Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

UKASH Command prompt Virus help

This is a discussion on UKASH Command prompt Virus help within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I managed to get rid of the original Ukash (cheshire police) virus last year from my computer with help


 
 
Thread Tools Search this Thread
Old 05-11-2013, 10:02 AM   #1
Registered Member
 
Join Date: May 2013
Posts: 25
OS: windows vista



Hi, I managed to get rid of the original Ukash (cheshire police) virus last year from my computer with help from spyhunter and spybot search and destroy, unfortunately I have encountered a similar virus, this time every safe mode that I log into it gives me a black screen with no toolbars or menus or shortcuts with a "CMD.exe" window command prompt, luckily every now and then a mcafee notification pops up requesting me to renew my subscription, I click renew and it gives me a window where I can access the mcafee website and from there surf the web freely without the ukash screen popping up and locking me out prompting me to pay the fine. but if I access the task manager and click new task and type "explorer" it logs me out, shuts down and restarts. I am not tech savvy but any help on getting rid of this virus would be appreciated, currently running windows vista home premium edition on an acer aspire 5920, thanks in advance.
DrakeRx is offline  
Sponsored Links
Advertisement
 
Old 05-12-2013, 06:32 AM   #2
Security Team
Analyst
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.


Could you tell me if this is a 32 or 64bit based OS
Larusso is offline  
Old 05-12-2013, 09:51 AM   #3
Registered Member
 
Join Date: May 2013
Posts: 25
OS: windows vista



Hi Daniel, thanks for your reply.

The OS is running 32 bit

I have no idea how to post the logs as I barely have access to anything on this laptop now as the only window I have is the "Cmd.exe" window that reads "C:\windows\system32>"
DrakeRx is offline  
Sponsored Links
Advertisement
 
Old 05-12-2013, 11:13 AM   #4
Security Team
Analyst
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



No worries. I wrote a tool for this kind of infection for WinXP but in Vista we have a much easier way to remove it


Download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.
Larusso is offline  
Old 05-13-2013, 04:34 AM   #5
Registered Member
 
Join Date: May 2013
Posts: 25
OS: windows vista



hi daniel here is the log:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-05-2013 01
Ran by SYSTEM on 12-05-2013 22:49:55
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [92704 2008-03-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8534560 2008-03-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [88608 2008-03-10] (NVIDIA Corporation)
HKLM\...\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe [x]
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2008-01-23] (Synaptics, Inc.)
HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [518656 2008-02-25] (Egis Incorporated)
HKLM\...\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" [1286144 2007-10-10] (CyberLink)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2007-11-22] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [707080 2008-01-02] (Dritek System Inc.)
HKLM\...\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [200704 2008-01-22] (CyberLink Corp.)
HKLM\...\Run: [eRecoveryService] [x]
HKLM\...\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting [45056 2007-04-25] ( )
HKLM\...\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278648 2012-09-12] (McAfee, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-08-20] (Adobe Systems Incorporated)
HKLM\...\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [74408 2008-02-28] (Lexmark International, Inc.)
HKLM\...\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [2086912 2008-10-09] (Vodafone)
HKLM\...\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run [x]
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1151152 2013-02-18] ()
HKLM\...\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" [x]
HKLM\...\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE [1683008 2012-12-10] (Bandoo Media Inc)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]
HKLM\...\Winlogon: [System]
HKU\Default\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Default User\...\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe [ 2007-08-21] ()
HKU\Taylor\...\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [ 2012-03-08] (Microsoft Corporation)
HKU\Taylor\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Taylor\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-01-26] (Safer Networking Limited)
HKU\Taylor\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Taylor\...\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload [ 2012-12-20] (Samsung)
HKU\Taylor\...\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKU\Taylor\...\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2012-12-20] (Samsung)
HKU\Taylor\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex [ 2013-04-05] (Adobe Systems Incorporated)
HKU\Taylor\...\Winlogon: [Shell] cmd.exe [ 2008-01-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\SETAUDIO.EXE ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\SETRES.EXE ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
========================== Services (Whitelisted) =================
S2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [51200 2007-09-19] ()
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2569168 2013-04-05] ()
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [491008 2008-02-25] (Egis Incorporated)
S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.)
S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.)
S2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()
S2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (libusb-Win32)
S2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( )
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [655944 2012-07-03] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-09-10] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200816 2012-06-21] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [168368 2012-06-21] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [166320 2012-06-21] (McAfee, Inc.)
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] ()
S2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-12-03] ()
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 tmInstall; C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\x86\tmInstall.EXE [24064 2012-09-13] (Thrustmaster®)
S2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-10-09] (Vodafone)
S2 vToolbarUpdater14.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()
S2 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-06-14] (Wajam)
S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-09-20] (acer)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
S2 NMSAccessU; C:\Users\Taylor\AppData\Local\Temp\{D2D9255A-06DE-40A8-9176-9C6CD7B1A4D3}\NMSAccessU.exe [x]
==================== Drivers (Whitelisted) ====================
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281504 2009-10-03] ()
S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [33112 2013-02-18] (AVG Technologies)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-06-21] (McAfee, Inc.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [27424 2012-07-13] ()
S2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2009-10-03] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-14] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [127992 2012-06-21] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [230224 2012-06-21] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [61912 2012-06-21] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [360792 2012-06-21] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [554048 2012-06-21] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-06-21] (McAfee, Inc.)
S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [206784 2012-06-21] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-06-12] ()
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [38816 2009-01-23] (RapidSolution Software AG)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [104816 2012-09-13] (Thrustmaster)
S3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [43008 2008-01-23] (Winbond Electronics Corporation)
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2008-01-04] (Cyberlink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 tmbulk; System32\Drivers\tmbulk.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-05-12 22:49 - 2013-05-12 22:49 - 00000000 ____D C:\FRST
2013-05-11 10:55 - 2013-05-11 10:55 - 00002083 ____A C:\Users\Taylor\Desktop\SpyHunter.lnk
2013-05-11 10:55 - 2013-05-11 10:55 - 00000000 ____D C:\sh4ldr
2013-05-10 14:18 - 2013-05-10 14:18 - 00139024 ____A C:\Windows\Minidump\Mini051013-01.dmp
2013-05-10 14:07 - 2013-05-10 14:07 - 01038475 ____A C:\Users\Taylor\AppData\Local\2433f433
2013-05-10 14:07 - 2013-05-10 14:07 - 01038469 ____A C:\Users\Taylor\AppData\Roaming\2433f433
2013-05-10 14:07 - 2013-05-10 14:07 - 01038422 ____A C:\ProgramData\2433f433
2013-05-10 14:06 - 2013-05-10 14:06 - 00030208 ____A C:\Users\Taylor\Documents\557974e8.exe
2013-05-10 14:06 - 2013-05-10 14:06 - 00030208 ____A C:\Users\Taylor\Documents\557974e8.dll
2013-05-10 11:34 - 2013-05-10 11:34 - 00000000 ____D C:\Users\Taylor\AppData\Local\{33FD33A6-1B6F-44B5-AF0F-C88C57C2DBF5}
2013-05-09 16:57 - 2013-05-09 16:57 - 00000000 ____D C:\Users\Taylor\AppData\Local\{D42CEFEC-90F4-430C-B29F-5A6933EB7959}
2013-05-09 05:00 - 2013-05-12 12:30 - 00001739 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-05-09 04:56 - 2013-05-09 04:57 - 00000000 ____D C:\Users\Taylor\AppData\Local\{1D2E76CA-D84E-4402-919E-CEA7FEF2F6F2}
2013-05-08 15:49 - 2013-05-08 15:49 - 00000000 ____D C:\Users\Taylor\AppData\Local\{9D81E89C-3E7E-4985-A99A-4BC3427E9FFB}
2013-05-08 01:37 - 2013-05-08 01:37 - 00000000 ____D C:\Users\Taylor\AppData\Local\{D5F85DBC-A5C0-49B6-B48F-1CFC66E89C97}
2013-05-07 12:27 - 2013-05-12 12:22 - 00000000 ____A C:\END
2013-05-07 09:58 - 2013-05-07 09:59 - 00000000 ____D C:\Users\Taylor\AppData\Local\{F3720447-4CC8-4002-8D85-43E1CECF69C8}
2013-05-07 06:45 - 2013-05-07 06:47 - 00000000 ____D C:\Users\Taylor\AppData\Local\{6D5FF02F-A2D1-473A-88ED-DFA144C723F2}
2013-05-06 12:13 - 2013-05-06 12:15 - 00000000 ____D C:\Users\Taylor\AppData\Local\{DF09D575-41FC-4411-BEA8-3F6D41039A8E}
2013-05-06 05:39 - 2013-05-06 05:39 - 00000000 ____D C:\Users\Taylor\AppData\Local\{FD0B9774-39E3-4F30-9043-21F5E731DB07}
2013-05-05 14:24 - 2013-05-05 14:24 - 00000000 ____D C:\Users\Taylor\AppData\Local\{D735E2EF-0818-4C0C-BD21-2A081077C61C}
2013-05-05 03:49 - 2013-05-05 03:49 - 00000000 ____D C:\Users\Taylor\AppData\Local\{DF63B846-E366-4560-AEC8-C9E193119DA0}
2013-05-04 04:16 - 2013-05-04 04:16 - 00000000 ____D C:\Users\Taylor\AppData\Local\{1B628C00-98D1-48AF-8147-3EA821936948}
2013-05-03 12:12 - 2013-05-03 12:12 - 00000000 ____A C:\Users\Taylor\Downloads\420311cc56c594993b27c2914cb29fef20130423182252.lfkub39.partial
2013-05-03 09:01 - 2013-05-03 09:01 - 00000000 ____D C:\Users\Taylor\AppData\Local\{61995DD9-A4ED-4C82-92D9-E072F3F60ED9}
2013-05-02 06:35 - 2013-05-02 06:35 - 00000000 ____D C:\Users\Taylor\AppData\Local\{A95204B6-CA4A-4C9B-9F29-59CBF1336008}
2013-05-01 18:28 - 2013-05-01 18:28 - 00000000 ____D C:\Users\Taylor\AppData\Local\{1072D678-EE96-445C-9F75-77FBB60EEAAB}
2013-05-01 06:27 - 2013-05-01 06:27 - 00000000 ____D C:\Users\Taylor\AppData\Local\{65D04B10-7ED7-4945-8A51-5BFAE5FDBDCE}
2013-05-01 02:52 - 2013-05-01 02:52 - 00000000 ____D C:\Users\Taylor\AppData\Local\{6F7616DA-7CDF-4B37-8D34-84033A6C427D}
2013-04-30 00:42 - 2013-04-30 00:42 - 00000000 ____D C:\Users\Taylor\AppData\Local\{19CCCF51-CA72-405D-A825-538183936963}
2013-04-29 05:56 - 2013-04-29 05:56 - 00000000 ____D C:\Users\Taylor\AppData\Local\{691555DC-8A52-4F18-9DF3-216DBB02EFAA}
2013-04-29 03:17 - 2013-04-29 03:17 - 00000000 ____D C:\Users\Taylor\AppData\Local\{B84CF1C5-9209-428E-AF75-65FDD76FC97A}
2013-04-28 04:29 - 2013-04-28 04:29 - 00000000 ____D C:\Users\Taylor\AppData\Local\{5F5A5A2C-3930-4E11-851B-CEF5167FD037}
2013-04-27 14:48 - 2013-04-27 14:48 - 00000000 ____D C:\Users\Taylor\AppData\Local\{47C6E573-781D-4FDB-A182-CC63513CAF15}
2013-04-27 03:37 - 2013-04-27 03:37 - 00000000 ____D C:\Users\Taylor\AppData\Local\{2535730A-14C6-4E57-BC96-87CFB60EBA6D}
2013-04-26 04:10 - 2013-04-26 04:10 - 00000000 ____D C:\Users\Taylor\AppData\Local\{AB27F155-40E6-4E2C-A5C4-13AFD53FB064}
2013-04-25 15:19 - 2013-04-25 15:20 - 00000000 ____D C:\Users\Taylor\AppData\Local\{ED4D6A5F-AFEA-4054-BD5C-AB0876ADF19A}
2013-04-25 06:39 - 2013-04-25 06:39 - 00000000 ____D C:\Users\Taylor\AppData\Local\{50CE6992-9784-476A-AB97-2BB9AD2C08A7}
2013-04-24 03:08 - 2013-04-24 03:08 - 00000000 ____D C:\Users\Taylor\AppData\Local\{A6AF78F3-6960-46F6-961B-04DAC025740F}
2013-04-23 13:32 - 2013-04-23 13:32 - 00000000 ____D C:\Users\Taylor\AppData\Local\{69F4E0BF-619D-4ADF-B45C-BB7385B05D48}
2013-04-23 01:11 - 2013-04-23 01:12 - 00000000 ____D C:\Users\Taylor\AppData\Local\{8BA07914-5F48-4260-B945-E7F74835FFA9}
2013-04-22 14:24 - 2013-04-22 14:24 - 00009728 ____A C:\Users\Taylor\Documents\personal statement ucas.wps
2013-04-22 08:13 - 2013-04-22 08:14 - 00000000 ____D C:\Users\Taylor\AppData\Local\{0AFC7AF1-9AED-4C53-BBD2-9DDEA71862F7}
2013-04-21 12:12 - 2013-04-21 12:12 - 00000000 ____D C:\Users\Taylor\AppData\Local\{F11E9F55-9576-42FD-AA3E-8ADF9DE78822}
2013-04-21 06:47 - 2013-04-21 06:47 - 00000000 ____D C:\Users\Taylor\AppData\Local\{1D427989-6395-4851-BE2C-C1201F590397}
2013-04-20 17:01 - 2013-04-20 17:01 - 00000000 ____D C:\Users\Taylor\AppData\Local\{7007A67E-0240-4436-B87B-4045698F5B18}
2013-04-19 22:07 - 2013-04-19 22:07 - 00000000 ____D C:\Users\Taylor\AppData\Local\{210CF6FE-5A4B-4E46-A466-72C14302EEDF}
2013-04-19 10:08 - 2013-04-19 10:08 - 00000000 ____D C:\Users\Taylor\AppData\Local\{498C5189-2CA2-48B8-80A6-DB48DD46427E}
2013-04-18 01:48 - 2013-04-18 01:49 - 00000000 ____D C:\Users\Taylor\AppData\Local\{B4CCFD5A-6FE7-44DF-9FB4-6DBB44112B04}
2013-04-17 04:42 - 2013-04-17 04:43 - 00000000 ____D C:\Users\Taylor\AppData\Local\{4590E0CD-279A-4C09-9980-5DBCDF61F408}
2013-04-16 12:28 - 2013-04-16 12:29 - 00000000 ____D C:\Users\Taylor\AppData\Local\{B92DBB33-0540-4BE0-92CE-78BFB9D8132A}
2013-04-15 08:03 - 2013-04-15 08:03 - 00000000 ____D C:\Users\Taylor\AppData\Local\{B2AD59D2-5115-4505-9A2C-83302A7DDE0A}
2013-04-14 13:38 - 2013-04-14 13:38 - 00000000 ____D C:\Users\Taylor\AppData\Local\{53878951-CA56-4379-9BD0-4B319EF8B39B}
2013-04-13 07:00 - 2013-04-13 07:00 - 00000000 ____D C:\Users\Taylor\AppData\Local\{61908836-714F-44E6-AF3A-290750305A95}
2013-04-12 19:00 - 2013-04-12 19:00 - 00000000 ____D C:\Users\Taylor\AppData\Local\{4AEA0149-6539-4366-8449-FB1BD48ABF1E}
2013-04-12 06:59 - 2013-04-12 06:59 - 00000000 ____D C:\Users\Taylor\AppData\Local\{7ECAA9B7-A936-4E68-8C93-857B258E136A}
==================== One Month Modified Files and Folders ========
2013-05-12 22:49 - 2013-05-12 22:49 - 00000000 ____D C:\FRST
2013-05-12 13:30 - 2009-01-08 09:47 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-05-12 13:30 - 2006-11-02 05:01 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-12 13:30 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-12 13:30 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-12 13:30 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-12 12:41 - 2012-04-04 10:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-12 12:35 - 2009-12-20 16:08 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-12 12:30 - 2013-05-09 05:00 - 00001739 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-05-12 12:27 - 2006-11-02 02:33 - 00703214 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-12 12:22 - 2013-05-07 12:27 - 00000000 ____A C:\END
2013-05-12 12:22 - 2012-10-08 11:01 - 00000412 ____A C:\Windows\Tasks\PC Optimizer Pro startups.job
2013-05-12 12:22 - 2012-02-01 15:05 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cce135f149112b.job
2013-05-12 12:22 - 2008-01-20 18:47 - 09075752 ____A C:\Windows\PFRO.log
2013-05-11 17:12 - 2012-07-14 11:31 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-05-11 17:12 - 2009-01-06 03:34 - 00000000 ____D C:\users\Taylor
2013-05-11 17:12 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-05-11 17:12 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-05-11 17:12 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-05-11 17:12 - 2006-11-02 02:22 - 49807360 ____A C:\Windows\System32\config\software_previous
2013-05-11 17:12 - 2006-11-02 02:22 - 28573696 ____A C:\Windows\System32\config\system_previous
2013-05-11 17:09 - 2006-11-02 02:22 - 39845888 ____A C:\Windows\System32\config\components_previous
2013-05-11 17:09 - 2006-11-02 02:22 - 00057344 ____A C:\Windows\System32\config\sam_previous
2013-05-11 12:37 - 2011-04-28 12:22 - 00000000 ____D C:\Windows\Minidump
2013-05-11 12:36 - 2011-04-28 12:21 - 286013809 ____A C:\Windows\MEMORY.DMP
2013-05-11 10:55 - 2013-05-11 10:55 - 00002083 ____A C:\Users\Taylor\Desktop\SpyHunter.lnk
2013-05-11 10:55 - 2013-05-11 10:55 - 00000000 ____D C:\sh4ldr
2013-05-11 10:55 - 2013-04-06 07:48 - 00000000 ____D C:\Windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-05-11 08:08 - 2006-11-02 02:22 - 00786432 ____A C:\Windows\System32\config\default_previous
2013-05-11 08:08 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-05-10 19:00 - 2008-06-21 22:08 - 01115693 ____A C:\Windows\WindowsUpdate.log
2013-05-10 14:18 - 2013-05-10 14:18 - 00139024 ____A C:\Windows\Minidump\Mini051013-01.dmp
2013-05-10 14:07 - 2013-05-10 14:07 - 01038475 ____A C:\Users\Taylor\AppData\Local\2433f433
2013-05-10 14:07 - 2013-05-10 14:07 - 01038469 ____A C:\Users\Taylor\AppData\Roaming\2433f433
2013-05-10 14:07 - 2013-05-10 14:07 - 01038422 ____A C:\ProgramData\2433f433
2013-05-10 14:06 - 2013-05-10 14:06 - 00030208 ____A C:\Users\Taylor\Documents\557974e8.exe
2013-05-10 14:06 - 2013-05-10 14:06 - 00030208 ____A C:\Users\Taylor\Documents\557974e8.dll
2013-05-10 11:34 - 2013-05-10 11:34 - 00000000 ____D C:\Users\Taylor\AppData\Local\{33FD33A6-1B6F-44B5-AF0F-C88C57C2DBF5}
2013-05-10 11:33 - 2009-11-06 09:02 - 00000000 ____D C:\Users\Taylor\Tracing
2013-05-09 16:57 - 2013-05-09 16:57 - 00000000 ____D C:\Users\Taylor\AppData\Local\{D42CEFEC-90F4-430C-B29F-5A6933EB7959}
2013-05-09 04:57 - 2013-05-09 04:56 - 00000000 ____D C:\Users\Taylor\AppData\Local\{1D2E76CA-D84E-4402-919E-CEA7FEF2F6F2}
2013-05-08 15:49 - 2013-05-08 15:49 - 00000000 ____D C:\Users\Taylor\AppData\Local\{9D81E89C-3E7E-4985-A99A-4BC3427E9FFB}
2013-05-08 11:28 - 2012-10-08 11:01 - 00000440 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job
2013-05-08 01:37 - 2013-05-08 01:37 - 00000000 ____D C:\Users\Taylor\AppData\Local\{D5F85DBC-A5C0-49B6-B48F-1CFC66E89C97}
2013-05-07 09:59 - 2013-05-07 09:58 - 00000000 ____D C:\Users\Taylor\AppData\Local\{F3720447-4CC8-4002-8D85-43E1CECF69C8}
2013-05-07 06:47 - 2013-05-07 06:45 - 00000000 ____D C:\Users\Taylor\AppData\Local\{6D5FF02F-A2D1-473A-88ED-DFA144C723F2}
2013-05-06 12:15 - 2013-05-06 12:13 - 00000000 ____D C:\Users\Taylor\AppData\Local\{DF09D575-41FC-4411-BEA8-3F6D41039A8E}
2013-05-06 05:39 - 2013-05-06 05:39 - 00000000 ____D C:\Users\Taylor\AppData\Local\{FD0B9774-39E3-4F30-9043-21F5E731DB07}
2013-05-05 14:24 - 2013-05-05 14:24 - 00000000 ____D C:\Users\Taylor\AppData\Local\{D735E2EF-0818-4C0C-BD21-2A081077C61C}
2013-05-05 03:49 - 2013-05-05 03:49 - 00000000 ____D C:\Users\Taylor\AppData\Local\{DF63B846-E366-4560-AEC8-C9E193119DA0}
2013-05-04 04:16 - 2013-05-04 04:16 - 00000000 ____D C:\Users\Taylor\AppData\Local\{1B628C00-98D1-48AF-8147-3EA821936948}
2013-05-03 12:12 - 2013-05-03 12:12 - 00000000 ____A C:\Users\Taylor\Downloads\420311cc56c594993b27c2914cb29fef20130423182252.lfkub39.partial
2013-05-03 09:06 - 2010-11-22 12:37 - 00000000 ____D C:\Program Files\McAfee
2013-05-03 09:01 - 2013-05-03 09:01 - 00000000 ____D C:\Users\Taylor\AppData\Local\{61995DD9-A4ED-4C82-92D9-E072F3F60ED9}
2013-05-02 06:35 - 2013-05-02 06:35 - 00000000 ____D C:\Users\Taylor\AppData\Local\{A95204B6-CA4A-4C9B-9F29-59CBF1336008}
2013-05-01 18:28 - 2013-05-01 18:28 - 00000000 ____D C:\Users\Taylor\AppData\Local\{1072D678-EE96-445C-9F75-77FBB60EEAAB}
2013-05-01 06:27 - 2013-05-01 06:27 - 00000000 ____D C:\Users\Taylor\AppData\Local\{65D04B10-7ED7-4945-8A51-5BFAE5FDBDCE}
2013-05-01 02:52 - 2013-05-01 02:52 - 00000000 ____D C:\Users\Taylor\AppData\Local\{6F7616DA-7CDF-4B37-8D34-84033A6C427D}
2013-04-30 01:00 - 2009-01-24 09:35 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2013-04-30 00:42 - 2013-04-30 00:42 - 00000000 ____D C:\Users\Taylor\AppData\Local\{19CCCF51-CA72-405D-A825-538183936963}
2013-04-29 05:56 - 2013-04-29 05:56 - 00000000 ____D C:\Users\Taylor\AppData\Local\{691555DC-8A52-4F18-9DF3-216DBB02EFAA}
2013-04-29 03:17 - 2013-04-29 03:17 - 00000000 ____D C:\Users\Taylor\AppData\Local\{B84CF1C5-9209-428E-AF75-65FDD76FC97A}
2013-04-28 04:29 - 2013-04-28 04:29 - 00000000 ____D C:\Users\Taylor\AppData\Local\{5F5A5A2C-3930-4E11-851B-CEF5167FD037}
2013-04-27 14:48 - 2013-04-27 14:48 - 00000000 ____D C:\Users\Taylor\AppData\Local\{47C6E573-781D-4FDB-A182-CC63513CAF15}
2013-04-27 03:37 - 2013-04-27 03:37 - 00000000 ____D C:\Users\Taylor\AppData\Local\{2535730A-14C6-4E57-BC96-87CFB60EBA6D}
2013-04-26 04:10 - 2013-04-26 04:10 - 00000000 ____D C:\Users\Taylor\AppData\Local\{AB27F155-40E6-4E2C-A5C4-13AFD53FB064}
2013-04-25 15:20 - 2013-04-25 15:19 - 00000000 ____D C:\Users\Taylor\AppData\Local\{ED4D6A5F-AFEA-4054-BD5C-AB0876ADF19A}
2013-04-25 06:39 - 2013-04-25 06:39 - 00000000 ____D C:\Users\Taylor\AppData\Local\{50CE6992-9784-476A-AB97-2BB9AD2C08A7}
2013-04-24 03:08 - 2013-04-24 03:08 - 00000000 ____D C:\Users\Taylor\AppData\Local\{A6AF78F3-6960-46F6-961B-04DAC025740F}
2013-04-23 13:32 - 2013-04-23 13:32 - 00000000 ____D C:\Users\Taylor\AppData\Local\{69F4E0BF-619D-4ADF-B45C-BB7385B05D48}
2013-04-23 01:12 - 2013-04-23 01:11 - 00000000 ____D C:\Users\Taylor\AppData\Local\{8BA07914-5F48-4260-B945-E7F74835FFA9}
2013-04-22 14:24 - 2013-04-22 14:24 - 00009728 ____A C:\Users\Taylor\Documents\personal statement ucas.wps
2013-04-22 14:24 - 2009-01-21 12:22 - 00003510 ____A C:\Users\Taylor\AppData\Roaming\wklnhst.dat
2013-04-22 08:14 - 2013-04-22 08:13 - 00000000 ____D C:\Users\Taylor\AppData\Local\{0AFC7AF1-9AED-4C53-BBD2-9DDEA71862F7}
2013-04-21 12:12 - 2013-04-21 12:12 - 00000000 ____D C:\Users\Taylor\AppData\Local\{F11E9F55-9576-42FD-AA3E-8ADF9DE78822}
2013-04-21 06:47 - 2013-04-21 06:47 - 00000000 ____D C:\Users\Taylor\AppData\Local\{1D427989-6395-4851-BE2C-C1201F590397}
2013-04-20 17:01 - 2013-04-20 17:01 - 00000000 ____D C:\Users\Taylor\AppData\Local\{7007A67E-0240-4436-B87B-4045698F5B18}
2013-04-19 22:07 - 2013-04-19 22:07 - 00000000 ____D C:\Users\Taylor\AppData\Local\{210CF6FE-5A4B-4E46-A466-72C14302EEDF}
2013-04-19 10:08 - 2013-04-19 10:08 - 00000000 ____D C:\Users\Taylor\AppData\Local\{498C5189-2CA2-48B8-80A6-DB48DD46427E}
2013-04-18 01:49 - 2013-04-18 01:48 - 00000000 ____D C:\Users\Taylor\AppData\Local\{B4CCFD5A-6FE7-44DF-9FB4-6DBB44112B04}
2013-04-17 04:43 - 2013-04-17 04:42 - 00000000 ____D C:\Users\Taylor\AppData\Local\{4590E0CD-279A-4C09-9980-5DBCDF61F408}
2013-04-17 04:40 - 2009-02-24 14:57 - 00001356 ____A C:\Users\Taylor\AppData\Local\d3d9caps.dat
2013-04-16 12:29 - 2013-04-16 12:28 - 00000000 ____D C:\Users\Taylor\AppData\Local\{B92DBB33-0540-4BE0-92CE-78BFB9D8132A}
2013-04-15 08:03 - 2013-04-15 08:03 - 00000000 ____D C:\Users\Taylor\AppData\Local\{B2AD59D2-5115-4505-9A2C-83302A7DDE0A}
2013-04-14 13:38 - 2013-04-14 13:38 - 00000000 ____D C:\Users\Taylor\AppData\Local\{53878951-CA56-4379-9BD0-4B319EF8B39B}
2013-04-13 07:00 - 2013-04-13 07:00 - 00000000 ____D C:\Users\Taylor\AppData\Local\{61908836-714F-44E6-AF3A-290750305A95}
2013-04-12 19:00 - 2013-04-12 19:00 - 00000000 ____D C:\Users\Taylor\AppData\Local\{4AEA0149-6539-4366-8449-FB1BD48ABF1E}
2013-04-12 06:59 - 2013-04-12 06:59 - 00000000 ____D C:\Users\Taylor\AppData\Local\{7ECAA9B7-A936-4E68-8C93-857B258E136A}
ZeroAccess:
C:\Users\Taylor\AppData\Local\{32967460-b40a-4a54-56b2-794bcc02e45c}
C:\Users\Taylor\AppData\Local\{32967460-b40a-4a54-56b2-794bcc02e45c}\L
C:\Users\Taylor\AppData\Local\{32967460-b40a-4a54-56b2-794bcc02e45c}\U
==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-05-10 14:51:06
Restore point made on: 2013-05-11 10:54:22
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2037.81 MB
Available physical RAM: 1769.29 MB
Total Pagefile: 1969.7 MB
Available Pagefile: 1839.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.72 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:111.19 GB) (Free:6.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:107.69 GB) (Free:5.09 GB) NTFS
Drive f: (REX) (Removable) (Total:74.37 GB) (Free:34.68 GB) FAT32
Drive x: (PQSERVICE) (Fixed) (Total:10.74 GB) (Free:0.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: DC25C110)
Partition 1: (Not Active) - (Size=11 GB) - (Type=12)
Partition 2: (Active) - (Size=111 GB) - (Type=06)
Partition 3: (Not Active) - (Size=108 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

Last Boot: 2013-05-12 12:28
==================== End Of Log ============================
DrakeRx is offline  
Old 05-13-2013, 09:24 AM   #6
Security Team
Analyst
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Hy there. We have a little bit more problems than only this Ukash thing.

I want to try to fix the UKASH related entries for now, so you are able to boot in Normalmode.


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Code:
HKU\Taylor\...\Winlogon: [Shell] cmd.exe [ 2008-01-20] (Microsoft Corporation)
2013-05-10 14:07 - 2013-05-10 14:07 - 01038475 ____A C:\Users\Taylor\AppData\Local\2433f433
2013-05-10 14:07 - 2013-05-10 14:07 - 01038469 ____A C:\Users\Taylor\AppData\Roaming\2433f433
2013-05-10 14:07 - 2013-05-10 14:07 - 01038422 ____A C:\ProgramData\2433f433
2013-05-10 14:06 - 2013-05-10 14:06 - 00030208 ____A C:\Users\Taylor\Documents\557974e8.exe
2013-05-10 14:06 - 2013-05-10 14:06 - 00030208 ____A C:\Users\Taylor\Documents\557974e8.dll
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST by typing F:\frst and press the Fix button just once and wait.
Note: You might need to choose a different drive letter.
The tool will make a log on the flashdrive ( Fixlog.txt ) please post it to your reply.


If you are able to boot in Normalmode now, please move on.
If not, Stop here, post the fixlog.txt only.



Download ComboFix from this location:

Link 1



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.
Larusso is offline  
Old 05-14-2013, 04:01 AM   #7
Registered Member
 
Join Date: May 2013
Posts: 25
OS: windows vista



hi daniel, here's the log, thankfully my system seems to be working fine now, i can see the desktop as normal etc.

ComboFix 13-05-13.01 - Taylor 14/05/2013 10:46:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.942 [GMT 1:00]
Running from: c:\users\Taylor\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Wincert\WIN32C~1.DLL
c:\users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\windows\system32\muzapp.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-04-14 to 2013-05-14 )))))))))))))))))))))))))))))))
.
.
2013-05-14 10:23 . 2013-05-14 10:27 -------- d-----w- c:\users\Taylor\AppData\Local\temp
2013-05-14 10:23 . 2013-05-14 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-13 06:49 . 2013-05-13 06:49 -------- d-----w- C:\FRST
2013-05-11 18:55 . 2013-05-11 18:55 110080 ----a-r- c:\users\Taylor\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconF7A21AF7.exe
2013-05-11 18:55 . 2013-05-11 18:55 110080 ----a-r- c:\users\Taylor\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconD7F16134.exe
2013-05-11 18:55 . 2013-05-11 18:55 110080 ----a-r- c:\users\Taylor\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconCF33A0CE.exe
2013-05-11 18:55 . 2013-05-11 18:55 -------- d-----w- C:\sh4ldr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-11 20:39 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-07 22:18 . 2013-04-07 22:18 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-07 22:17 . 2012-07-27 21:25 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-07 22:17 . 2010-12-05 21:14 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-06 01:21 . 2012-04-04 18:21 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-06 01:21 . 2012-02-14 08:51 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 22:39 . 2012-08-24 23:17 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-18 22:39 1929392 ----a-w- c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-08-20 937920]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-10-09 2086912]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"iLike"="c:\program files\iLike\1.2.14\ilikesidebar.exe" [2008-09-11 63024]
.
c:\users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-13 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-10-18 685496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll c:\progra~2\browse~1\261249~1.132\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
DrakeRx is offline  
Old 05-14-2013, 07:55 AM   #8
Security Team
Analyst
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Great

But the Combofix.txt is incomplete. Please make sure to copy the whole text and paste it here.
Larusso is offline  
Old 05-14-2013, 08:44 AM   #9
Registered Member
 
Join Date: May 2013
Posts: 25
OS: windows vista



here's the full log

ComboFix 13-05-13.01 - Taylor 14/05/2013 1642.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.833 [GMT 1:00]
Running from: c:\users\Taylor\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2013-04-14 to 2013-05-14 )))))))))))))))))))))))))))))))
.
.
2013-05-14 15:32 . 2013-05-14 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 10:35 . 2013-05-14 15:33 -------- d-----w- c:\users\Taylor\AppData\Local\temp
2013-05-13 06:49 . 2013-05-13 06:49 -------- d-----w- C:\FRST
2013-05-11 18:55 . 2013-05-11 18:55 110080 ----a-r- c:\users\Taylor\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconF7A21AF7.exe
2013-05-11 18:55 . 2013-05-11 18:55 110080 ----a-r- c:\users\Taylor\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconD7F16134.exe
2013-05-11 18:55 . 2013-05-11 18:55 110080 ----a-r- c:\users\Taylor\AppData\Roaming\Microsoft\Installer\{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}\IconCF33A0CE.exe
2013-05-11 18:55 . 2013-05-11 18:55 -------- d-----w- C:\sh4ldr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-11 20:39 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-07 22:18 . 2013-04-07 22:18 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-07 22:17 . 2012-07-27 21:25 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-07 22:17 . 2010-12-05 21:14 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-06 01:21 . 2012-04-04 18:21 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-06 01:21 . 2012-02-14 08:51 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-18 22:39 . 2012-08-24 23:17 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-18 22:39 1929392 ----a-w- c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-08-20 937920]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-10-09 2086912]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"iLike"="c:\program files\iLike\1.2.14\ilikesidebar.exe" [2008-09-11 63024]
.
c:\users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-13 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-10-18 685496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll c:\progra~2\browse~1\261249~1.132\{c16c1~1\browserprotect.dll c:\progra~2\browse~1\261249~1.132\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 17:28 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:21]
.
2013-04-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-24 15:18]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce135f149112b.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 00:07]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 00:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.uk.acer.yahoo.com/
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: alliance-leicester.co.uk\www.applications
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-14 16:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7252)
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2013-05-14 16:40:37
ComboFix-quarantined-files.txt 2013-05-14 15:40
ComboFix2.txt 2013-05-14 10:35
.
Pre-Run: 10,708,488,192 bytes free
Post-Run: 10,712,395,776 bytes free
.
- - End Of File - - 417AA9CA9B2256DB28CD70CC8BBDF1EB
DrakeRx is offline  
Old 05-14-2013, 08:48 AM   #10
Security Team
Analyst
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Thanks.

No more signs of malware in this logfile. Any open issues ? If so, please explain them exactly as you can.



Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.
Larusso is offline  
Old 05-14-2013, 08:55 AM   #11
Registered Member
 
Join Date: May 2013
Posts: 25
OS: windows vista



hi daniel, internet explorer struggles to open reading "illegal opreation attempted on a registry key that has been marked for deletion" i have to right click and "run as administrator" in order to open it
DrakeRx is offline  
Old 05-14-2013, 08:55 AM   #12
Registered Member
 
Join Date: May 2013
Posts: 25
OS: windows vista



typo "operation"
DrakeRx is offline  
Old 05-14-2013, 11:59 AM   #13
Security Team
Analyst
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



If not done yet, please reboot your System and try again.
This is a common error created after the usage of Combofix.

If you still get this error, let me know :)

( I dont care about typos or grammar )
Larusso is offline  
Old 05-16-2013, 11:51 AM   #14
Registered Member
 
Join Date: May 2013
Posts: 25
OS: windows vista



Hi Daniel, here's the log

C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.A application
C:\Program Files\Search Results Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll a variant of Win32/bProtector.A application
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe a variant of Win32/bProtector.A application
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe a variant of Win32/bProtector.A application
C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js Win32/bProtector.F application
C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll a variant of Win32/bProtector.A application
C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe a variant of Win32/bProtector.A application
C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe a variant of Win32/bProtector.A application
C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js Win32/bProtector.F application
C:\Users\Taylor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\12720fb5-3f09f9c8 a variant of Java/Exploit.CVE-2013-1493.BC trojan
C:\Users\Taylor\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Taylor\Downloads\WinZip165.exe a variant of Win32/OpenInstall application
C:\Users\Taylor\Pictures\New Folder (3)\InstallFreeRARExtractFrog.exe a variant of Win32/Bundled.Toolbar.Ask.A application
Operating memory a variant of Win32/bProtector.A application
DrakeRx is offline  
Old 05-17-2013, 04:01 AM   #15
Security Team
Analyst
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



hy there.


Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
Browser Proctect
Search Results Toolbar


If you cant find them or you are not sure please let me know.



Download DDS and save it to your desktop from here.
Double click DDS to run the tool and press Start
Don't change any stettings without instruction
  • When done, DDS will save two (2) logs to your desktop:
    1. DDS.txt
    2. Attach.txt
  • .Please post them in your next reply
Larusso is offline  
Old 05-17-2013, 09:52 AM   #16
Registered Member
 
Join Date: May 2013
Posts: 25
OS: windows vista



Hi Daniel, the link for the dds download doesn't seem to work for me, i get "HTTP 404" when clicking on external link.
DrakeRx is offline  
Old 05-18-2013, 06:51 AM   #17
Security Team
Analyst
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



works for me. tried it a few seconds ago.

if it still wont work, please download this one.
https://download.bleepingcomputer.com/sUBs/dds.scr

Note: this one runs in silent mode, so simply launch the file and wait untill 2 notepads windows will be opened.
Larusso is offline  
Old 05-19-2013, 05:19 PM   #18
Registered Member
 
Join Date: May 2013
Posts: 25
OS: windows vista



Hi Daniel, thanks for the link, here's the attach log.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 22/06/2008 07:12:03
System Uptime: 20/05/2013 00:56:39 (1 hours ago)
.
Motherboard: Acer, Inc. | | Chapala
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 111 GiB total, 15.107 GiB free.
D: is FIXED (NTFS) - 108 GiB total, 5.089 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #5
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #6
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0007
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #8
PNP Device ID: ROOT\*ISATAP\0007
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0008
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #7
PNP Device ID: ROOT\*ISATAP\0008
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0009
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #9
PNP Device ID: ROOT\*ISATAP\0009
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0010
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #10
PNP Device ID: ROOT\*ISATAP\0010
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0011
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #11
PNP Device ID: ROOT\*ISATAP\0011
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0012
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #12
PNP Device ID: ROOT\*ISATAP\0012
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0013
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #13
PNP Device ID: ROOT\*ISATAP\0013
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0014
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #14
PNP Device ID: ROOT\*ISATAP\0014
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0015
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #15
PNP Device ID: ROOT\*ISATAP\0015
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0016
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #17
PNP Device ID: ROOT\*ISATAP\0016
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0017
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #16
PNP Device ID: ROOT\*ISATAP\0017
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0018
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #18
PNP Device ID: ROOT\*ISATAP\0018
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0019
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #19
PNP Device ID: ROOT\*ISATAP\0019
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0020
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #20
PNP Device ID: ROOT\*ISATAP\0020
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0021
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #21
PNP Device ID: ROOT\*ISATAP\0021
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0022
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #22
PNP Device ID: ROOT\*ISATAP\0022
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0023
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #23
PNP Device ID: ROOT\*ISATAP\0023
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0024
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #24
PNP Device ID: ROOT\*ISATAP\0024
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0025
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #26
PNP Device ID: ROOT\*ISATAP\0025
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0026
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #25
PNP Device ID: ROOT\*ISATAP\0026
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0027
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #27
PNP Device ID: ROOT\*ISATAP\0027
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0028
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #29
PNP Device ID: ROOT\*ISATAP\0028
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0029
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #28
PNP Device ID: ROOT\*ISATAP\0029
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0030
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #30
PNP Device ID: ROOT\*ISATAP\0030
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0031
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #32
PNP Device ID: ROOT\*ISATAP\0031
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0032
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #31
PNP Device ID: ROOT\*ISATAP\0032
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0033
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #33
PNP Device ID: ROOT\*ISATAP\0033
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0034
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #34
PNP Device ID: ROOT\*ISATAP\0034
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0035
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #35
PNP Device ID: ROOT\*ISATAP\0035
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0037
Manufacturer: Microsoft
Name: isatap.home
PNP Device ID: ROOT\*ISATAP\0037
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0038
Manufacturer: Microsoft
Name: isatap.home
PNP Device ID: ROOT\*ISATAP\0038
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0039
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #39
PNP Device ID: ROOT\*ISATAP\0039
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0040
Manufacturer: Microsoft
Name: isatap.{AB24A7A6-4FC7-476F-9284-5254AFCBAF3F}
PNP Device ID: ROOT\*ISATAP\0040
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0041
Manufacturer: Microsoft
Name: isatap.{AB24A7A6-4FC7-476F-9284-5254AFCBAF3F}
PNP Device ID: ROOT\*ISATAP\0041
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0042
Manufacturer: Microsoft
Name: isatap.home
PNP Device ID: ROOT\*ISATAP\0042
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0002
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0002
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0003
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0003
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0004
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0004
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0005
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0005
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_01211025&REV_02\4&F20776C&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_01211025&REV_02\4&F20776C&0&00E5
Service: b57nd60x
.
==== System Restore Points ===================
.
RP1032: 17/05/2013 23:19:47 - Removed SpyHunter
RP1033: 17/05/2013 23:26:45 - Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
RP1034: 18/05/2013 13:15:50 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.0.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AVG Security Toolbar
Azada
Big Kahuna Reef
Bonjour
Bookworm Deluxe
Bricks of Egypt
Broadcom Gigabit Integrated Controller
Cake Mania
Celtx (2.9.7)
Chicken Invaders 3
Chuzzle
ContinueToSave 1.74
CutePDF Writer 3.0
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash Flo on the Go
ESET Online Scanner v3
ffdshow v1.2.4422 [2012-04-09]
FL Studio 9
Flip Words 2
Foxit PDF Editor
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hardcore
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
IL Download Manager
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 17
Java Auto Updater
Jewel Quest Solitaire
Junk Mail filter update
Kick N Rush
Launch Manager
Lexmark X1100 Series
LibUSB-Win32-0.1.10.1
LightScribe 1.4.142.1
Live 6.0.1
Mahjong Escape Ancient China
Mahjongg Artifacts
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Business 2010
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
Orion
PoiZone
PowerProducer
QuickTime
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
Sakura
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Sawer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Segoe UI
Shared C Run-time for x86
SpyHunter
Synaptics Pointing Device Driver
T500 RS racing wheel drivers
Torch
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Vodafone Mobile Connect Lite
Winbond CIR Drivers
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 17.0
Yahoo! Detect
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
20/05/2013 00:58:11, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{AB24A7A6-4FC7-476F-9284-5254AFCBAF3F} because another computer on the network has the same name. The server could not start.
20/05/2013 00:58:11, Error: netbt [4321] - The name "PEGASUS :20" could not be registered on the interface with IP address 192.168.0.5. The computer with the IP address 192.168.0.2 did not allow the name to be claimed by this computer.
20/05/2013 00:58:11, Error: netbt [4321] - The name "PEGASUS :0" could not be registered on the interface with IP address 192.168.0.5. The computer with the IP address 192.168.0.2 did not allow the name to be claimed by this computer.
20/05/2013 00:58:10, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/05/2013 00:58:10, Error: Service Control Manager [7000] - The NMSAccessU service failed to start due to the following error: The system cannot find the path specified.
18/05/2013 13:43:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
18/05/2013 13:43:44, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/05/2013 13:25:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
18/05/2013 13:09:37, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
18/05/2013 13:00:35, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.7 for the Network Card with network address 001F3C2B8257 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
17/05/2013 17:39:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2010 (KB2566458), 32-Bit Edition.
17/05/2013 17:37:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition.
17/05/2013 17:35:42, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2007 suites (KB2687493).
17/05/2013 17:35:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2687311).
17/05/2013 17:35:21, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition.
17/05/2013 17:35:16, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition.
17/05/2013 17:35:12, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition.
17/05/2013 17:32:15, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition.
17/05/2013 17:31:04, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2007 suites (KB2596660).
17/05/2013 17:30:57, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition.
17/05/2013 17:29:50, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2687441).
17/05/2013 17:29:43, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition.
17/05/2013 17:29:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition.
17/05/2013 17:29:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition.
17/05/2013 17:27:56, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition.
17/05/2013 17:27:51, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 suites (KB2596754).
17/05/2013 17:26:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office 2007 suites (KB2596848).
17/05/2013 16:25:35, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 001F3C2B8257 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
17/05/2013 02:16:32, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================


and here's the dds log.


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.17.2
Run by Taylor at 1:12:31 on 2013-05-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.660 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbkcoms.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Thrustmaster\T500 RS Racing wheel\drivers\x86\tmInstall.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Users\Taylor\AppData\Local\yanpfhtu\hgfcpkdl.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Taylor\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://search.easylifeapp.com/?pid=658&src=ie1&r=2013/05/17&hid=3048634495&lg=EN&cc=GB
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [HgfCpkdl] c:\users\taylor\appdata\local\yanpfhtu\hgfcpkdl.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [Skytel] Skytel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxbkbmgr.exe] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [MobileConnect] c:\program files\vodafone\vodafone mobile connect\bin\MobileConnect.exe /silent
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETAUDIO.EXE
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETRES.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{AB24A7A6-4FC7-476F-9284-5254AFCBAF3F} : DHCPNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\browse~1\261249~1.132\{c16c1~1\browserprotect.dll c:\progra~2\browse~1\261249~1.132\{c16c1~1\browserprotect.dll c:\progra~1\contin~1\sprote~1.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-25 33112]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-6-22 41456]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-13 51200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 tmInstall;Thrustmaster Device Driver Installer;c:\program files\thrustmaster\t500 rs racing wheel\drivers\x86\tmInstall.exe [2012-12-19 24064]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-10-9 14336]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]
R2 WajamUpdater;WajamUpdater;c:\program files\wajam\updater\WajamUpdater.exe [2012-6-14 109064]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-8-23 33792]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2008-3-13 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-13 179712]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-2 83168]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
S3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-7-14 27424]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-2 181344]
S3 tmhidusb;Thrustmaster HID USB Driver;c:\windows\system32\drivers\tmhidusb.sys [2012-12-19 104816]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-18 12:24:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-18 12:24:31 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-17 22:09:50 -------- d-----w- c:\programdata\StarApp
2013-05-17 22:08:34 -------- d-----w- c:\users\taylor\appdata\roaming\Advanced System Protector
2013-05-17 22:08:24 -------- d-----w- c:\programdata\SearchNewTab
2013-05-17 22:08:10 -------- d-----w- c:\users\taylor\appdata\roaming\Systweak
2013-05-17 22:07:14 -------- d-----w- c:\program files\ContinueToSave
2013-05-17 22:07:03 -------- d-----w- c:\programdata\coNtinuuetosave
2013-05-17 2230 -------- d-----w- c:\programdata\InstallMate
2013-05-17 22:05:53 105472 --s---w- c:\users\taylor\appdata\roaming\microsoft\windows\start menu\programs\startup\hgfcpkdl.exe
2013-05-17 22:05:53 -------- d-----w- c:\users\taylor\appdata\local\yanpfhtu
2013-05-17 21:43:44 -------- d-----w- c:\users\taylor\appdata\roaming\Philipp Winterberg
2013-05-17 17:55:06 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d60ce001-22fa-4bac-9f32-220070037838}\mpengine.dll
2013-05-17 16:39:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-17 15:55:09 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-05-17 15:54:51 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-05-17 15:54:50 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-05-17 15:54:50 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-05-17 15:54:50 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-05-17 15:54:50 16896 ----a-w- c:\windows\system32\winusb.dll
2013-05-17 15:54:48 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-05-17 15:54:47 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-05-17 15:54:46 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2013-05-17 15:54:45 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-05-17 15:54:45 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-05-17 15:54:45 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-05-17 15:36:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-05-17 15:36:07 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-05-16 0454 623616 ----a-w- c:\windows\system32\localspl.dll
2013-05-16 04:05:42 75776 ----a-w- c:\windows\system32\synceng.dll
2013-05-16 04:05:37 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-16 04:05:35 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-16 04:05:34 64000 ----a-w- c:\windows\system32\smss.exe
2013-05-16 04:05:33 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-16 04:05:25 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-05-16 04:05:25 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-05-16 04:05:19 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-05-16 04:05:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 04:05:03 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 04:00:31 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-05-16 04:00:23 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-05-16 03:59:50 985088 ----a-w- c:\windows\system32\crypt32.dll
2013-05-16 03:59:48 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-16 03:59:46 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-16 03:57:59 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-05-16 03:57:53 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-05-16 03:57:39 2048 ----a-w- c:\windows\system32\tzres.dll
2013-05-16 03:56:55 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-05-16 03:56:48 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-16 03:56:38 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 03:55:25 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-05-16 03:54:29 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-05-16 03:53:47 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-05-16 03:53:05 7016152 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2013-05-15 01:13:23 -------- d-----w- C:\McAfee
2013-05-14 15:39:04 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-14 10:35:19 -------- d-----w- c:\users\taylor\appdata\local\temp
2013-05-14 09:41:30 98816 ----a-w- c:\windows\sed.exe
2013-05-14 09:41:30 256000 ----a-w- c:\windows\PEV.exe
2013-05-14 09:41:30 208896 ----a-w- c:\windows\MBR.exe
2013-05-14 09:12:32 -------- d-----w- c:\users\taylor\appdata\local\{7D5F20BE-7ED5-44D1-8F6E-F3CE35520225}
2013-05-13 06:49:27 -------- d-----w- C:\FRST
2013-05-11 18:55:17 110080 ----a-r- c:\users\taylor\appdata\roaming\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconF7A21AF7.exe
2013-05-11 18:55:17 110080 ----a-r- c:\users\taylor\appdata\roaming\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconD7F16134.exe
2013-05-11 18:55:17 110080 ----a-r- c:\users\taylor\appdata\roaming\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconCF33A0CE.exe
2013-05-11 18:55:06 -------- d-----w- C:\sh4ldr
2013-05-10 19:34:46 -------- d-----w- c:\users\taylor\appdata\local\{33FD33A6-1B6F-44B5-AF0F-C88C57C2DBF5}
2013-05-10 00:57:35 -------- d-----w- c:\users\taylor\appdata\local\{D42CEFEC-90F4-430C-B29F-5A6933EB7959}
2013-05-09 12:56:50 -------- d-----w- c:\users\taylor\appdata\local\{1D2E76CA-D84E-4402-919E-CEA7FEF2F6F2}
2013-05-08 23:49:33 -------- d-----w- c:\users\taylor\appdata\local\{9D81E89C-3E7E-4985-A99A-4BC3427E9FFB}
2013-05-08 09:37:52 -------- d-----w- c:\users\taylor\appdata\local\{D5F85DBC-A5C0-49B6-B48F-1CFC66E89C97}
2013-05-07 17:58:58 -------- d-----w- c:\users\taylor\appdata\local\{F3720447-4CC8-4002-8D85-43E1CECF69C8}
2013-05-07 14:45:23 -------- d-----w- c:\users\taylor\appdata\local\{6D5FF02F-A2D1-473A-88ED-DFA144C723F2}
2013-05-06 20:13:22 -------- d-----w- c:\users\taylor\appdata\local\{DF09D575-41FC-4411-BEA8-3F6D41039A8E}
2013-05-06 13:39:21 -------- d-----w- c:\users\taylor\appdata\local\{FD0B9774-39E3-4F30-9043-21F5E731DB07}
2013-05-05 22:24:28 -------- d-----w- c:\users\taylor\appdata\local\{D735E2EF-0818-4C0C-BD21-2A081077C61C}
2013-05-05 11:49:47 -------- d-----w- c:\users\taylor\appdata\local\{DF63B846-E366-4560-AEC8-C9E193119DA0}
2013-05-04 12:16:27 -------- d-----w- c:\users\taylor\appdata\local\{1B628C00-98D1-48AF-8147-3EA821936948}
2013-05-03 17:01:28 -------- d-----w- c:\users\taylor\appdata\local\{61995DD9-A4ED-4C82-92D9-E072F3F60ED9}
2013-05-02 14:35:04 -------- d-----w- c:\users\taylor\appdata\local\{A95204B6-CA4A-4C9B-9F29-59CBF1336008}
2013-05-02 02:28:07 -------- d-----w- c:\users\taylor\appdata\local\{1072D678-EE96-445C-9F75-77FBB60EEAAB}
2013-05-01 14:27:39 -------- d-----w- c:\users\taylor\appdata\local\{65D04B10-7ED7-4945-8A51-5BFAE5FDBDCE}
2013-05-01 10:52:20 -------- d-----w- c:\users\taylor\appdata\local\{6F7616DA-7CDF-4B37-8D34-84033A6C427D}
2013-04-30 08:42:08 -------- d-----w- c:\users\taylor\appdata\local\{19CCCF51-CA72-405D-A825-538183936963}
2013-04-29 13:56:46 -------- d-----w- c:\users\taylor\appdata\local\{691555DC-8A52-4F18-9DF3-216DBB02EFAA}
2013-04-29 11:17:28 -------- d-----w- c:\users\taylor\appdata\local\{B84CF1C5-9209-428E-AF75-65FDD76FC97A}
2013-04-28 12:29:01 -------- d-----w- c:\users\taylor\appdata\local\{5F5A5A2C-3930-4E11-851B-CEF5167FD037}
2013-04-27 22:48:14 -------- d-----w- c:\users\taylor\appdata\local\{47C6E573-781D-4FDB-A182-CC63513CAF15}
2013-04-27 11:37:34 -------- d-----w- c:\users\taylor\appdata\local\{2535730A-14C6-4E57-BC96-87CFB60EBA6D}
2013-04-26 12:10:42 -------- d-----w- c:\users\taylor\appdata\local\{AB27F155-40E6-4E2C-A5C4-13AFD53FB064}
2013-04-25 23:19:29 -------- d-----w- c:\users\taylor\appdata\local\{ED4D6A5F-AFEA-4054-BD5C-AB0876ADF19A}
2013-04-25 14:39:20 -------- d-----w- c:\users\taylor\appdata\local\{50CE6992-9784-476A-AB97-2BB9AD2C08A7}
2013-04-24 11:08:00 -------- d-----w- c:\users\taylor\appdata\local\{A6AF78F3-6960-46F6-961B-04DAC025740F}
2013-04-23 21:32:10 -------- d-----w- c:\users\taylor\appdata\local\{69F4E0BF-619D-4ADF-B45C-BB7385B05D48}
2013-04-23 09:11:53 -------- d-----w- c:\users\taylor\appdata\local\{8BA07914-5F48-4260-B945-E7F74835FFA9}
2013-04-22 16:13:44 -------- d-----w- c:\users\taylor\appdata\local\{0AFC7AF1-9AED-4C53-BBD2-9DDEA71862F7}
2013-04-21 20:12:35 -------- d-----w- c:\users\taylor\appdata\local\{F11E9F55-9576-42FD-AA3E-8ADF9DE78822}
2013-04-21 14:47:52 -------- d-----w- c:\users\taylor\appdata\local\{1D427989-6395-4851-BE2C-C1201F590397}
2013-04-21 01:01:18 -------- d-----w- c:\users\taylor\appdata\local\{7007A67E-0240-4436-B87B-4045698F5B18}
2013-04-20 06:07:21 -------- d-----w- c:\users\taylor\appdata\local\{210CF6FE-5A4B-4E46-A466-72C14302EEDF}
.
==================== Find3M ====================
.
2013-05-02 0108 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-07 22:17:39 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-07 22:17:38 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 1:15:06.23 ===============
DrakeRx is offline  
Old 05-20-2013, 03:28 AM   #19
Security Team
Analyst
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Hy there.

Still a little bit of work to do for us.


Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
ContinueToSave 1.74
SpyHunter



Open notepad and copy/paste the text in the Code-box below into it:

Code:
https://www.techsupportforum.com/forums/f50/ukash-command-prompt-virus-help-695079.html#post4110710

Collect::
c:\users\taylor\appdata\local\yanpfhtu\hgfcpkdl.exe
c:\users\taylor\appdata\roaming\microsoft\windows\start menu\programs\startup\hgfcpkdl.exe

Folder::
c:\users\taylor\appdata\local\yanpfhtu
c:\programdata\StarApp
c:\users\taylor\appdata\roaming\Advanced System Protector
c:\programdata\SearchNewTab
c:\program files\ContinueToSave
c:\programdata\coNtinuuetosave
c:\programdata\InstallMate
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.




I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
Larusso is offline  
Old 05-20-2013, 06:51 AM   #20
Registered Member
 
Join Date: May 2013
Posts: 25
OS: windows vista



Here's the next log:

ComboFix 13-05-13.01 - Taylor 20/05/2013 13:12:54.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.697 [GMT 1:00]
Running from: c:\users\Taylor\Desktop\ComboFix.exe
Command switches used :: c:\users\Taylor\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\users\taylor\appdata\local\yanpfhtu\hgfcpkdl.exe
file zipped: c:\users\taylor\appdata\roaming\microsoft\windows\start menu\programs\startup\hgfcpkdl.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ContinueToSave
c:\program files\ContinueToSave\sprote~1.dll.ftf
c:\programdata\coNtinuuetosave
c:\programdata\coNtinuuetosave\5196aa3bbfd8f.dll
c:\programdata\coNtinuuetosave\5196aa3bbfd8f.tlb
c:\programdata\coNtinuuetosave\data\coNtinuuetosave.dat
c:\programdata\coNtinuuetosave\settings.ini
c:\programdata\InstallMate
c:\programdata\InstallMate\{3603B419-E222-4F87-AD6C-AA00EDE096EF}\_Setup.dll
c:\programdata\InstallMate\{3603B419-E222-4F87-AD6C-AA00EDE096EF}\20130517230628.log
c:\programdata\InstallMate\{3603B419-E222-4F87-AD6C-AA00EDE096EF}\Custom.dll
c:\programdata\InstallMate\{3603B419-E222-4F87-AD6C-AA00EDE096EF}\Readme.txt
c:\programdata\InstallMate\{3603B419-E222-4F87-AD6C-AA00EDE096EF}\Setup.dat
c:\programdata\InstallMate\{3603B419-E222-4F87-AD6C-AA00EDE096EF}\Setup.exe
c:\programdata\InstallMate\{3603B419-E222-4F87-AD6C-AA00EDE096EF}\Setup.ico
c:\programdata\InstallMate\{3603B419-E222-4F87-AD6C-AA00EDE096EF}\TsuDll.dll
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\5196aa8a01639.dll
c:\programdata\SearchNewTab\5196aa8a01639.tlb
c:\programdata\SearchNewTab\data\SearchNewTab.dat
c:\programdata\SearchNewTab\settings.ini
c:\programdata\StarApp
c:\users\Taylor\AppData\Local\bjcithhw.log
c:\users\Taylor\AppData\Local\jdyiegcf.log
c:\users\Taylor\AppData\Local\kaoxcnfv.log
c:\users\Taylor\AppData\Local\nvmpncla.log
c:\users\Taylor\AppData\Local\ucsvfygv.log
c:\users\Taylor\AppData\Local\wujsrxky.log
c:\users\taylor\appdata\local\yanpfhtu
c:\users\Taylor\AppData\Local\yanpfhtu\hgfcpkdl.exe
c:\users\taylor\appdata\roaming\Advanced System Protector
.
.
((((((((((((((((((((((((( Files Created from 2013-04-20 to 2013-05-20 )))))))))))))))))))))))))))))))
.
.
2013-05-20 12:26 . 2013-05-20 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-18 12:24 . 2013-05-18 12:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-18 12:24 . 2013-05-18 12:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-17 22:08 . 2013-05-17 22:26 -------- d-----w- c:\users\Taylor\AppData\Roaming\Systweak
2013-05-17 21:43 . 2013-05-17 23:38 -------- d-----w- c:\users\Taylor\AppData\Roaming\Philipp Winterberg
2013-05-17 15:54 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-05-17 15:54 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-05-17 15:54 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-05-17 15:54 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-05-17 15:54 . 2009-07-13 23:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2013-05-17 15:36 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-05-17 15:36 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-05-16 04:06 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2013-05-16 04:05 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-16 04:05 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2013-05-16 04:05 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-05-16 04:05 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-05-16 04:05 . 2013-04-15 14:20 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 04:05 . 2013-04-13 10:56 37376 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 04:00 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-05-16 03:59 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2013-05-16 03:59 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-16 03:59 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-16 03:56 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-16 03:53 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-05-15 01:13 . 2013-05-15 01:13 -------- d-----w- C:\McAfee
2013-05-14 10:35 . 2013-05-20 13:28 -------- d-----w- c:\users\Taylor\AppData\Local\temp
2013-05-13 06:49 . 2013-05-13 06:49 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 00:49 . 2013-05-17 17:55 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D60CE001-22FA-4BAC-9F32-220070037838}\mpengine.dll
2013-05-11 20:39 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-05 19:12 . 2013-05-17 16:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-02 01:06 . 2010-12-31 17:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-09 01:36 . 2013-05-16 03:56 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-07 22:17 . 2012-07-27 21:25 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-07 22:17 . 2010-12-05 21:14 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-04 22:02 . 2013-05-17 15:59 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:57 . 2013-05-17 15:59 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-03-11 13:25 . 2013-05-16 04:05 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25 . 2013-05-16 04:05 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 01:28 . 2013-05-16 04:05 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53 . 2013-05-16 03:54 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52 . 2013-05-16 03:55 2067968 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-18 22:39 1929392 ----a-w- c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-11 88608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-08-20 937920]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-10-09 2086912]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hgfcpkdl.exe [2013-5-20 105472]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-13 535336]
SETAUDIO.EXE [2008-4-4 20480]
SETRES.EXE [2008-4-4 20480]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-10-18 685496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 17:28 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-24 15:18]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cce135f149112b.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 00:07]
.
2013-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 00:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://search.easylifeapp.com/?pid=658&src=ie1&r=2013/05/17&hid=3048634495&lg=EN&cc=GB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: alliance-leicester.co.uk\www.applications
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-HgfCpkdl - c:\users\Taylor\AppData\Local\yanpfhtu\hgfcpkdl.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{32487981-5926-2134-3D9E-0B288618CB2A} - c:\progra~2\INSTAL~2\{3603B~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-20 14:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5744)
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\acer\ALaunch\ALaunchSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxbkcoms.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Thrustmaster\T500 RS Racing wheel\drivers\x86\tmInstall.EXE
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
c:\program files\Wajam\Updater\WajamUpdater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Search Results Toolbar\Datamngr\datamngrUI.exe
c:\program files\Lexmark X1100 Series\lxbkbmon.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\users\Taylor\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-05-20 14:36:49 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-20 13:36
ComboFix2.txt 2013-05-14 15:40
ComboFix3.txt 2013-05-14 10:35
.
Pre-Run: 16,491,065,344 bytes free
Post-Run: 16,534,949,888 bytes free
.
- - End Of File - - D037DA75787ADF20E57C66BCC666B25E
Upload was successful
DrakeRx is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems
I believe I have some corruption and/or malware on this system. Its an overall pain in the butt. Here is DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.5.1 Run by Josh at 9:20:56 on 2012-12-01
Jtsou Inactive Malware Help Topics 48 12-21-2012 06:55 AM
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM
Same Virus Twice... PC slower with Error Messages - AntiVirus or Virus caused this?
I have Vista 32 bit, and my PC was working fine until I downloaded the same virus twice. I was unsure what had caused it the first time as I was downloading numerous things, but I only realised what it was after trying to re-download one of the programmes a second time after the first virus....
StoneWall_ Inactive Malware Help Topics 2 09-02-2011 06:07 PM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 04:36 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts