over my speakers. It caused me to run my malwarebyte's anti malware, it discovered a couple viruses which i had quarantined and deleted. After which the problem persisted and it [mbam] continued to find new viruses. It makes me think I have trojan virus that it is not finding that keeps installing these other viruses. I followed the instructions on this cite and created a hijack this log, and a dds log. I hope they are alright as i do not know exactly how to stop any script blockers and i think some may have been running. Any help with this would be greatly appreciated! Thank you again u guys are always a great help! (After copying the DDS file i realize it is very long. Not sure if it is supposed to be but just a warning. Thank you again!!)
Here are the logs:
Hijack this:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:02:03 AM, on 8/21/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Users\Dunnski\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP...0000211930e49c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7812 bytes

DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Dunnski at 2:02:57 on 2012-08-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3066.1855 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dllhost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\snmptrap.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\svchost.exe -k wcssvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\consent.exe
\\.\globalroot\systemroot\Installer\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\U
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108907&mntrId=0ceee7b500000000000000211930e49c
uDefault_Page_URL = hxxp:\\www.samsungcomputer.com
mDefault_Page_URL = hxxp:\\www.samsungcomputer.com
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\dunnski\appdata\roaming\micros~1\windows\startm~1\programs\startup \onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{74488B41-97C9-4F22-8A94-FA9BA34300DE} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dunnski\appdata\roaming\mozilla\firefox\profiles\7bvn24p7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_Prot
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=108907&mntrId=0ceee7b500000000000000211930e49c&q=
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 0ceee7b500000000000000211930e49c
FF - user.js: extensions.BabylonToolbar_i.hardId - 0ceee7b500000000000000211930e49c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15308
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:09:25
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108907
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2008-9-3 13312]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-8 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-8 22344]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-25 3662848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-17 66592]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2008-9-3 242048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250056]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-21 04:45:35 -------- d-----w- c:\users\dunnski\appdata\local\{40FCFAB8-A046-48A6-9CD2-B597CE407015}
2012-08-20 16:26:56 -------- d-----w- c:\users\dunnski\appdata\local\{FB20A65A-2A6E-4AEE-BA14-E0DD2CA1A4E3}
2012-08-19 05:10:44 -------- d-----w- c:\users\dunnski\appdata\local\{646EDB70-2FC9-42F0-AE80-BA795C4C3F49}
2012-08-18 15:28:09 -------- d-----w- c:\users\dunnski\appdata\local\{32DA416A-E3F0-49A4-97E0-BDA179392AD9}
2012-08-18 15:28:08 -------- d-----w- c:\users\dunnski\appdata\local\{81ED1E9D-5665-40DC-89CB-DA437B8A37F2}
2012-08-15 16:41:48 -------- d-----w- c:\users\dunnski\appdata\local\{3A3F52F2-CFF6-4B26-9B55-924A25375272}
2012-08-15 16:41:47 -------- d-----w- c:\users\dunnski\appdata\local\{13BE341A-8401-4E3F-A452-46803F7DBB53}
2012-08-14 22:55:57 -------- d-----w- c:\users\dunnski\appdata\local\{DC50BBFA-35C5-4DED-B9F0-B9A7C93FAB79}
2012-08-14 22:55:56 -------- d-----w- c:\users\dunnski\appdata\local\{30AA3053-2D93-4D90-AB41-EA91D9F9FF32}
2012-08-14 08:45:12 -------- d-----w- c:\users\dunnski\appdata\local\{6A8FD3B9-DD13-4ED7-9ACE-33970215AE5E}
2012-08-14 08:44:11 -------- d-----w- c:\users\dunnski\appdata\local\{DE032E47-2690-42C5-869A-849227DB9D5B}
2012-08-12 19:11:24 -------- d-----w- c:\users\dunnski\appdata\local\{AD034CF6-63B8-4927-B691-F1B59A567606}
2012-08-12 19:11:23 -------- d-----w- c:\users\dunnski\appdata\local\{165A2ED0-12D1-4C0C-BBD9-81DAD08F829C}
2012-08-10 15:01:11 -------- d-----w- c:\users\dunnski\appdata\local\{A9691FB2-D0B1-410C-A6BF-FC82681ED2B0}
2012-08-10 15:01:10 -------- d-----w- c:\users\dunnski\appdata\local\{895034B4-A0BF-4D5E-8152-D90722FA5E29}
2012-08-08 06:28:00 -------- d-----w- c:\users\dunnski\appdata\local\{C7B4DD25-61B3-4225-B23F-68B3B14B71F3}
2012-08-08 06:27:57 -------- d-----w- c:\users\dunnski\appdata\local\{BBE90476-8D20-4720-BFDD-2532CCA3A369}
2012-08-07 18:05:16 -------- d-----w- c:\users\dunnski\appdata\local\{3CD60E1B-2EA5-46FE-B02B-6F0AB5C2BBA3}
2012-08-07 18:05:15 -------- d-----w- c:\users\dunnski\appdata\local\{BA5C3A86-59D7-4249-8D0E-FE3713DC8E1E}
2012-08-06 09:45:33 -------- d-----w- c:\users\dunnski\appdata\local\{6FF43D00-0792-44B4-A39A-718FC3BD7C2D}
2012-08-06 09:45:31 -------- d-----w- c:\users\dunnski\appdata\local\{A23D7D49-82B4-4DB5-9267-7B8F70CF7749}
2012-08-05 08:05:58 -------- d-----w- c:\users\dunnski\appdata\local\{F16420E1-2BDE-4656-832F-C70FE7870BAB}
2012-08-05 08:05:55 -------- d-----w- c:\users\dunnski\appdata\local\{3AF11204-725C-42FE-BFD4-170EEA3412D9}
2012-08-04 05:05:00 -------- d-----w- c:\users\dunnski\appdata\local\{D4518651-F098-47B2-81EC-2A677D797E0F}
2012-08-04 05:04:59 -------- d-----w- c:\users\dunnski\appdata\local\{85F38C61-1590-4DF8-8741-6869505F3D86}
2012-08-04 05:04:38 -------- d-----w- c:\users\dunnski\appdata\local\{1BB25D1E-6664-44A7-8197-31E77739B21D}
2012-08-03 05:29:56 -------- d-----w- c:\program files\3DO
2012-08-03 05:13:10 -------- d-----w- c:\users\dunnski\appdata\local\{F71D3454-1AA8-44B6-AB68-30694FAE3C0B}
2012-08-03 05:13:09 -------- d-----w- c:\users\dunnski\appdata\local\{A9EFB1A2-73B9-4F60-BEC9-27BC64A27517}
2012-08-02 05:29:16 -------- d-----w- c:\users\dunnski\appdata\local\{9B37256D-8A5F-4508-A656-475BED729286}
2012-08-02 05:29:15 -------- d-----w- c:\users\dunnski\appdata\local\{D50D3D35-BCED-46D8-96CE-9B40C4D5CE23}
2012-08-01 17:29:00 -------- d-----w- c:\users\dunnski\appdata\local\{1CF9A75E-595E-4CCC-B1B8-4BBE36747497}
2012-08-01 17:28:59 -------- d-----w- c:\users\dunnski\appdata\local\{1C937EC8-3A88-4426-BC9B-325A46AD7F13}
2012-08-01 05:28:43 -------- d-----w- c:\users\dunnski\appdata\local\{81249389-D147-43AF-AC46-AC6825D64E48}
2012-07-31 15:48:03 -------- d-----w- c:\users\dunnski\appdata\local\{32318306-AE4C-4DDA-9345-3396F08EEB83}
2012-07-31 15:48:01 -------- d-----w- c:\users\dunnski\appdata\local\{3C8C3C6D-E79D-4869-BA60-7D57041DA24F}
2012-07-31 05:18:50 -------- d-----w- c:\program files\iPod
2012-07-31 05:18:48 -------- d-----w- c:\program files\iTunes
2012-07-31 03:31:47 -------- d-----w- c:\users\dunnski\appdata\local\{6D28221A-64D3-450C-B112-8D4F70EE7E9D}
2012-07-31 03:31:45 -------- d-----w- c:\users\dunnski\appdata\local\{A3C59357-986B-47F1-9BB1-CC74FBA3D8DD}
2012-07-30 15:31:31 -------- d-----w- c:\users\dunnski\appdata\local\{5FE8627B-A109-4010-B988-B2BF273A4FB2}
2012-07-30 15:31:23 -------- d-----w- c:\users\dunnski\appdata\local\{FF70BAA5-84C8-4BDB-AB07-C3CD6D24A4AB}
2012-07-28 05:16:06 -------- d-----w- c:\users\dunnski\appdata\local\{EFB505EA-C419-4633-9BEB-11D329EB0BE5}
2012-07-28 05:16:00 -------- d-----w- c:\users\dunnski\appdata\local\{2141ED01-A2AE-4A07-8F3A-F05D64AD4AAB}
2012-07-27 17:11:55 -------- d-----w- c:\users\dunnski\appdata\local\Macromedia
2012-07-27 14:41:48 -------- d-sh--w- c:\users\dunnski\appdata\roaming\63b8c22
2012-07-27 14:39:37 -------- d-----w- c:\users\dunnski\appdata\local\visi_coupon
2012-07-27 14:24:23 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5609ead1-cee4-4740-8953-2f4bf67ddd05}\mpengine.dll
2012-07-27 14:13:23 -------- d-----w- c:\users\dunnski\appdata\local\{47C20F34-34EA-46F4-8288-E723CA9AFA97}
2012-07-27 14:13:22 -------- d-----w- c:\users\dunnski\appdata\local\{36EBCDA1-2A62-44AD-9272-BBB49AC680E3}
2012-07-26 16:36:23 -------- d-----w- c:\users\dunnski\appdata\local\{54C43950-28ED-4875-B4E2-625AF7BB93A1}
2012-07-26 16:36:22 -------- d-----w- c:\users\dunnski\appdata\local\{B40E8BD7-D80E-4B54-8498-CECCC185485A}
2012-07-25 18:47:09 -------- d-----w- c:\users\dunnski\appdata\local\{13F531C3-E748-45B8-AE89-C559E5589B25}
2012-07-25 18:47:07 -------- d-----w- c:\users\dunnski\appdata\local\{64CA3745-D51B-4C13-92BF-ADE1DD4C583B}
2012-07-25 05:22:16 -------- d-----w- c:\users\dunnski\appdata\local\{A8785CFA-0657-48FB-9DC6-2A799304D932}
2012-07-25 05:22:14 -------- d-----w- c:\users\dunnski\appdata\local\{3BE45EC5-8793-4E04-963E-B16A09E64478}
2012-07-24 17:20:47 -------- d-----w- c:\users\dunnski\appdata\local\{7E0C6ED4-70D0-48A7-9564-FB09AFD5FE95}
2012-07-24 17:20:45 -------- d-----w- c:\users\dunnski\appdata\local\{E42B44EE-EBF1-4EEF-BCB8-83164301E0C0}
.
==================== Find3M ====================
.
2012-08-15 17:04:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 17:04:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 2:04:39.16 ===============
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
25-Aug-2012, 12:49 AM #2
Hello frodostwin123 and Welcome to Tech Support Guy!
My name is Gizzy and I'll be glad to help you with your malware problems.

Please note the following while we work:
  • The fixes are specific to your problem and should only be used for this issue on this computer.
  • Perform all actions in the order given.
  • If you don't know or understand something stop and ask! Don't keep going on.
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please DO NOT run any tools or scans unless I ask you to.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
  • The process is not instant, Please continue to respond to this thread until I give you the All Clean!. Absence of symptoms does not mean that everything is clear.
  • Topics not replied to within 3 days will be removed from my Subscribed Threads List.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - Vista


UAC Advice
  • All applications I ask to be used will require to be run in Administrator mode. i.e. Right-click on and select Run as administrator.
  • The Operating System (Windows Vista) in use comes with an inbuilt utility called User Account Control (UAC).
  • When prompted by this with anything I ask you to carry out please select the option Allow.


Download and run OTL
  1. Download OTL to your desktop.
  2. Right-click on OTL.exe and select Run as administrator to run it. Make sure all other windows are closed and let it run uninterrupted.
  3. Check the box beside Scan All Users
  4. Ensure Use SafeList is selected under Extra Registry
  5. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  7. Please copy (Edit > Select All -- Edit > Copy) the contents of these files, one at a time, and post them with your next reply.


Gmer Rootkit Scanner
Download GMER Rootkit Scanner from here & save it to your desktop.
  1. Right-click the .exe file and select Run as administrator. If asked to allow gmer.sys driver to load, please consent
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  3. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

      Click the image to enlarge it
  4. Then click the Scan button & wait for it to finish
  5. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  6. Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.


Please reply with:
  • OTL logs (OTL.txt and Extras.txt)
  • Gmer log
frodostwin123's Avatar
frodostwin123   (Aaron) frodostwin123 is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2009
Location: South Dakota
Experience: Beginner
27-Aug-2012, 11:01 PM #3
I was just replying to let you know that I got your post and I am downloading and running the programs tonight! I appreciate your speedy reply!
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
28-Aug-2012, 01:06 AM #4
Thanks for letting me know, Post the logs when ready.
frodostwin123's Avatar
frodostwin123   (Aaron) frodostwin123 is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2009
Location: South Dakota
Experience: Beginner
28-Aug-2012, 03:49 AM #5
Ok, i have the Logs that u want. First up is the OTL:
OTL logfile created on: 8/28/2012 12:14:22 AM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dunnski\Desktop\Virus Cleaning
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.39% Memory free
6.18 Gb Paging File | 5.09 Gb Available in Paging File | 82.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.88 Gb Total Space | 14.70 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive D: | 113.00 Gb Total Space | 111.60 Gb Free Space | 98.76% Space Free | Partition Type: NTFS

Computer Name: DUNNSKI-PC | User Name: Dunnski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/27 21:55:24 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Dunnski\Desktop\Virus Cleaning\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/08/19 00:17:04 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/07/10 06:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 06:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/17 01:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008/03/17 22:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/02/11 23:19:52 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/02/11 23:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/07/04 17:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/04/20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2006/08/11 22:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006/08/11 22:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/08/15 12:04:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 00:29:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/28 04:07:09 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/07/10 06:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 06:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/17 22:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/09/01 01:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/08/21 15:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/02/22 19:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/25 16:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/06/05 02:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2008/03/20 22:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/05/23 03:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP...0000211930e49c
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=108907&mntrId=0ceee7b500000000000000211930 e49c
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PF&o=15176&src=crm&q={searchTerms}&locale=&apn_ptnrs= RW&apn_dtid=YYYYYYYYUS&apn_uid=f27d5380-d8a3-402e-91ab-a6863eb681ad&apn_sauid=60CF0B00-D325-4581-8B9C-A37D8FD63727
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\SearchScopes\{F7743156-08A6-EFA8-2B22-C14CE44F71D8}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z214&form=ZGAIDF&install_date=20111130&iesrc={ref errer:source}
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: zigboom@hotmail.com:1.3.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&affID=108907&mntrId=0ceee7b500000000000000211930e49c&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 00:29:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/22 23:40:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 00:29:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/22 23:40:01 | 000,000,000 | ---D | M]

[2010/04/08 17:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Extensions
[2012/07/28 00:23:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\ extensions
[2010/04/28 11:12:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\ extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/21 18:09:51 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\ extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2012/05/25 09:37:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\ extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/17 10:35:12 | 000,000,000 | ---D | M] (ShopToWin20) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\ extensions\{a018b213-6b46-4791-9298-519020db5737}
[2011/11/30 12:19:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\ extensions\ffxtlbr@babylon.com
[2012/06/21 13:27:12 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Users\Dunnski\AppData\Roaming\mozilla\Firefox\Profiles\7bvn24p7.default\ extensions\zigboom@hotmail.com
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Dunnski\AppData\Roaming\Mozilla\Firefox\Profiles\7bvn24p7.default\ searchplugins\askcom.xml
[2011/11/30 04:05:21 | 000,001,945 | ---- | M] () -- C:\Users\Dunnski\AppData\Roaming\Mozilla\Firefox\Profiles\7bvn24p7.default\ searchplugins\bing-zugo.xml
[2011/01/14 03:51:35 | 000,001,832 | ---- | M] () -- C:\Users\Dunnski\AppData\Roaming\Mozilla\Firefox\Profiles\7bvn24p7.default\ searchplugins\bing.xml
[2011/01/24 13:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/28 00:29:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/30 12:09:23 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/29 13:55:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/09 16:48:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2008/12/01 11:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml
[2012/02/29 13:55:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2038148527-1506750683-213658187-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2038148527-1506750683-213658187-1003..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74488B41-97C9-4F22-8A94-FA9BA34300DE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{214552ad-9c85-11e1-a9a9-00211930e49c}\Shell - "" = AutoRun
O33 - MountPoints2\{214552ad-9c85-11e1-a9a9-00211930e49c}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe
O33 - MountPoints2\{a5044f7c-5367-11df-9fdc-00211930e49c}\Shell - "" = AutoRun
O33 - MountPoints2\{a5044f7c-5367-11df-9fdc-00211930e49c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{c5cd986f-7170-11e0-aa8b-00211930e49c}\Shell - "" = AutoRun
O33 - MountPoints2\{c5cd986f-7170-11e0-aa8b-00211930e49c}\Shell\AutoRun\command - "" = F:\LapNetWizard.exe
O33 - MountPoints2\{c5cd9883-7170-11e0-aa8b-00211930e49c}\Shell - "" = AutoRun
O33 - MountPoints2\{c5cd9883-7170-11e0-aa8b-00211930e49c}\Shell\AutoRun\command - "" = F:\LapNetWizard.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/27 22:11:08 | 000,100,864 | ---- | C] (GMER) -- C:\kfliifog.sys
[2012/08/27 12:06:13 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{E2A07169-5F65-4F94-828D-383C579629B4}
[2012/08/24 11:59:06 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{D364EB22-4488-45F6-826D-BDD15065430E}
[2012/08/23 23:58:16 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{74C92A02-69C6-4197-82A5-4E197D4554B0}
[2012/08/23 02:43:41 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{C59BA2C1-3796-4E67-B30F-054ACB51C129}
[2012/08/22 13:07:05 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{09FDA3C0-0BB5-42B6-B136-5584F630DD93}
[2012/08/22 01:07:04 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{19B9B11F-95DA-4879-8FF8-DBDE984C1ED5}
[2012/08/21 13:06:50 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{8F2B4D57-9852-43AC-A699-62BCEE9718C7}
[2012/08/21 02:02:26 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\Desktop\Virus Cleaning
[2012/08/20 23:45:35 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{40FCFAB8-A046-48A6-9CD2-B597CE407015}
[2012/08/20 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{FB20A65A-2A6E-4AEE-BA14-E0DD2CA1A4E3}
[2012/08/19 00:10:44 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{646EDB70-2FC9-42F0-AE80-BA795C4C3F49}
[2012/08/18 10:28:09 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{32DA416A-E3F0-49A4-97E0-BDA179392AD9}
[2012/08/18 10:28:08 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{81ED1E9D-5665-40DC-89CB-DA437B8A37F2}
[2012/08/15 11:41:48 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{3A3F52F2-CFF6-4B26-9B55-924A25375272}
[2012/08/15 11:41:47 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{13BE341A-8401-4E3F-A452-46803F7DBB53}
[2012/08/14 17:55:57 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{DC50BBFA-35C5-4DED-B9F0-B9A7C93FAB79}
[2012/08/14 17:55:56 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{30AA3053-2D93-4D90-AB41-EA91D9F9FF32}
[2012/08/14 03:45:12 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{6A8FD3B9-DD13-4ED7-9ACE-33970215AE5E}
[2012/08/14 03:44:11 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{DE032E47-2690-42C5-869A-849227DB9D5B}
[2012/08/12 14:11:24 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{AD034CF6-63B8-4927-B691-F1B59A567606}
[2012/08/12 14:11:23 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{165A2ED0-12D1-4C0C-BBD9-81DAD08F829C}
[2012/08/10 10:01:11 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{A9691FB2-D0B1-410C-A6BF-FC82681ED2B0}
[2012/08/10 10:01:10 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{895034B4-A0BF-4D5E-8152-D90722FA5E29}
[2012/08/08 01:28:00 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{C7B4DD25-61B3-4225-B23F-68B3B14B71F3}
[2012/08/08 01:27:57 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{BBE90476-8D20-4720-BFDD-2532CCA3A369}
[2012/08/07 13:05:16 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{3CD60E1B-2EA5-46FE-B02B-6F0AB5C2BBA3}
[2012/08/07 13:05:15 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{BA5C3A86-59D7-4249-8D0E-FE3713DC8E1E}
[2012/08/06 04:45:33 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{6FF43D00-0792-44B4-A39A-718FC3BD7C2D}
[2012/08/06 04:45:31 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{A23D7D49-82B4-4DB5-9267-7B8F70CF7749}
[2012/08/05 03:05:58 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{F16420E1-2BDE-4656-832F-C70FE7870BAB}
[2012/08/05 03:05:55 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{3AF11204-725C-42FE-BFD4-170EEA3412D9}
[2012/08/04 00:05:00 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{D4518651-F098-47B2-81EC-2A677D797E0F}
[2012/08/04 00:04:59 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{85F38C61-1590-4DF8-8741-6869505F3D86}
[2012/08/04 00:04:38 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{1BB25D1E-6664-44A7-8197-31E77739B21D}
[2012/08/03 00:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\3DO
[2012/08/03 00:13:10 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{F71D3454-1AA8-44B6-AB68-30694FAE3C0B}
[2012/08/03 00:13:09 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{A9EFB1A2-73B9-4F60-BEC9-27BC64A27517}
[2012/08/02 00:29:16 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{9B37256D-8A5F-4508-A656-475BED729286}
[2012/08/02 00:29:15 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{D50D3D35-BCED-46D8-96CE-9B40C4D5CE23}
[2012/08/01 12:29:00 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{1CF9A75E-595E-4CCC-B1B8-4BBE36747497}
[2012/08/01 12:28:59 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{1C937EC8-3A88-4426-BC9B-325A46AD7F13}
[2012/08/01 00:28:43 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{81249389-D147-43AF-AC46-AC6825D64E48}
[2012/07/31 10:48:03 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{32318306-AE4C-4DDA-9345-3396F08EEB83}
[2012/07/31 10:48:01 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{3C8C3C6D-E79D-4869-BA60-7D57041DA24F}
[2012/07/31 00:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/31 00:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/31 00:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/31 00:12:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/30 22:31:47 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{6D28221A-64D3-450C-B112-8D4F70EE7E9D}
[2012/07/30 22:31:45 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{A3C59357-986B-47F1-9BB1-CC74FBA3D8DD}
[2012/07/30 10:31:31 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{5FE8627B-A109-4010-B988-B2BF273A4FB2}
[2012/07/30 10:31:23 | 000,000,000 | ---D | C] -- C:\Users\Dunnski\AppData\Local\{FF70BAA5-84C8-4BDB-AB07-C3CD6D24A4AB}

========== Files - Modified Within 30 Days ==========

[2012/08/28 00:18:11 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 00:18:11 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 00:11:51 | 000,214,804 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/08/28 00:11:47 | 000,214,804 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/08/28 00:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/27 22:25:47 | 000,663,132 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/27 22:25:47 | 000,126,812 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/27 22:18:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/27 22:17:34 | 311,440,229 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/27 22:11:08 | 000,100,864 | ---- | M] (GMER) -- C:\kfliifog.sys
[2012/08/27 12:05:29 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5072CDDE-7C67-438B-BDF8-4A21E345CDF8}.job
[2012/08/21 01:53:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/15 12:04:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/15 12:04:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/01 03:22:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/31 00:19:57 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/08/20 18:46:01 | 311,440,229 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/19 00:09:54 | 000,020,480 | ---- | C] () -- C:\Windows\Installer\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\U\800000cb.@
[2012/08/01 03:22:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/31 00:19:57 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/27 10:35:35 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\U\80000000.@
[2012/07/27 10:35:34 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\U\00000001.@
[2012/01/13 04:07:29 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\@
[2012/01/13 04:07:29 | 000,002,048 | -HS- | C] () -- C:\Users\Dunnski\AppData\Local\{24d837aa-7a66-8c79-3b77-5f0c85af2dbb}\@
[2011/12/24 12:29:59 | 000,010,384 | -HS- | C] () -- C:\Users\Dunnski\AppData\Local\l443c523yh7jf53j1j6643
[2011/12/24 12:29:59 | 000,010,384 | -HS- | C] () -- C:\ProgramData\l443c523yh7jf53j1j6643
[2011/12/20 18:54:36 | 000,009,704 | -HS- | C] () -- C:\Users\Dunnski\AppData\Local\4a24mk4f80s857
[2011/12/20 18:54:36 | 000,009,704 | -HS- | C] () -- C:\ProgramData\4a24mk4f80s857
[2011/09/05 12:13:53 | 000,001,348 | -HS- | C] () -- C:\Users\Dunnski\AppData\Local\xn2xdnqc6450ys74t7m03esxpb7xc351j56316t557ud
[2011/09/05 12:13:53 | 000,001,348 | -HS- | C] () -- C:\ProgramData\xn2xdnqc6450ys74t7m03esxpb7xc351j56316t557ud
[2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\yfll.exe
[2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\tnoh.exe
[2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\ppab.exe
[2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\iumc.exe
[2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\gjpb.exe
[2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\fhjv.exe
[2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\cihq.exe
[2011/09/05 12:13:52 | 000,000,000 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\bgqc.exe
[2011/06/20 01:51:04 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011/05/11 11:15:05 | 000,000,537 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2011/02/24 22:02:50 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/17 01:45:55 | 000,214,804 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/12/17 01:45:41 | 000,214,804 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/12/11 04:30:53 | 000,000,095 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\fusioncache.dat
[2010/05/12 23:57:44 | 000,020,483 | ---- | C] () -- C:\Users\Dunnski\webadvisor.htm
[2010/05/12 23:27:04 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/03 09:02:54 | 000,015,872 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 01:01:06 | 000,007,808 | ---- | C] () -- C:\Users\Dunnski\AppData\Local\d3d9caps.dat

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB30046$] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB35489$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

Extras:
OTL Extras logfile created on: 8/28/2012 12:14:22 AM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dunnski\Desktop\Virus Cleaning
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.39% Memory free
6.18 Gb Paging File | 5.09 Gb Available in Paging File | 82.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.88 Gb Total Space | 14.70 Gb Free Space | 13.38% Space Free | Partition Type: NTFS
Drive D: | 113.00 Gb Total Space | 111.60 Gb Free Space | 98.76% Space Free | Partition Type: NTFS

Computer Name: DUNNSKI-PC | User Name: Dunnski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7345E8B0-36DA-4E3A-970B-5C3DAD816AC6}_is1" = GRE TestPrep PLUS
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi Software
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ares" = Ares 2.1.5
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2038148527-1506750683-213658187-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/4/2012 7:06:19 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 68297

Error - 3/4/2012 7:06:20 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/4/2012 7:06:20 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 69295

Error - 3/4/2012 7:06:20 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 69295

Error - 3/4/2012 7:06:21 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/4/2012 7:06:21 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 70294

Error - 3/4/2012 7:06:21 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 70294

Error - 3/4/2012 7:06:22 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/4/2012 7:06:22 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 71292

Error - 3/4/2012 7:06:22 PM | Computer Name = Dunnski-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 71292

[ OSession Events ]
Error - 6/6/2011 6:30:04 PM | Computer Name = Dunnski-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 426251
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/27/2012 11:18:09 PM | Computer Name = Dunnski-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:15:32 PM on 8/27/2012 was unexpected.

Error - 8/27/2012 11:18:32 PM | Computer Name = Dunnski-PC | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/27/2012 11:19:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 8/27/2012 11:20:20 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/27/2012 11:20:22 PM | Computer Name = Dunnski-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-28 02:43:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0
Running: zvy0cwxd.exe; Driver: C:\Users\Dunnski\AppData\Local\Temp\kfliifog.sys


---- User code sections - GMER 1.0.15 ----

? C:\Windows\system32\services.exe[636] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000006b bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fe0541
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2f55513
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00211930e49c
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fe0541 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe2f55513 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00211930e49c (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB30046$\317590848 0 bytes
File C:\Windows\$NtUninstallKB30046$\533960050 0 bytes
File C:\Windows\$NtUninstallKB30046$\533960050\L 0 bytes
File C:\Windows\$NtUninstallKB30046$\533960050\U 0 bytes
File C:\Windows\$NtUninstallKB35489$\1748571032 0 bytes
File C:\Windows\$NtUninstallKB35489$\533960050 0 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\@ 2048 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\bckfg.tmp 794 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\cfg.ini 197 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\keywords 0 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\L 0 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\L\qnbwvoto 67072 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\U 0 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\U\00000001.@ 1536 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB35489$\533960050\U\80000032.@ 97792 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\JRKXSZ5Z.txt 433 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\KCZSQ281.txt 184 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\BTAXQVZ6.txt 843 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\BVPRILQN.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\Y5TEMAFK.txt 880 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\6MYK2ZTW.txt 445 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\RZD641WC.txt 1558 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\COZ6U9EB.txt 89 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\ZU0PIFBM.txt 759 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\FB5NYDDX.txt 656 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\FDYY8O3T.txt 782 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\UY3QV5ZH.txt 246 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\4E335CBA.txt 786 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\VUGD347P.txt 173 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\PX3X7Q4E.txt 115 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\Q4WP9H2O.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\0C3U9PWV.txt 179 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\U3J7CB3C.txt 0 bytes

---- EOF - GMER 1.0.15 ----

Ok, followed your instructions to the T. Thanks again! I hope this gives u what u need. I couldn't find my CD's to back up my hard drive though so i stored them on the second hard drive on here...i hope thats safe enough. Give me a heads up if u think something is unstable and could possibly delete my files. Untill then i'll try to find and external to use. Hope your doing well!
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
28-Aug-2012, 09:32 PM #6
Quote:
so i stored them on the second hard drive on here...i hope thats safe enough.
Since they're on a separate hard drive that should be fine.


I'm afraid I have some bad news for you, Your logs show that you have a Zero Access rootkit infection. This infection has remote access capabilities.
It likely came from using the computer without an antivirus program.

Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victims machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more. Please read this article by Roger A. Grimes on Remote Access Trojans it will give you an Idea of the severity of the type of infection you have.

What are Remote Access Trojans and why are they dangerous


You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.


How do I respond to possible identity theft and how do I prevent it


Because of the severity and the capabilities of this type of virus, (it cannot be known what changes to your system it has made or if it opened up other ways into your system) The only responsible course of action I can advise is to reformat your computer and reinstall windows.

Further reading:
When should I do a reformat and reinstallation of my OS
Windows Vista Backup
Restoring your backups with Windows Vista

Some versions of this infection are extremely difficult to remove, and if you opt for us to clean your computer there is a possibility that you may lose connection to the internet, in which case you'll need to have access to another computer so you can contact us. We will of course attempt to resolve the connection issues if they happen, but I can give no guarantee that you may not have to reformat after all.


Please let me know how you would like to proceed.
Should you have any questions please feel free to ask.
frodostwin123's Avatar
frodostwin123   (Aaron) frodostwin123 is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2009
Location: South Dakota
Experience: Beginner
31-Aug-2012, 03:01 PM #7
Ok, thank you for the response. I have been Doing everything else since then on another of computer of mine. Speaking of which is my other computer safe since they are both on the same network? and I have MBAM up on both computers and running although it is not the full version. I have been meaning to completely buy it since it does such a good job but it didn't seemt to catch this virus. If i pay for it and put it on both computers will that be enough? I have a newer version of windows that i'm thinking of putting on my comp and my buddy says that should erase all previous data, does that work? will be doing it later today (in a couple of hours) but i disconnected it from the net. I appreciate all your help and advice. I would like to know if u think this will be sufficient and any other suggestions you have! Thanks a lot!
frodostwin123's Avatar
frodostwin123   (Aaron) frodostwin123 is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2009
Location: South Dakota
Experience: Beginner
31-Aug-2012, 03:04 PM #8
oh and if i haven't accessed things like PayPal or Ebay, are those passwords still at risk?
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
31-Aug-2012, 06:09 PM #9
Quote:
Speaking of which is my other computer safe since they are both on the same network?
If you're not experiencing any symptoms on your other computer it may be fine, But I couldn't say for sure without seeing logs from it.
If you would like me to check, please post logs from that computer using the instructions below.

Download and run OTL
  1. Download OTL to your desktop.
  2. Double-click on OTL.exe to run it. (Right-click and Run as administrator if Windows Vista or 7) Make sure all other windows are closed and let it run uninterrupted.
  3. Check the box beside Scan All Users
  4. Ensure Use SafeList is selected under Extra Registry
  5. Copy and Paste everything from the Code box below into the Custom Scans/Fixes box in OTL
    Code:
    %systemroot%\assembly\GAC_32\*.* /S /MD5
    %systemroot%\assembly\GAC_64\*.* /S /MD5
  6. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  7. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  8. Please copy (Edit > Select All -- Edit > Copy) the contents of these files, one at a time, and post them with your next reply.

TDSSKiller Scan
  1. Please download TDSSKiller and save it to your Desktop.
  2. Double-click on TDSSKiller.exe (Right-click and select Run as administrator if Windows Vista or 7) to launch it.
  3. Click on Change parameters
    • Check Detect TDLFS file system
    • Click OK
  4. Click on Start Scan, The scan will run.
  5. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  6. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  7. To find the log go to Start > Computer > C:
  8. Post the contents of that log in your next reply please.
    DO NOT TRY TO FIX ANYTHING AT THIS POINT


Quote:
I have MBAM up on both computers and running although it is not the full version. I have been meaning to completely buy it since it does such a good job but it didn't seemt to catch this virus. If i pay for it and put it on both computers will that be enough?
Unfortunately no scanner can detect everything, But also MBAM isn't an Anti-Virus, It's meant to be used alongside an Anti-virus.
So no, MBAM alone wouldn't be enough.
Here's a great guide I recommend you read to be more secure. http://www.malwareremoval.com/forum/...hp?f=4&t=54766

Quote:
I have a newer version of windows that i'm thinking of putting on my comp and my buddy says that should erase all previous data, does that work?
Yes that will work, If you reformat your hard drive and install windows that should remove any malware on your computer.
It will also erase any data and files on your computer so make sure you have everything you want to keep backed up.

Quote:
oh and if i haven't accessed things like PayPal or Ebay, are those passwords still at risk?
If you haven't accessed them from the infected computer they may be fine, But it would be best to change them to be on the safe side.
frodostwin123's Avatar
frodostwin123   (Aaron) frodostwin123 is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2009
Location: South Dakota
Experience: Beginner
31-Aug-2012, 09:44 PM #10
Wow! Thanks for the speedy reply! I'll get those downloaded and run them some time tonight! thanks again for checking, but so far no symptoms as I can tell (none like on my laptop) and well i'm doing that I will check out your article. If the reformating doesn't work (aka the disc that i have was not intended for it or isn't working or i just have the wrong disc) I am wondering if u would be able to walk me through cleaning the memory my self? thanks again, hope ur haven a good start to the weekend!
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
01-Sep-2012, 05:29 AM #11
Quote:
I am wondering if u would be able to walk me through cleaning the memory my self?
I would be happy to help attempt to remove the malware, Just remember that the computer can never fully be trusted without reformatting and reinstalling windows.
frodostwin123's Avatar
frodostwin123   (Aaron) frodostwin123 is offline
Computer Specs
Member with 11 posts.
THREAD STARTER
 
Join Date: Jun 2009
Location: South Dakota
Experience: Beginner
03-Sep-2012, 11:52 AM #12
no worries. I went ahead with something else and reformatted and reinstalled windows, but it seems that it did not delete all the old windows files...it just saved them in a file old windows. I went ahead and started deleting it but it has a few files it says I can't delete...any input on that? (sorry if this thread is trailling on. If i need to start a new one its fine, but since u have been here for the full debacle I figure'ld this would be easier for both of us)
Gizzy's Avatar
Gizzy   (Bill) Gizzy is offline Gizzy is authorized to help remove malware.
Computer Specs
Library Manager with 3,865 posts.
 
Join Date: Aug 2005
Location: NJ, USA
Experience: Advanced
04-Sep-2012, 02:19 AM #13
Quote:
sorry if this thread is trailling on. If i need to start a new one its fine, but since u have been here for the full debacle I figure'ld this would be easier for both of us
No problem, it's fine.

Let's try this,

Note: These instructions are for Windows Vista, If you now have a different version installed and these instructions don't work let me know.
  1. Click the Start button, then type Disk Cleanup in the search box, in the list of results, click Disk Cleanup.
    If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you installed windows on, and then click OK.
  2. In the Disk Cleanup window click the Clean up system files. button
    If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. Check the box next to Previous Windows installation(s), and then click OK.
  4. In the window that appears, click Delete Files.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
can not delete, trogan downloader, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑