Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Can't get rid of Backdoor.Rbot.aveq

This is a discussion on Can't get rid of Backdoor.Rbot.aveq within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I have a Backdoor.Rbot.aveq though sometimes it's Backdoor.Rbot.awi Vba32 keeps picking it up and deleting it, but I feel it's


 
 
Thread Tools Search this Thread
Old 02-07-2013, 08:56 PM   #1
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



I have a Backdoor.Rbot.aveq though sometimes it's Backdoor.Rbot.awi
Vba32 keeps picking it up and deleting it, but I feel it's linked to the temp folder or something because everytime I try to install anything Vba32 tells me
"C:\Users\admin\AppData\Local\Temp\CR_04BFF.tmp\setup.exe" contains virus Backdoor.Rbot.aveq.
Vba32 deletes it, but every single time i try to install something I get it.
It has been stalling my Vba32 start up as well, so much so I have to keep restarting it.

Please Help!!
I think I got it from an email that was downloaded into my IMAP folder on my computer.
I use this computer for everything!!

I'm on Vista64

thank you
climoo is offline  
Sponsored Links
Advertisement
 
Old 02-08-2013, 04:32 PM   #2
TSF-Emeritus
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well
__________________


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
CatByte is offline  
Old 02-08-2013, 06:43 PM   #3
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



Hi CatByte...again
Thank you for helping out.
As requested - DDS

My DDS text:
++++++++++++++++++++++++++
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_30
Run by admin at 13:35:55 on 2013-02-09
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.6134.3143 [GMT 11:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIGKP.EXE
C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot\SDWinSec.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Vba32\vba32ldrgui.exe
C:\Program Files (x86)\Vba32\Vba32Ldr.exe
C:\Program Files (x86)\Vba32\VbaScheduler.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\calc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\myob galore\myobPlus195\Myob.exe
C:\Windows\System32\calc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [WorkForce 60(Network)] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIGKP.EXE /FU "C:\Windows\TEMP\E_SC12.tmp" /EF "HKCU"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe -update activex
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Vba32Loader] "C:\Program Files (x86)\Vba32\Vba32Ldr.exe"
mRun: [Vba32LoaderGUI] "C:\Program Files (x86)\Vba32\vba32ldrgui.exe"
StartupFolder: C:\Users\admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot\SDHelper.dll
LSP: %SYSTEMROOT%\System32\dllhook.dll
LSP: C:\Windows\System32\wpclsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{64883A9B-5BD1-47AF-8EA1-E7F5D3C42A42} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: GoToAssist - <no file>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
Hosts: 127.0.0.1 Spyware Info | Spyware Info | spyware software | spyware program | protection spyware
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pxxhc0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/webhp?hl=all
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\admin\AppData\Local\ABR\Plug-In\bin\npAUSkeyPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: !HIDDEN! 2009-06-26 08:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-27 55024]
R1 Vba32mNT;Vba32mNT;C:\Program Files (x86)\Vba32\Vba32m64.sys [2009-2-4 62016]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/05/27 20:58:59];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-5-27 146928]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot\SDWinSec.exe [2009-9-9 1153368]
R2 Vba32Ldr;Vba32 Loader Service;C:\Program Files (x86)\Vba32\vba32ldr.exe [2009-7-6 701816]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2009-5-28 230424]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-5-28 1445912]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2009-5-28 95256]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2009-5-28 1614872]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-13 93184]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-5-27 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-5-27 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2009-5-28 230424]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-5-28 1445912]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2009-5-28 95256]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-4-19 22528]
S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-5 28152]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-5-14 1120752]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 Vba32ECM;Vba32ECM;C:\Program Files (x86)\Vba32\vba32ldr.exe [2009-7-6 701816]
S3 Vba32ifs;Vba32ifs;C:\Program Files (x86)\Vba32\vba32ldr.exe [2009-7-6 701816]
S3 Vba32PP3;Vba32PP3;C:\Program Files (x86)\Vba32\vba32ldr.exe [2009-7-6 701816]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-01-16 14:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-07 05:16:07 26888 ----a-w- C:\Windows\SysWow64\drivers\Vba32Prot.sys
2013-01-07 05:16:07 18496 ----a-w- C:\Windows\SysWow64\drivers\Vba32d64.sys
2013-01-07 05:03:25 148864 ----a-w- C:\Windows\SysWow64\dllhook.dll
2012-12-16 06:31:32 67599240 ----a-w- C:\Windows\System32\mrt.exe
2009-09-21 22:12:29 359932 ----a-w- C:\Program Files (x86)\dds.scr
.
============= FINISH: 13:36:59.80 ===============
++++++++++++++++++++++++++

My Attach.txt
+++++++++++++++++++++
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 28/05/2009 6:14:37 AM
System Uptime: 9/02/2013 7:44:13 AM (6 hours ago)
.
Motherboard: DELL Inc. | | 0X501H
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 292.245 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 5.138 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1033: 8/12/2012 9:04:46 AM - Scheduled Checkpoint
RP1034: 10/12/2012 10:52:42 AM - Scheduled Checkpoint
RP1035: 11/12/2012 11:29:15 AM - Scheduled Checkpoint
RP1036: 12/12/2012 8:20:49 AM - Scheduled Checkpoint
RP1037: 13/12/2012 7:01:14 AM - Scheduled Checkpoint
RP1038: 15/12/2012 8:34:14 AM - Scheduled Checkpoint
RP1039: 17/12/2012 12:09:06 PM - Scheduled Checkpoint
RP1040: 18/12/2012 12:09:08 PM - Scheduled Checkpoint
RP1041: 19/12/2012 8:11:56 AM - Scheduled Checkpoint
RP1042: 20/12/2012 12:19:04 PM - Scheduled Checkpoint
RP1043: 21/12/2012 9:43:25 AM - Scheduled Checkpoint
RP1044: 22/12/2012 8:39:58 AM - Scheduled Checkpoint
RP1045: 3/01/2013 1:33:16 PM - Scheduled Checkpoint
RP1046: 4/01/2013 12:44:40 PM - Scheduled Checkpoint
RP1047: 5/01/2013 12:53:03 PM - Scheduled Checkpoint
RP1048: 7/01/2013 3:54:02 PM - Installed Vba32 for Windows Vista
RP1049: 8/01/2013 12:13:08 PM - Scheduled Checkpoint
RP1050: 9/01/2013 9:33:40 AM - Scheduled Checkpoint
RP1051: 11/01/2013 11:22:46 AM - Scheduled Checkpoint
RP1052: 14/01/2013 9:05:22 AM - Scheduled Checkpoint
RP1053: 15/01/2013 8:02:26 AM - Scheduled Checkpoint
RP1054: 16/01/2013 7:50:10 AM - Scheduled Checkpoint
RP1055: 17/01/2013 12:23:52 PM - Scheduled Checkpoint
RP1056: 18/01/2013 12:50:59 PM - Scheduled Checkpoint
RP1057: 19/01/2013 8:16:53 AM - Scheduled Checkpoint
RP1058: 22/01/2013 12:56:01 PM - Scheduled Checkpoint
RP1059: 23/01/2013 7:42:01 AM - Scheduled Checkpoint
RP1060: 24/01/2013 10:22:01 AM - Scheduled Checkpoint
RP1061: 25/01/2013 2:03:07 PM - Scheduled Checkpoint
RP1062: 26/01/2013 8:47:52 AM - Scheduled Checkpoint
RP1063: 28/01/2013 4:40:39 PM - Scheduled Checkpoint
RP1064: 29/01/2013 11:55:35 AM - Scheduled Checkpoint
RP1065: 31/01/2013 9:47:29 AM - Scheduled Checkpoint
RP1066: 1/02/2013 8:19:25 AM - Scheduled Checkpoint
RP1067: 2/02/2013 9:40:42 AM - Scheduled Checkpoint
RP1068: 3/02/2013 5:45:37 PM - Scheduled Checkpoint
RP1069: 4/02/2013 8:31:15 AM - Scheduled Checkpoint
RP1070: 5/02/2013 1:34:08 PM - Windows Update
RP1071: 5/02/2013 2:19:46 PM - Windows Update
RP1072: 6/02/2013 10:42:49 AM - Scheduled Checkpoint
RP1073: 7/02/2013 12:16:19 PM - Scheduled Checkpoint
RP1074: 8/02/2013 11:37:25 AM - Scheduled Checkpoint
RP1075: 9/02/2013 8:44:04 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 4.65
Acrobat.com
Add or Remove Adobe Creative Suite 3 Design Standard
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Standard
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.4)
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
ATI Catalyst Control Center
AUSkey software 1.3.18
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Bonjour
Brother HL-4050CDN
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
Choice Guard
Creative MediaSource 5
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
DirectXInstallService
Dolby Digital Live Pack
Doxie
Doxie 2.2.1
Dropbox
ECI Client v6.0
EMCGadgets64
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
EPSON WorkForce 60 Series Manual
EPSON WorkForce 60 Series Network Guide
EPSON WorkForce 60 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
ESET Online Scanner v3
ExtractMoJo
Eye-Fi Center 3.4
ffdshow [rev 2527] [2008-12-19]
FileZilla Client 3.5.0
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
iPod to PC Transfer
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Kerio MailServer 6.7 Administration
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 18.0.1 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.1 (x86 en-GB)
Mozilla Thunderbird 17.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFonts Order M3779040
MYOB Accounting Plus v18
MYOB Accounting Plus v18.5
MYOB AccountRight Plus v19.5
MYOB ODBC Direct v10 AUS
MYOB ODBC Direct v8 AUS
MYOB ODBC Direct v9 AUS
MyTomTom 3.1.0.530
NoteTab Light 6 (Remove only)
PDF Settings
PowerDVD DX
QuickTime
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skins
Skype™ 3.8
Sound Blaster X-Fi
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vba32 for Windows Vista
Visual Studio C++ 10.0 Runtime
VoiceOver Kit
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
9/02/2013 7:59:09 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 174 time(s).
9/02/2013 7:53:47 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 172 time(s).
9/02/2013 7:53:47 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 173 time(s).
9/02/2013 7:53:45 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 171 time(s).
9/02/2013 7:53:45 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 172 time(s).
9/02/2013 7:53:42 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 170 time(s).
9/02/2013 7:53:42 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 171 time(s).
9/02/2013 7:53:40 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 169 time(s).
9/02/2013 7:53:40 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 170 time(s).
9/02/2013 7:53:38 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 168 time(s).
9/02/2013 7:53:38 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 169 time(s).
9/02/2013 7:53:35 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 167 time(s).
9/02/2013 7:53:35 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 168 time(s).
9/02/2013 7:53:33 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 166 time(s).
9/02/2013 7:53:33 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 167 time(s).
9/02/2013 7:53:30 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 165 time(s).
9/02/2013 7:53:30 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 166 time(s).
9/02/2013 7:53:28 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 164 time(s).
9/02/2013 7:53:28 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 165 time(s).
9/02/2013 7:53:25 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 163 time(s).
9/02/2013 7:53:25 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 164 time(s).
9/02/2013 7:53:23 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 162 time(s).
9/02/2013 7:53:23 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 163 time(s).
9/02/2013 7:53:20 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 161 time(s).
9/02/2013 7:53:20 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 162 time(s).
9/02/2013 7:53:18 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 160 time(s).
9/02/2013 7:53:18 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 161 time(s).
9/02/2013 7:53:16 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 159 time(s).
9/02/2013 7:53:16 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 160 time(s).
9/02/2013 7:53:13 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 158 time(s).
9/02/2013 7:53:13 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 159 time(s).
9/02/2013 7:53:11 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 157 time(s).
9/02/2013 7:53:11 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 158 time(s).
9/02/2013 7:53:08 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 156 time(s).
9/02/2013 7:53:08 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 157 time(s).
9/02/2013 7:53:06 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 155 time(s).
9/02/2013 7:53:06 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 156 time(s).
9/02/2013 7:53:03 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 154 time(s).
9/02/2013 7:53:03 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 155 time(s).
9/02/2013 7:53:01 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 153 time(s).
9/02/2013 7:53:01 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 154 time(s).
9/02/2013 7:52:59 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 152 time(s).
9/02/2013 7:52:59 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 153 time(s).
9/02/2013 7:52:56 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 151 time(s).
9/02/2013 7:52:56 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 152 time(s).
9/02/2013 7:52:54 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 150 time(s).
9/02/2013 7:52:54 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 151 time(s).
9/02/2013 7:52:51 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 149 time(s).
9/02/2013 7:52:51 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 150 time(s).
9/02/2013 7:52:49 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 148 time(s).
9/02/2013 7:52:49 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 149 time(s).
9/02/2013 7:52:46 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 147 time(s).
9/02/2013 7:52:46 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 148 time(s).
9/02/2013 7:52:44 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 146 time(s).
9/02/2013 7:52:44 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 147 time(s).
9/02/2013 7:52:41 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 145 time(s).
9/02/2013 7:52:41 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 146 time(s).
9/02/2013 7:52:39 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 144 time(s).
9/02/2013 7:52:39 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 145 time(s).
9/02/2013 7:52:37 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 143 time(s).
9/02/2013 7:52:37 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 144 time(s).
9/02/2013 7:52:34 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 142 time(s).
9/02/2013 7:52:34 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 143 time(s).
9/02/2013 7:52:32 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 141 time(s).
9/02/2013 7:52:32 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 142 time(s).
9/02/2013 7:52:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 140 time(s).
9/02/2013 7:52:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 141 time(s).
9/02/2013 7:52:27 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 139 time(s).
9/02/2013 7:52:27 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 140 time(s).
9/02/2013 7:52:25 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 138 time(s).
9/02/2013 7:52:25 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 139 time(s).
9/02/2013 7:52:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 137 time(s).
9/02/2013 7:52:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 138 time(s).
9/02/2013 7:52:20 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 136 time(s).
9/02/2013 7:52:20 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 137 time(s).
9/02/2013 7:52:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 135 time(s).
9/02/2013 7:52:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 136 time(s).
9/02/2013 7:52:15 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 134 time(s).
9/02/2013 7:52:15 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 135 time(s).
9/02/2013 7:52:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 133 time(s).
9/02/2013 7:52:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 134 time(s).
9/02/2013 7:52:10 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 132 time(s).
9/02/2013 7:52:10 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 133 time(s).
9/02/2013 7:52:08 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 131 time(s).
9/02/2013 7:52:08 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 132 time(s).
9/02/2013 7:52:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 130 time(s).
9/02/2013 7:52:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 131 time(s).
9/02/2013 7:33:20 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 129 time(s).
9/02/2013 7:33:20 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 130 time(s).
9/02/2013 7:33:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 128 time(s).
9/02/2013 7:33:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 129 time(s).
9/02/2013 7:33:15 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 127 time(s).
9/02/2013 7:33:15 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 128 time(s).
9/02/2013 7:33:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 126 time(s).
9/02/2013 7:33:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 127 time(s).
9/02/2013 7:33:10 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 125 time(s).
9/02/2013 7:33:10 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 126 time(s).
9/02/2013 7:33:07 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 124 time(s).
9/02/2013 7:33:07 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 125 time(s).
9/02/2013 7:33:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 123 time(s).
9/02/2013 7:33:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 124 time(s).
9/02/2013 7:33:02 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 122 time(s).
9/02/2013 7:33:02 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 123 time(s).
9/02/2013 7:33:00 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 121 time(s).
9/02/2013 7:33:00 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 122 time(s).
9/02/2013 7:32:57 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 120 time(s).
9/02/2013 7:32:57 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 121 time(s).
9/02/2013 7:32:55 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 119 time(s).
9/02/2013 7:32:55 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 120 time(s).
9/02/2013 7:32:53 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 118 time(s).
9/02/2013 7:32:53 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 119 time(s).
9/02/2013 7:32:50 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 117 time(s).
9/02/2013 7:32:50 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 118 time(s).
9/02/2013 7:32:47 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 116 time(s).
9/02/2013 7:32:47 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 117 time(s).
9/02/2013 7:32:45 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 115 time(s).
9/02/2013 7:32:45 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 116 time(s).
9/02/2013 7:32:42 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 114 time(s).
9/02/2013 7:32:42 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 115 time(s).
9/02/2013 7:32:39 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 113 time(s).
9/02/2013 7:32:39 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 114 time(s).
9/02/2013 7:32:37 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 112 time(s).
9/02/2013 7:32:37 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 113 time(s).
9/02/2013 7:32:34 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 111 time(s).
9/02/2013 7:32:34 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 112 time(s).
9/02/2013 7:32:32 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 110 time(s).
9/02/2013 7:32:32 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 111 time(s).
9/02/2013 7:32:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 109 time(s).
9/02/2013 7:32:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 110 time(s).
9/02/2013 7:32:27 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 108 time(s).
9/02/2013 7:32:27 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 109 time(s).
9/02/2013 7:32:25 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 107 time(s).
9/02/2013 7:32:25 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 108 time(s).
9/02/2013 7:32:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 106 time(s).
9/02/2013 7:32:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 107 time(s).
9/02/2013 7:32:20 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 105 time(s).
9/02/2013 7:32:20 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 106 time(s).
9/02/2013 7:32:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 104 time(s).
9/02/2013 7:32:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 105 time(s).
9/02/2013 7:32:15 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 103 time(s).
9/02/2013 7:32:15 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 104 time(s).
9/02/2013 7:32:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 102 time(s).
9/02/2013 7:32:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 103 time(s).
9/02/2013 7:32:10 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 101 time(s).
9/02/2013 7:32:10 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 102 time(s).
9/02/2013 7:32:08 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 100 time(s).
9/02/2013 7:32:08 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 101 time(s).
9/02/2013 7:32:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 99 time(s).
9/02/2013 7:32:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 100 time(s).
9/02/2013 7:32:03 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 98 time(s).
9/02/2013 7:32:03 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 99 time(s).
9/02/2013 7:32:00 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 97 time(s).
9/02/2013 7:32:00 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 98 time(s).
9/02/2013 7:31:58 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 96 time(s).
9/02/2013 7:31:58 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 97 time(s).
9/02/2013 7:31:56 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 95 time(s).
9/02/2013 7:31:56 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 96 time(s).
9/02/2013 7:31:53 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 94 time(s).
9/02/2013 7:31:53 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 95 time(s).
9/02/2013 7:31:51 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 93 time(s).
9/02/2013 7:31:51 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 94 time(s).
9/02/2013 7:31:48 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 92 time(s).
9/02/2013 7:31:48 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 93 time(s).
9/02/2013 7:31:46 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 91 time(s).
9/02/2013 7:31:46 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 92 time(s).
9/02/2013 7:31:44 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 90 time(s).
9/02/2013 7:31:44 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 91 time(s).
9/02/2013 7:31:41 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 89 time(s).
9/02/2013 7:31:41 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 90 time(s).
9/02/2013 7:31:39 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 88 time(s).
9/02/2013 7:31:39 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 89 time(s).
9/02/2013 7:31:37 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 87 time(s).
9/02/2013 7:31:37 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 88 time(s).
9/02/2013 7:31:34 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 86 time(s).
9/02/2013 7:31:34 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 87 time(s).
9/02/2013 7:31:32 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 85 time(s).
9/02/2013 7:31:32 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 86 time(s).
9/02/2013 7:31:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 84 time(s).
9/02/2013 7:31:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 85 time(s).
9/02/2013 7:31:27 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 83 time(s).
9/02/2013 7:31:27 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 84 time(s).
9/02/2013 7:31:24 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 82 time(s).
9/02/2013 7:31:24 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 83 time(s).
9/02/2013 7:31:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 81 time(s).
9/02/2013 7:31:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 82 time(s).
9/02/2013 7:31:20 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 80 time(s).
9/02/2013 7:31:20 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 81 time(s).
9/02/2013 7:31:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 79 time(s).
9/02/2013 7:31:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 80 time(s).
9/02/2013 7:31:15 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 78 time(s).
9/02/2013 7:31:15 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 79 time(s).
9/02/2013 7:31:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 77 time(s).
9/02/2013 7:31:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 78 time(s).
9/02/2013 7:31:10 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 76 time(s).
9/02/2013 7:31:10 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 77 time(s).
9/02/2013 7:31:08 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 75 time(s).
9/02/2013 7:31:08 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 76 time(s).
9/02/2013 7:31:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 74 time(s).
9/02/2013 7:31:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 75 time(s).
9/02/2013 7:31:03 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 73 time(s).
9/02/2013 7:31:03 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 74 time(s).
9/02/2013 7:31:00 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 72 time(s).
9/02/2013 7:31:00 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 73 time(s).
9/02/2013 7:30:58 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 71 time(s).
9/02/2013 7:30:58 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 72 time(s).
9/02/2013 7:30:56 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 70 time(s).
9/02/2013 7:30:56 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 71 time(s).
9/02/2013 7:30:53 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 69 time(s).
9/02/2013 7:30:53 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 70 time(s).
9/02/2013 7:30:51 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 68 time(s).
9/02/2013 7:30:51 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 69 time(s).
9/02/2013 7:30:48 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 67 time(s).
9/02/2013 7:30:48 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 68 time(s).
9/02/2013 7:30:46 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 66 time(s).
9/02/2013 7:30:46 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 67 time(s).
9/02/2013 7:30:44 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 65 time(s).
9/02/2013 7:30:44 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 66 time(s).
9/02/2013 7:30:41 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 64 time(s).
9/02/2013 7:30:41 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 65 time(s).
9/02/2013 7:30:39 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 63 time(s).
9/02/2013 7:30:39 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 64 time(s).
9/02/2013 7:30:36 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 62 time(s).
9/02/2013 7:30:36 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 63 time(s).
9/02/2013 7:30:34 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 61 time(s).
9/02/2013 7:30:34 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 62 time(s).
9/02/2013 7:30:31 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 60 time(s).
9/02/2013 7:30:31 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 61 time(s).
9/02/2013 7:30:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 59 time(s).
9/02/2013 7:30:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 60 time(s).
9/02/2013 7:30:27 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 58 time(s).
9/02/2013 7:30:27 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 59 time(s).
9/02/2013 7:30:24 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 57 time(s).
9/02/2013 7:30:24 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 58 time(s).
9/02/2013 7:30:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 56 time(s).
9/02/2013 7:30:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 57 time(s).
9/02/2013 7:30:19 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 55 time(s).
9/02/2013 7:30:19 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 56 time(s).
9/02/2013 7:30:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 54 time(s).
9/02/2013 7:30:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 55 time(s).
9/02/2013 7:30:15 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 53 time(s).
9/02/2013 7:30:15 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 54 time(s).
9/02/2013 7:30:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 52 time(s).
9/02/2013 7:30:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 53 time(s).
9/02/2013 7:30:10 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 51 time(s).
9/02/2013 7:30:10 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 52 time(s).
9/02/2013 7:30:07 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 50 time(s).
9/02/2013 7:30:07 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 51 time(s).
9/02/2013 7:30:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 49 time(s).
9/02/2013 7:30:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 50 time(s).
9/02/2013 7:30:03 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 48 time(s).
9/02/2013 7:30:03 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 49 time(s).
9/02/2013 7:30:00 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 47 time(s).
9/02/2013 7:30:00 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 48 time(s).
9/02/2013 7:29:58 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 46 time(s).
9/02/2013 7:29:58 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 47 time(s).
9/02/2013 7:29:55 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 45 time(s).
9/02/2013 7:29:55 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 46 time(s).
9/02/2013 7:29:53 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 44 time(s).
9/02/2013 7:29:53 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 45 time(s).
9/02/2013 7:29:51 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 43 time(s).
9/02/2013 7:29:51 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 44 time(s).
9/02/2013 7:29:48 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 42 time(s).
9/02/2013 7:29:48 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 43 time(s).
9/02/2013 7:29:46 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 41 time(s).
9/02/2013 7:29:46 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 42 time(s).
9/02/2013 7:29:43 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 40 time(s).
9/02/2013 7:29:43 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 41 time(s).
9/02/2013 7:29:41 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 39 time(s).
9/02/2013 7:29:41 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 40 time(s).
9/02/2013 7:29:39 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 38 time(s).
9/02/2013 7:29:39 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 39 time(s).
9/02/2013 7:29:36 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 37 time(s).
9/02/2013 7:29:36 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 38 time(s).
9/02/2013 7:29:34 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 36 time(s).
9/02/2013 7:29:34 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 37 time(s).
9/02/2013 7:29:31 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 35 time(s).
9/02/2013 7:29:31 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 36 time(s).
9/02/2013 7:29:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 34 time(s).
9/02/2013 7:29:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 35 time(s).
9/02/2013 7:29:26 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 33 time(s).
9/02/2013 7:29:26 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 34 time(s).
9/02/2013 7:29:24 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 32 time(s).
9/02/2013 7:29:24 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 33 time(s).
9/02/2013 7:29:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 31 time(s).
9/02/2013 7:29:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 32 time(s).
9/02/2013 7:29:19 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 30 time(s).
9/02/2013 7:29:19 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 31 time(s).
9/02/2013 7:29:17 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 29 time(s).
9/02/2013 7:29:17 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 30 time(s).
9/02/2013 7:29:14 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 28 time(s).
9/02/2013 7:29:14 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 29 time(s).
9/02/2013 7:29:12 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 27 time(s).
9/02/2013 7:29:12 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 28 time(s).
9/02/2013 7:29:09 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 26 time(s).
9/02/2013 7:29:09 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 27 time(s).
9/02/2013 7:29:07 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 25 time(s).
9/02/2013 7:29:07 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 26 time(s).
9/02/2013 7:29:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 24 time(s).
9/02/2013 7:29:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 25 time(s).
8/02/2013 6:31:44 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0023AEE6DE95 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/02/2013 6:56:17 AM, Error: EventLog [6008] - The previous system shutdown at 6:54:08 AM on 7/02/2013 was unexpected.
7/02/2013 6:49:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/02/2013 6:38:04 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 23 time(s).
7/02/2013 6:38:04 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 24 time(s).
7/02/2013 6:38:01 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 22 time(s).
7/02/2013 6:38:01 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 23 time(s).
7/02/2013 6:37:58 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 21 time(s).
7/02/2013 6:37:58 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 22 time(s).
7/02/2013 6:37:55 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 20 time(s).
7/02/2013 6:37:55 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 21 time(s).
7/02/2013 6:37:53 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 19 time(s).
7/02/2013 6:37:53 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 20 time(s).
7/02/2013 6:37:50 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 18 time(s).
7/02/2013 6:37:50 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 19 time(s).
7/02/2013 6:37:47 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 17 time(s).
7/02/2013 6:37:47 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 18 time(s).
7/02/2013 6:37:45 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 16 time(s).
7/02/2013 6:37:45 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 17 time(s).
7/02/2013 6:37:42 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 15 time(s).
7/02/2013 6:37:42 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 16 time(s).
7/02/2013 6:37:40 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 14 time(s).
7/02/2013 6:37:40 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 15 time(s).
7/02/2013 6:37:37 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 13 time(s).
7/02/2013 6:37:37 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 14 time(s).
7/02/2013 6:37:35 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 12 time(s).
7/02/2013 6:37:35 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 13 time(s).
7/02/2013 6:37:32 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 11 time(s).
7/02/2013 6:37:32 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 12 time(s).
7/02/2013 6:37:29 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 10 time(s).
7/02/2013 6:37:29 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 11 time(s).
7/02/2013 6:37:27 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 9 time(s).
7/02/2013 6:37:27 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 10 time(s).
7/02/2013 6:37:24 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 8 time(s).
7/02/2013 6:37:24 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 9 time(s).
7/02/2013 6:37:22 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 7 time(s).
7/02/2013 6:37:22 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 8 time(s).
7/02/2013 6:37:18 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 6 time(s).
7/02/2013 6:37:18 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 7 time(s).
7/02/2013 6:37:13 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 5 time(s).
7/02/2013 6:37:13 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 6 time(s).
7/02/2013 6:37:05 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 4 time(s).
7/02/2013 6:37:05 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 5 time(s).
7/02/2013 6:37:02 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 3 time(s).
7/02/2013 6:37:02 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 4 time(s).
7/02/2013 6:36:58 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 2 time(s).
7/02/2013 6:36:58 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 3 time(s).
7/02/2013 6:36:55 AM, Error: Service Control Manager [7034] - The Vba32ifs service terminated unexpectedly. It has done this 1 time(s).
7/02/2013 6:36:55 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 2 time(s).
7/02/2013 6:36:51 AM, Error: Service Control Manager [7034] - The Vba32 Loader Service service terminated unexpectedly. It has done this 1 time(s).
2/02/2013 7:26:07 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================
+++++++++++++++++++++
climoo is offline  
Sponsored Links
Advertisement
 
Old 02-08-2013, 08:18 PM   #4
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



Hi CatByte
Here's the aswMBR log and the MBR zipped.

Thanks heaps!
Attached Files
File Type: txt aswMBR.txt (1.9 KB, 45 views)
File Type: zip MBR.zip (565 Bytes, 38 views)
climoo is offline  
Old 02-09-2013, 07:05 AM   #5
TSF-Emeritus
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Please run the following

Refer to the ComboFix User's Guide
  1. Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
CatByte is offline  
Old 02-10-2013, 12:18 PM   #6
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



Hi CatByte
Here's the log below.
Thanks


ComboFix 13-02-07.02 - admin 11/02/2013 6:51.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.6134.4646 [GMT 11:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-10 to 2013-02-10 )))))))))))))))))))))))))))))))
.
.
2013-02-05 21:03 . 2013-02-05 21:03 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-02-05 21:03 . 2013-02-05 21:03 2850200 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2013-02-05 21:03 . 2013-02-05 21:03 193168 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-02-05 21:03 . 2013-02-05 21:03 142744 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2013-02-05 21:03 . 2013-02-05 21:03 115608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-02-05 21:03 . 2013-02-05 21:03 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-02-05 21:03 . 2013-02-05 21:03 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-02-05 21:03 . 2013-02-05 21:03 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-02-05 21:03 . 2013-02-05 21:03 157712 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-02-05 03:27 . 2013-02-05 03:27 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-28 03:57 . 2013-01-28 04:05 -------- d-----w- c:\users\admin\AppData\Roaming\Audacity
2013-01-13 21:00 . 2013-01-13 21:03 -------- d-----w- c:\users\admin\.csi
2013-01-13 20:59 . 2013-01-13 21:08 -------- d-----w- c:\program files (x86)\ECIClientV6
2013-01-13 20:58 . 2004-07-15 13:18 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2013-01-13 20:58 . 2005-03-22 06:50 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2013-01-13 20:58 . 2004-07-15 13:20 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2013-01-13 20:58 . 2004-07-15 13:19 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2013-01-13 20:58 . 2004-07-15 13:18 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2013-01-13 20:58 . 2013-01-13 20:58 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2013-01-13 20:58 . 2013-01-13 20:58 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-18 01:15 . 2013-02-08 21:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53001372-E9D2-48E6-BA5E-732CA4347A2A}\mpengine.dll
2013-01-16 14:28 . 2012-03-08 22:12 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 05:16 . 2009-05-04 08:58 26888 ----a-w- c:\windows\SysWow64\drivers\Vba32Prot.sys
2013-01-07 05:16 . 2009-02-04 06:29 18496 ----a-w- c:\windows\SysWow64\drivers\Vba32d64.sys
2013-01-07 05:03 . 2008-02-15 00:38 148864 ----a-w- c:\windows\SysWow64\dllhook.dll
2012-12-16 06:31 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2009-09-21 22:12 . 2009-09-21 21:44 359932 ----a-w- c:\program files (x86)\dds.scr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2006-11-02 . 21322B1A2AD337C579F4A65EA0D25193 . 14848 . . [6.0.6000.16386] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
.
c:\windows\system32\cngaudit.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-02-23 24064]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2008-12-16 206064]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-30 41944]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"Vba32Loader"="c:\program files (x86)\Vba32\Vba32Ldr.exe" [2013-01-07 701816]
"Vba32LoaderGUI"="c:\program files (x86)\Vba32\vba32ldrgui.exe" [2013-01-21 797024]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-21 28539272]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-10 c:\windows\Tasks\User_Feed_Synchronization-{33AD62FD-9BAB-41D5-B100-E95FDB74B4CB}.job
- c:\windows\system32\msfeedssync.exe [2011-10-23 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pxxhc0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/webhp?hl=all
FF - ExtSQL: !HIDDEN! 2009-06-26 08:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Notify-GoToAssist - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1308002412-4143999472-566264268-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*»*4*l%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Spybot\SDWinSec.exe
c:\program files (x86)\Dell Support Center\gs_agent\dsc.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2013-02-11 07:11:52 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-10 20:11
.
Pre-Run: 316,012,621,824 bytes free
Post-Run: 338,383,073,280 bytes free
.
- - End Of File - - 6EC70967CC81932016D39ECCC34037CF
climoo is offline  
Old 02-10-2013, 12:22 PM   #7
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



After running ComboFix, I tried installing Chrome (something I've not been able to do because everytime I do Vba32 picks up Backdoor.Rbot.aveq and deletes it) again and I still have Backdoor.Rbot.aveq bec the same thing happened again. eeek!
climoo is offline  
Old 02-10-2013, 01:21 PM   #8
TSF-Emeritus
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



in what path are those detections located?
Don't try any other installations until we are done cleaning the machine

Please run the following:
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
  • Next click on the ShortcutsFix
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.
__________________


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
CatByte is offline  
Old 02-11-2013, 02:15 PM   #9
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



Here are ALL the RK files -

RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Scan -- Date : 02/12/2013 08:37:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103UJ +++++
--- User ---
[MBR] 3674a6efcf30886d501f85630f33c4fa
[BSP] 0bbd13b5d76695bb505e813c44c7894b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 938445 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02122013_02d0837.txt >>
RKreport[1]_S_02122013_02d0837.txt



RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Remove -- Date : 02/12/2013 08:38:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103UJ +++++
--- User ---
[MBR] 3674a6efcf30886d501f85630f33c4fa
[BSP] 0bbd13b5d76695bb505e813c44c7894b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 938445 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02122013_02d0838.txt >>
RKreport[1]_S_02122013_02d0837.txt ; RKreport[2]_D_02122013_02d0838.txt



RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/12/2013 08:44:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 23 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 199 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 1 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 398 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 132 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume7 -- 0x2 --> Restored

Finished : << RKreport[3]_SC_02122013_02d0844.txt >>
RKreport[1]_S_02122013_02d0837.txt ; RKreport[2]_D_02122013_02d0838.txt ; RKreport[3]_SC_02122013_02d0844.txt



RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Remove -- Date : 02/12/2013 08:45:56
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103UJ +++++
--- User ---
[MBR] 3674a6efcf30886d501f85630f33c4fa
[BSP] 0bbd13b5d76695bb505e813c44c7894b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 938445 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_02122013_02d0845.txt >>
RKreport[1]_S_02122013_02d0837.txt ; RKreport[2]_D_02122013_02d0838.txt ; RKreport[3]_SC_02122013_02d0844.txt ; RKreport[4]_D_02122013_02d0845.txt



RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/12/2013 08:46:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume7 -- 0x2 --> Restored

Finished : << RKreport[5]_SC_02122013_02d0846.txt >>
RKreport[1]_S_02122013_02d0837.txt ; RKreport[2]_D_02122013_02d0838.txt ; RKreport[3]_SC_02122013_02d0844.txt ; RKreport[4]_D_02122013_02d0845.txt ; RKreport[5]_SC_02122013_02d0846.txt



RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Scan -- Date : 02/12/2013 0940
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103UJ +++++
--- User ---
[MBR] 3674a6efcf30886d501f85630f33c4fa
[BSP] 0bbd13b5d76695bb505e813c44c7894b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 938445 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6]_S_02122013_02d0906.txt >>
RKreport[1]_S_02122013_02d0837.txt ; RKreport[2]_D_02122013_02d0838.txt ; RKreport[3]_SC_02122013_02d0844.txt ; RKreport[4]_D_02122013_02d0845.txt ; RKreport[5]_SC_02122013_02d0846.txt ;
RKreport[6]_S_02122013_02d0906.txt


Thanks!
climoo is offline  
Old 02-11-2013, 02:42 PM   #10
TSF-Emeritus
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
__________________


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
CatByte is offline  
Old 02-12-2013, 01:11 PM   #11
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



OM freaking god!
I ran junkware removal and it got rid of stuff
I ran the adwarte and pressed delete. I went to the toilet and y computer had this white screen for like half an hour. I did an alt-star-delete and found internet explorer on 3 different lines going to these websites! I went to proceeses and ended all 8 iexporer processes and each time new ones would pop up. So I pulled the telephone line from the modem and cancelled internet connection.
Then tried to end the IE application and more windows came up with navigation error. And so I alt-cntrl-del and logged out, restart and now I can get a log sxcreen but the minute I log in I get a white screen and I'm writing this from my phone.
I can't even restart in safe mode.
HELP!! This is even worse!! Please I don't even know what I did wrong? I followed every thing exactly as I should!!
climoo is offline  
Old 02-12-2013, 01:13 PM   #12
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



I can't even get the task manager screen, I just get a blank white screen with an arrow and an hour glass!
climoo is offline  
Old 02-12-2013, 01:22 PM   #13
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



This white screen is blocking everything, my computer is behind it, but I cannot access it from the whitescreen. I can't right click, it's literally a block to stop me from seeing internet explorer come up and go to a whole bunch of websites!! To think it was doing it for half an hour and I thought it was thinking and rebooting!!
climoo is offline  
Old 02-12-2013, 02:40 PM   #14
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



I'm back!!! from the WhiteSCreen of DEATH!! ****! that was scary. I just connected my tel cable to the modem.

What I did was repeatedly type in password on the login screen, press enter and continuously press esc key, then of course I'd get a nano second glimpse of my desktop and then boom the whitescreen. Then I'd press alt-cntrl-del, log off and keep pressing esc key while logging off. In between that i had literally a split second glance at my desktop again, in one of those instances I double clicked on RogueKiller and after doing this about 3 to 4 times, I must have launched it. So when I tried to logoff the computer said - wait! this is still running, logging off would terminate it, do you want to continue to log off? Bingo! I said no and i've run Rogue Killer like 5 times!!!

I was so scared of adware, but I ran it and scanned and it said it didn't have anything. the log is below, I didn't dare press delete again!! So I didn't!!

I must say, the first thing I did this morning was to open RogueKiller and it said you have an old version of the programme, please update. But I said no. But then when I opened RogueKiller during my whitescreen ordeal, it never told me I have an outdated version.

I am now going to press delete in the adwcleaner...wish me good luck.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

This is the registry thingamee that was causing the whitescreen and taskmanager not to work.
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

While I was whiteScreened, these are the websites it was visiting:
Using Internet Explorer -
1) 46.165.221.199
- https://46.165.221.199/report?n=4&r=B...AAAD4AAAA0VgAA
- https://46.165.221.199/report?n=7&r=B...AAAC4AAAA0VgAA
2) edpn.ebay.com
- https://edpn.ebay.com/engagement?INIT...eq-686144.html
3) www2.greatengineranking(www2.greatengineraking.com)
- https://www2.greatengineranking.com/302
- https://www2.greatengineranking.com/find?kws=cnn+news

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# AdwCleaner v2.112 - Logfile created 02/13/2013 at 09:34:59
# Updated 10/02/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# User : admin - LORIEN
# Boot Mode : Normal
# Running from : C:\Users\admin\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-GB)

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pxxhc0u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1017 octets] - [13/02/2013 09:23:24]
AdwCleaner[R2].txt - [890 octets] - [13/02/2013 09:34:59]
AdwCleaner[S1].txt - [1488 octets] - [13/02/2013 07:09:37]
AdwCleaner[S2].txt - [326 octets] - [13/02/2013 09:23:54]

########## EOF - C:\AdwCleaner[R2].txt - [1068 octets] ##########


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Scan -- Date : 02/13/2013 08:42:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 18 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Coqiubytev (C:\Users\admin\AppData\Roaming\Gubuka\ryyrt.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : butodx ( "C:\Users\admin\AppData\Roaming\butodx.dll",get_filter_type) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : rchui (rundll32.exe "C:\Users\admin\AppData\Roaming\rchui.dll",CreateTempFileStream) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : icdmsy ( "C:\Users\admin\AppData\Roaming\icdmsy.dll",Parse) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : rchui (rundll32.exe "C:\Users\admin\AppData\Roaming\rchui.dll",CreateTempFileStream) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : icdmsy (rundll32.exe "C:\Users\admin\AppData\Roaming\icdmsy.dll",Parse) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : butodx (rundll32.exe "C:\Users\admin\AppData\Roaming\butodx.dll",get_filter_type) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1308002412-4143999472-566264268-1000[...]\Run : Coqiubytev (C:\Users\admin\AppData\Roaming\Gubuka\ryyrt.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1308002412-4143999472-566264268-1000[...]\Run : butodx ( "C:\Users\admin\AppData\Roaming\butodx.dll",get_filter_type) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1308002412-4143999472-566264268-1000[...]\Run : rchui (rundll32.exe "C:\Users\admin\AppData\Roaming\rchui.dll",CreateTempFileStream) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1308002412-4143999472-566264268-1000[...]\Run : icdmsy ( "C:\Users\admin\AppData\Roaming\icdmsy.dll",Parse) -> FOUND
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\admin\AppData\Roaming\skype.dat) -> FOUND
[SHELL][Rans.Gendarm] HKUS\S-1-5-21-1308002412-4143999472-566264268-1000[...]\Winlogon : shell (explorer.exe,C:\Users\admin\AppData\Roaming\skype.dat) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$RECYCLE.BIN\S-1-5-21-1308002412-4143999472-566264268-1000\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\n) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$RECYCLE.BIN\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\n) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$RECYCLE.BIN\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\n) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\n --> FOUND
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-1308002412-4143999472-566264268-1000\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\n --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1308002412-4143999472-566264268-1000\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1308002412-4143999472-566264268-1000\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1308002412-4143999472-566264268-1000\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Remove -- Date : 02/13/2013 08:44:06
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Coqiubytev (C:\Users\admin\AppData\Roaming\Gubuka\ryyrt.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : butodx ( "C:\Users\admin\AppData\Roaming\butodx.dll",get_filter_type) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : rchui (rundll32.exe "C:\Users\admin\AppData\Roaming\rchui.dll",CreateTempFileStream) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : icdmsy ( "C:\Users\admin\AppData\Roaming\icdmsy.dll",Parse) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : rchui (rundll32.exe "C:\Users\admin\AppData\Roaming\rchui.dll",CreateTempFileStream) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : icdmsy (rundll32.exe "C:\Users\admin\AppData\Roaming\icdmsy.dll",Parse) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : butodx (rundll32.exe "C:\Users\admin\AppData\Roaming\butodx.dll",get_filter_type) -> DELETED
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\admin\AppData\Roaming\skype.dat) -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$RECYCLE.BIN\S-1-5-21-1308002412-4143999472-566264268-1000\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\n) -> REPLACED (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$RECYCLE.BIN\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\n) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\n --> REMOVED AT REBOOT
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-1308002412-4143999472-566264268-1000\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\n --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\@ --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1308002412-4143999472-566264268-1000\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\@ --> REMOVED
[Del.Parent][FILE] [email protected] : C:\$recycle.bin\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\U\[email protected] --> REMOVED
[Del.Parent][FILE] [email protected] : C:\$recycle.bin\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\U\[email protected] --> REMOVED
[Del.Parent][FILE] [email protected] : C:\$recycle.bin\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\U\[email protected] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1308002412-4143999472-566264268-1000\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1308002412-4143999472-566264268-1000\$4d0a21ff3e11dfc05ec6b8fcb70f9a90\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess|Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103UJ +++++
--- User ---
[MBR] 3674a6efcf30886d501f85630f33c4fa
[BSP] 0bbd13b5d76695bb505e813c44c7894b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 938445 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_02132013_02d0844.txt >>
RKreport[1]_S_02132013_02d0642.txt ; RKreport[2]_S_02132013_02d0842.txt ; RKreport[3]_D_02132013_02d0844.txt
climoo is offline  
Old 02-12-2013, 03:00 PM   #15
TSF-Emeritus
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



sorry I wasn't around for this issue but I have been at work all day and have only just been able to log on now.

Your machine was heavily infected with zero access, a very nasty rootkit infection, it does appear as though roguekiller has removed the infection so good job (looks like a new infection?)

please re-run Combofix

allow it to update if it asks to do so

post the fresh log
__________________


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
CatByte is offline  
Old 02-12-2013, 03:22 PM   #16
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



Nooo!! Don't be sorry!! I'm sorry, I nearly fainted!! :) I wanted to call you!! hahaha!
But I knew you were busy, we're in different timezones, I'm in Sydney Australia.
I'm running Combo fix now, I still haven't musted up the courage to run adwcleaner and press delete!! I have a phobia now!! And I ain't going to the loo for a while too!

How did I get infected with something else? eek! Seriously I don't download any cracked **** or anything! I'm a chicken remember? cluck! The only thing/way I can think of is my emails. I have millions of spam which gets downloaded into my imap folder on my computer.
ok, will post log back soon, am running Combifix now. thanks heaps!
climoo is offline  
Old 02-12-2013, 03:49 PM   #17
TSF-Emeritus
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



After ComboFix completes, run another scan with adwcleaner and see what it detects,

Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.


if there is anything that needs to go, we can script it out with ComboFix, but I suspect it was the infection causing the problem rather than adwcleaner, yours is the first report I know describing a white screen


It may very well be spam emails

make sure you don't have the preview pane set to active (turn it off) and don't open any links until you have confirmed who the email is from
__________________


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
CatByte is offline  
Old 02-12-2013, 04:03 PM   #18
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



- I hate the preview pane, so it's never on.
- I never click on a link unless I know it's koscher. And I've never had one I was wrong.
- If anything I have opened emails that just show a link, but I never click on the link. Is it possible from just opening the email to be considered an 'action' and therefore something can pass to your computer? I thought it was just the fact that the infected email with the infected file is downloaded onto my imap folder or temp folder.
- how would I prevent that? I've been having problems viewing my webmail via HORDE, I've always opened emails online first, view it in HORDE and then delete the spam. But lately everytime I login to HORDER, and click on the Inbox, I get "There's no messages in the INBOX" (regardless of whether I use firefox or IE). I've asked my email pple to reset stuff etc, but to no avail. So they suggested I use Chrome, so I download Chrome and I've never been able to install Chrome without Vba32 saying that it found the Backdoor.Rbot.aqwew and deleted it.
- I feel I've come full circle, sigh, that's how I know I have the Backdoor.Rbot **** to begin with.
- you poor thing having to listen to me blah on after a long day at work! sorry CatByte, thank you I really appreciate this.


ComboFix report:
ComboFix 13-02-12.01 - admin 13/02/2013 10:28:04.2.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.6134.4529 [GMT 11:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Roaming\Afecif
c:\users\admin\AppData\Roaming\Afecif\kycy.esd
c:\users\admin\AppData\Roaming\butodx.dll
c:\users\admin\AppData\Roaming\Gubuka
c:\users\admin\AppData\Roaming\Gubuka\ryyrt.exe
c:\users\admin\AppData\Roaming\icdmsy.dll
c:\users\admin\AppData\Roaming\Opmasy
c:\users\admin\AppData\Roaming\Opmasy\imev.exe
c:\users\admin\AppData\Roaming\rchui.dll
c:\users\admin\AppData\Roaming\Reihaq
c:\users\admin\AppData\Roaming\Reihaq\omaby.asz
c:\users\admin\AppData\Roaming\skype.dat
c:\users\admin\AppData\Roaming\skype.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-01-12 to 2013-02-12 )))))))))))))))))))))))))))))))
.
.
2013-02-12 23:35 . 2013-02-12 23:42 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-02-12 23:35 . 2013-02-12 23:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-02-12 23:35 . 2013-02-12 23:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-12 22:54 . 2013-02-12 22:54 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2013-02-12 22:53 . 2013-02-12 22:53 -------- d-----w- c:\programdata\Malwarebytes
2013-02-12 22:53 . 2013-02-12 22:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-12 22:53 . 2012-12-14 05:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-12 20:07 . 2013-02-12 20:39 -------- d-----w- c:\users\admin\AppData\Roaming\Xoliak
2013-02-12 20:07 . 2013-02-12 20:07 -------- d-----w- c:\users\admin\AppData\Roaming\Etava
2013-02-12 19:52 . 2013-02-12 19:52 -------- d-----w- c:\windows\ERUNT
2013-02-12 19:52 . 2013-02-12 21:50 -------- d-----w- C:\JRT
2013-02-08 21:45 . 2013-01-18 01:15 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53001372-E9D2-48E6-BA5E-732CA4347A2A}\mpengine.dll
2013-02-05 21:03 . 2013-02-05 21:03 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-02-05 21:03 . 2013-02-05 21:03 2850200 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2013-02-05 21:03 . 2013-02-05 21:03 193168 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-02-05 21:03 . 2013-02-05 21:03 142744 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2013-02-05 21:03 . 2013-02-05 21:03 115608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-02-05 21:03 . 2013-02-05 21:03 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-02-05 21:03 . 2013-02-05 21:03 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-02-05 21:03 . 2013-02-05 21:03 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-02-05 21:03 . 2013-02-05 21:03 157712 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-02-05 03:27 . 2013-02-05 03:27 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-28 03:57 . 2013-01-28 04:05 -------- d-----w- c:\users\admin\AppData\Roaming\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 14:28 . 2012-03-08 22:12 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 05:16 . 2009-05-04 08:58 26888 ----a-w- c:\windows\SysWow64\drivers\Vba32Prot.sys
2013-01-07 05:16 . 2009-02-04 06:29 18496 ----a-w- c:\windows\SysWow64\drivers\Vba32d64.sys
2013-01-07 05:03 . 2008-02-15 00:38 148864 ----a-w- c:\windows\SysWow64\dllhook.dll
2012-12-16 06:31 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2009-09-21 22:12 . 2009-09-21 21:44 359932 ----a-w- c:\program files (x86)\dds.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-02-23 24064]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2008-12-16 206064]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-30 41944]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"Vba32Loader"="c:\program files (x86)\Vba32\Vba32Ldr.exe" [2013-01-07 701816]
"Vba32LoaderGUI"="c:\program files (x86)\Vba32\vba32ldrgui.exe" [2013-01-21 797024]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-21 28539272]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
[BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-12 c:\windows\Tasks\User_Feed_Synchronization-{33AD62FD-9BAB-41D5-B100-E95FDB74B4CB}.job
- c:\windows\system32\msfeedssync.exe [2011-10-23 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pxxhc0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/webhp?hl=all
FF - ExtSQL: 2013-02-13 08:40; {8206b46b-60af-4ae2-8278-8ecbf9180436}; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pxxhc0u.default\extensions\{8206b46b-60af-4ae2-8278-8ecbf9180436}.xpi
FF - ExtSQL: !HIDDEN! 2009-06-26 08:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1308002412-4143999472-566264268-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*»*4*l%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Spybot\SDWinSec.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2013-02-13 10:47:20 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-12 23:47
ComboFix2.txt 2013-02-10 20:11
.
Pre-Run: 337,653,121,024 bytes free
Post-Run: 337,546,358,784 bytes free
.
- - End Of File - - DD82FD8963D8644AF935E82F37D048B6


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

AdwCleaner Report:

# AdwCleaner v2.112 - Logfile created 02/13/2013 at 10:53:33
# Updated 10/02/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
# User : admin - LORIEN
# Boot Mode : Normal
# Running from : C:\Users\admin\Desktop\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-GB)

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pxxhc0u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1017 octets] - [13/02/2013 09:23:24]
AdwCleaner[R2].txt - [1137 octets] - [13/02/2013 09:34:59]
AdwCleaner[R3].txt - [950 octets] - [13/02/2013 10:53:33]
AdwCleaner[S1].txt - [1488 octets] - [13/02/2013 07:09:37]
AdwCleaner[S2].txt - [326 octets] - [13/02/2013 09:23:54]

########## EOF - C:\AdwCleaner[R3].txt - [1128 octets] ##########
climoo is offline  
Old 02-12-2013, 04:13 PM   #19
TSF-Emeritus
 
CatByte's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



adwCleaner is clean now.

Were you able to run MBAM and the ESET on line scan? If not, please try and complete that now.

I'm not certain about the email viewer HORDE, I've never tried to use it.

check your junk mail filters and set it a notch higher if you are able to so that most of the spam is filtered out before it ever gets to you

(who provides your email?)

there are just a couple of leftover folders to remove

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
Folder::
c:\users\admin\AppData\Roaming\Xoliak
c:\users\admin\AppData\Roaming\Etava

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
__________________


Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015
CatByte is offline  
Old 02-12-2013, 06:36 PM   #20
Registered Member
 
Join Date: Sep 2009
Posts: 38
OS: Vista



created the CFScript, launched the file with ComboFix and this is the log below.
- started to do the ESET, it found 4 problems. but it takes such a long time. Had to stop it to do the Combo Fix.
- my poor computer is a virus heaven!! why? I don't even do any thing!! no torrent, no pxxn, no cracks, no illegal software etc!! nothing.
- is vba32 good enough?


ComboFix 13-02-12.01 - admin 13/02/2013 13:07:50.2.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.6134.4708 [GMT 11:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
Command switches used :: c:\users\admin\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Roaming\Etava
c:\users\admin\AppData\Roaming\Etava\teka.wen
c:\users\admin\AppData\Roaming\Xoliak
.
.
((((((((((((((((((((((((( Files Created from 2013-01-13 to 2013-02-13 )))))))))))))))))))))))))))))))
.
.
2013-02-13 02:20 . 2013-02-13 02:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-02-13 02:20 . 2013-02-13 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-12 23:47 . 2013-02-13 02:24 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-02-12 22:54 . 2013-02-12 22:54 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2013-02-12 22:53 . 2013-02-12 22:53 -------- d-----w- c:\programdata\Malwarebytes
2013-02-12 22:53 . 2013-02-12 22:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-12 22:53 . 2012-12-14 05:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-12 19:52 . 2013-02-12 19:52 -------- d-----w- c:\windows\ERUNT
2013-02-12 19:52 . 2013-02-12 21:50 -------- d-----w- C:\JRT
2013-02-08 21:45 . 2013-01-18 01:15 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53001372-E9D2-48E6-BA5E-732CA4347A2A}\mpengine.dll
2013-02-05 21:03 . 2013-02-05 21:03 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-02-05 21:03 . 2013-02-05 21:03 2850200 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2013-02-05 21:03 . 2013-02-05 21:03 193168 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-02-05 21:03 . 2013-02-05 21:03 142744 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2013-02-05 21:03 . 2013-02-05 21:03 115608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-02-05 21:03 . 2013-02-05 21:03 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-02-05 21:03 . 2013-02-05 21:03 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-02-05 21:03 . 2013-02-05 21:03 96664 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-02-05 21:03 . 2013-02-05 21:03 157712 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-02-05 03:27 . 2013-02-05 03:27 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-28 03:57 . 2013-01-28 04:05 -------- d-----w- c:\users\admin\AppData\Roaming\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 14:28 . 2012-03-08 22:12 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-07 05:16 . 2009-05-04 08:58 26888 ----a-w- c:\windows\SysWow64\drivers\Vba32Prot.sys
2013-01-07 05:16 . 2009-02-04 06:29 18496 ----a-w- c:\windows\SysWow64\drivers\Vba32d64.sys
2013-01-07 05:03 . 2008-02-15 00:38 148864 ----a-w- c:\windows\SysWow64\dllhook.dll
2012-12-16 06:31 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2009-09-21 22:12 . 2009-09-21 21:44 359932 ----a-w- c:\program files (x86)\dds.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-05-05 221300]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-02-23 24064]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2008-12-16 206064]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-30 41944]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"Vba32Loader"="c:\program files (x86)\Vba32\Vba32Ldr.exe" [2013-01-07 701816]
"Vba32LoaderGUI"="c:\program files (x86)\Vba32\vba32ldrgui.exe" [2013-01-21 797024]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-21 28539272]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
[BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-12 c:\windows\Tasks\User_Feed_Synchronization-{33AD62FD-9BAB-41D5-B100-E95FDB74B4CB}.job
- c:\windows\system32\msfeedssync.exe [2011-10-23 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pxxhc0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/webhp?hl=all
FF - ExtSQL: 2013-02-13 08:40; {8206b46b-60af-4ae2-8278-8ecbf9180436}; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pxxhc0u.default\extensions\{8206b46b-60af-4ae2-8278-8ecbf9180436}.xpi
FF - ExtSQL: !HIDDEN! 2009-06-26 08:16; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1308002412-4143999472-566264268-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*»*4*l%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Spybot\SDWinSec.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Vba32\VbaScheduler.exe
.
**************************************************************************
.
Completion time: 2013-02-13 13:31:06 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-13 02:31
ComboFix2.txt 2013-02-12 23:47
ComboFix3.txt 2013-02-10 20:11
.
Pre-Run: 337,412,472,832 bytes free
Post-Run: 337,370,480,640 bytes free
.
- - End Of File - - 808F4B671AB87FCCD3E5A9601B652164
climoo is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
1, 7, and 45 notifications to get rid of
The 1, 7 and 45 respectively Settings Cydia and Mail The red solid circle with white numbers inside. Is there anyway I could get rid of these notifications in settings ? If so, what do I click to get rid of them ? Please see attachment. ...
zhong Apple iOS 0 11-11-2012 10:52 AM
RID pool exhausted!!!
Hi. One of Dcs' in my environment have exhausted its RID pool and was not fetching new RID pool from RID master. I did replication test and RIDmanager test, but all came positive but still no luck. Then I tried invalidating RID pool and found that rid pool has been invalidated. Now I am trying...
suryansha Windows Servers 4 11-23-2011 04:40 AM
Can't get rid of Windows partition in Bootcamp
I was running Windows via Bootcamp on my Macbook Pro, but deleted it a while ago. For the past few months, I've simply dealt with this, but I'm fed up. What happens is this: Whenever I start up my computer, it automatically goes the the black Windows screen that says, "No bootable device - -...
jimmyj Mac Support 1 07-21-2011 06:01 PM
What is Odyssey Client and how do I get rid of it?
I started up my laptop this morning after a friend of mine used it and my passwords and everything had been changed. I tried to log on and it kept popping up something called odyssey client. It wouldn't ever let me on. How do I get rid of this without being able to log on to my computer? I already...
GeorgiaGirl Windows XP Support 1 03-15-2011 12:03 AM
Windows Vista get rid of startup message in system tray
I am using Windows Vista. When go to Mscconfig and uncheck startup programs there. Whenever I start Windows Vista I will get this message. How do I get rid of get rid of startup message in system tray which says this- Windows has blocked some startup programs. Windows blocks...
zhong Windows 7 , Windows Vista Support 3 02-05-2011 06:48 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:06 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts