Author Topic: [Resolved K] Malwarebytes will not open, Avast firewall will not run, (Read 3653 times)

Kaz · « **on:** January 07, 2012, 06:30:43 PM »

My computer started behaving strangely, so I tried to run some scans. I downloaded Malwarebytes, but can't get it to run. (uninstalled/re-installed- still no go). The firewall in Avast is turned off, I can't turn it on. I ran a HiJack This scan, but did not get a log report.

Logs:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by ibn at 18:52:45 on 2012-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.1248 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\dldocoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\spool\DRIVERS\x64\3\dldoPSWX.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Users\ibn\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\RescueTime\RescueTime.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\DllHost.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\GfxUI.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\prevhost.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mybodytemple.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "C:\Users\ibn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [E87796DD39AC07AC85BA7A0BFF31764E3EE45801._service_run] "C:\Users\ibn\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [<NO NAME>]
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\ibn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RESCUE~1.LNK - C:\Program Files (x86)\RescueTime\RescueTime.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A5E0B821-9BF4-448C-B2EC-926DFF7B5415} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A5E0B821-9BF4-448C-B2EC-926DFF7B5415}\25F636B6 : DhcpNameServer = 216.144.187.37 207.44.96.129 204.186.0.201
TCP: Interfaces\{A5E0B821-9BF4-448C-B2EC-926DFF7B5415}\45865634F66666565634166756 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A5E0B821-9BF4-448C-B2EC-926DFF7B5415}\7523153463 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A5E0B821-9BF4-448C-B2EC-926DFF7B5415}\7586F6C65664F6F64637D41627B65647 : DhcpNameServer = 172.16.1.1
TCP: Interfaces\{A5E0B821-9BF4-448C-B2EC-926DFF7B5415}\8443844363 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A5E0B821-9BF4-448C-B2EC-926DFF7B5415}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D38DF08A-102D-4C75-A917-69ADE7A0BF71} : DhcpNameServer = 192.168.42.129
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [(Default)]
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce-x64: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ibn\AppData\Roaming\Mozilla\Firefox\Profiles\tygwzhuz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\ibn\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\ibn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\ibn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/03/12 15:00:35];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-3-12 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2010-2-18 89600]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-29 44768]
R2 dldo_device;dldo_device;C:\Windows\system32\dldocoms.exe -service --> C:\Windows\system32\dldocoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-15 648432]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 ACT! Scheduler;ACT! Scheduler;C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2009-2-24 81920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-3-7 30192]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 htcusbnet;HTC USB-NDIS miniport;C:\Windows\system32\DRIVERS\htcusbnet.sys --> C:\Windows\system32\DRIVERS\htcusbnet.sys [?]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam C260(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPEServ;WPEServ;C:\Program Files (x86)\Common Files\WPE\wpeserv.exe [2009-12-7 65536]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-07 20:21:05   388096   ----a-r-   C:\Users\ibn\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-07 20:21:05   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-01-07 19:59:39   --------   d-----w-   C:\Program Files\CCleaner
2012-01-07 19:46:21   --------   d-----w-   C:\Program Files (x86)\RegZooka
2012-01-07 15:36:45   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6238233-046C-4F96-81AB-00B23E385BF5}\offreg.dll
2012-01-07 00:55:18   8822856   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6238233-046C-4F96-81AB-00B23E385BF5}\mpengine.dll
2012-01-06 21:35:18   --------   d-----w-   C:\Users\ibn\AppData\Local\{5F6EB707-C503-4A3E-BF55-BD387923A4F7}
2012-01-06 21:34:55   --------   d-----w-   C:\Users\ibn\AppData\Local\{DD03A093-EDD7-4937-A07A-2688AB12310C}
2012-01-03 18:35:27   --------   d-sh--w-   C:\found.000
2012-01-03 00:07:06   --------   d-----w-   C:\Users\ibn\AppData\Local\{9D821172-C71E-49BA-A2FD-5BFD9A284B1B}
2012-01-03 00:06:52   --------   d-----w-   C:\Users\ibn\AppData\Local\{FA72F57E-81D7-4E6A-9BEF-D8A725671027}
2012-01-02 04:36:29   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-01-01 23:08:40   --------   d-----w-   C:\Users\ibn\AppData\Local\{DFDC342C-195C-40CD-9B9A-FD69287F3834}
2012-01-01 23:08:28   --------   d-----w-   C:\Users\ibn\AppData\Local\{E0A160B0-8A47-4CBC-958C-6502F65A2529}
2011-12-31 22:19:39   --------   d-----w-   C:\Users\ibn\AppData\Local\{13D4F592-9E13-4C06-A5FE-AC2BD8E6FC07}
2011-12-27 07:00:15   --------   d-----w-   C:\Users\ibn\AppData\Local\{984DD335-17BE-49B1-B49A-B9FE13EB36F3}
2011-12-27 06:59:40   --------   d-----w-   C:\Users\ibn\AppData\Local\{6F283425-9F3C-4E3D-8F23-1FCE01DA65CE}
2011-12-23 20:33:39   --------   d-----w-   C:\Program Files\iPod
2011-12-23 20:33:38   --------   d-----w-   C:\Program Files\iTunes
2011-12-20 01:16:28   --------   d-----w-   C:\Users\ibn\AppData\Local\{F5ACA295-D874-4A03-BD51-C0CF98B89F93}
2011-12-20 01:15:54   --------   d-----w-   C:\Users\ibn\AppData\Local\{4B5F5CE0-FC7A-4D29-94EE-2378F547F41C}
2011-12-15 15:16:58   678912   ----a-w-   C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2011-12-15 15:16:56   887296   ----a-w-   C:\Program Files\Internet Explorer\iedvtool.dll
2011-12-14 21:40:28   43520   ----a-w-   C:\Windows\System32\csrsrv.dll
2011-12-14 21:40:24   3145216   ----a-w-   C:\Windows\System32\win32k.sys
2011-12-14 21:40:23   723456   ----a-w-   C:\Windows\System32\EncDec.dll
2011-12-14 21:40:22   534528   ----a-w-   C:\Windows\SysWow64\EncDec.dll
2011-12-14 21:35:36   2048   ----a-w-   C:\Windows\System32\tzres.dll
2011-12-14 21:35:35   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-12-13 15:10:49   --------   d-----w-   C:\Users\ibn\AppData\Local\{AD53B6FC-0D04-40D9-93EB-B4209A4C454C}
2011-12-13 15:10:12   --------   d-----w-   C:\Users\ibn\AppData\Local\{00B0ADDC-F969-4BC3-927F-751EA4DBEF88}
2011-12-09 23:14:00   --------   d-----w-   C:\Users\ibn\AppData\Local\{81377E98-CA02-4133-B9D1-FED2F3B03987}
2011-12-09 23:13:26   --------   d-----w-   C:\Users\ibn\AppData\Local\{A672EE5E-927A-423E-B627-CD1926917863}
.
==================== Find3M ====================
.
2011-11-28 18:01:25   41184   ----a-w-   C:\Windows\avastSS.scr
2011-11-28 17:54:06   591192   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11   66904   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-27 13:23:55   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39   2309120   ----a-w-   C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47   1390080   ----a-w-   C:\Windows\System32\wininet.dll
2011-11-04 01:44:21   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42   1798144   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-10-24 19:29:02   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
2011-09-25 17:22:56   72192   ----a-w-   C:\Program Files (x86)\rjwmapln.dll
2011-09-25 17:22:56   719360   ----a-w-   C:\Program Files (x86)\dbghelp.dll
2011-09-25 17:22:53   46592   ----a-w-   C:\Program Files (x86)\rpau3260.dll
2011-09-25 17:22:27   88064   ----a-w-   C:\Program Files (x86)\hxaudiodevicehook.dll
2011-09-25 17:22:27   26752   ----a-w-   C:\Program Files (x86)\rndevicedbbuilder.exe
2011-09-25 17:22:26   86528   ----a-w-   C:\Program Files (x86)\rpplugprot.dll
2011-09-25 17:22:26   64656   ----a-w-   C:\Program Files (x86)\rpshell.dll
2011-09-25 17:22:26   116376   ----a-w-   C:\Program Files (x86)\rdsf3260.dll
2011-09-25 17:22:24   9728   ----a-w-   C:\Program Files (x86)\realjbox.exe
2011-09-25 17:22:24   17048   ----a-w-   C:\Program Files (x86)\rphelperapp.exe
2011-09-25 17:22:21   490096   ----a-w-   C:\Program Files (x86)\realplay.exe
2011-09-25 17:22:17   415400   ----a-w-   C:\Program Files (x86)\recordingmanager.exe
2009-08-20 08:13:26   9815040   ----a-w-   C:\Program Files\openofficeorg31.msi
2002-03-11 09:06:30   1822520   ----a-w-   C:\Program Files\instmsiw.exe
2002-03-11 08:45:04   1708856   ----a-w-   C:\Program Files\instmsia.exe
.
============= FINISH: 18:54:38.28 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/18/2010 3:25:10 PM
System Uptime: 1/7/2012 10:32:48 AM (8 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 127.708 GiB free.
D: is CDROM ()
G: is Removable
I: is FIXED (NTFS) - 298 GiB total, 36.959 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\6&336EB1FF&0&3
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\6&336EB1FF&0&3
Service:
.
==== System Restore Points ===================
.
RP331: 11/9/2011 10:57:48 PM - Removed Logitech Vid.
RP332: 11/12/2011 3:00:13 AM - Windows Update
RP333: 11/15/2011 6:57:56 AM - Windows Update
RP334: 11/18/2011 3:20:18 PM - Windows Update
RP335: 11/22/2011 6:53:23 PM - Windows Update
RP336: 11/29/2011 6:58:30 PM - Windows Update
RP337: 12/7/2011 5:35:28 AM - Windows Update
RP338: 12/13/2011 10:15:05 AM - Windows Update
RP339: 12/15/2011 10:10:16 AM - Windows Update
RP340: 12/20/2011 5:40:10 PM - Windows Update
RP341: 12/27/2011 6:15:57 PM - Windows Update
RP342: 1/2/2012 3:00:24 AM - Windows Update
RP343: 1/6/2012 7:54:28 PM - Windows Update
RP345: 1/7/2012 12:47:24 AM - Removed service pack backup files
RP346: 1/7/2012 3:20:30 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
µTorrent
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
ACT! by Sage 2009 (11.0)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Amazon Kindle
Apple Application Support
Apple Software Update
Audible Download Manager
AudibleManager
avast! Free Antivirus
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 5.0.1
CameraHelperMsi
Carbonite
Cisco Connect
Color Cop 5.4.3
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Driver Download Manager
Dell Getting Started Guide
erLT
Evernote v. 4.5.1
F.lux
ffdshow [rev 2527] [2008-12-19]
FlipShare
Free Images Viewer 0.1
FreeMind
Google Chrome
Google Desktop
Google Gmail Notifier
Google Talk Plugin
GoToAssist 8.0.0.514
GoToMeeting 5.0.0.799
HairBall - MailChimp's List Tool
HiJackThis
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
IDT Audio
InstallIQ Updater
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Junk Mail filter update
Living 3D Dolphin
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MAGIX Video easy SE
Malwarebytes Anti-Malware version 1.60.0.1800
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
OpenOffice.org 3.3
OverDrive Media Console
Pando
PDF QuickConverter Pro
PowerDVD DX
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
RescueTime 2.4.0
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Media Manager
Roxio Update Manager
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype Toolbars
Skype™ 5.1
Spotify
swMSM
TextPad 5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Veoh Web Player
Verizon V CAST Media Manager
VLC media player 1.1.7
WebEx
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Blog This for Mozilla Firefox
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinSesame
WinSynchro
WModem Driver Installer
Xvid 1.2.1 final uninstall
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/31/2011 6:02:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
12/31/2011 5:29:27 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/31/2011 5:27:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/31/2011 5:27:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/31/2011 5:27:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/31/2011 5:27:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
12/31/2011 5:27:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/31/2011 5:27:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6
1/7/2012 10:35:34 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/7/2012 10:34:40 AM, Error: Virtual Disk Service [9] - Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@02000014
1/7/2012 10:34:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
1/6/2012 6:49:03 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.
1/5/2012 9:39:53 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
1/5/2012 9:38:53 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:38:26 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:38:09 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:38:04 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:37:59 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:37:53 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:37:29 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:37:22 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:36:49 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:36:45 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:36:42 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:36:39 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:36:35 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:36:27 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:33:59 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 9:33:07 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/5/2012 8:02:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
1/5/2012 2:06:06 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer CANDICE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A5E0B821-9BF4-448C-B2EC-926DFF7B5415}. The master browser is stopping or an election is being forced.
1/5/2012 1:41:47 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
1/3/2012 12:24:23 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
1/3/2012 12:16:43 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
1/3/2012 1:42:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
1/2/2012 6:00:23 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
1/1/2012 5:14:31 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
1/1/2012 5:06:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2012 3:25:18 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================

kevinf80 · « **Reply #1 on:** January 07, 2012, 06:43:42 PM »

Hello Kaz and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
If you are using Cracked or Illegal software your thread will be locked and all help will cease.

UNinstall µTorrent Next,

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate by tapping Enter
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe or winlogon.com

Please post the contents of the RKreport.txt in your next Reply.

Kevin

Kaz · « **Reply #2 on:** January 08, 2012, 11:19:54 AM »

Hey Kevin, thanks for the help. I read the "following software must be removed post last night and removed the Utorrent. I just checked control panel>> uninstall programs and it's not showing up, so it should be gone.

Here is the RogueKiller log you requested.
Thanks again

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: ibn [Admin rights]
Mode: Scan -- Date : 01/08/2012 12:03:45

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}.job : C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8aed8e2a5efb8ec6efb681066600ca24
[BSP] f9411680eb20257ebec59c1df8564283 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 41 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 81920 | Size: 15728 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 30801920 | Size: 304301 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] a01d0af9fd801c08dba6a1398b6e1032
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 [VISIBLE] Offset (sectors): 249 | Size: 2031 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

kevinf80 · « **Reply #3 on:** January 08, 2012, 01:15:27 PM »

Continue as follows :-

Step 1

Quit all running programs and run RogueKiller once again.

For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 2 and validate by tapping Enter
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 3

Download aswMBR from Here
If it asks to update during the process please allow this to happen.

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop.

Copy and paste the contents of aswMBR.txt back here for review
You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Step 2

Download

OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4

Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Under the Custom Scan box paste this in:

Code: [Select]

[B]netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs[/B]

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Let me see the following in your reply :-

Log from RogueKiller
aswMBR log
OTL.txt
Extras.txt
Attach the MBR.zip file

If the OTL logs exceed character limit zip and attach...

Kevin

Kaz · « **Reply #4 on:** January 08, 2012, 03:13:07 PM »

Kevin, in your instructions Step 3 precedes Step 2. I assumed it was a typo and did 3 first.
The OTL files were over capacity, I had to attach them.

Here are the next set of logs:

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: ibn [Admin rights]
Mode: Scan -- Date : 01/08/2012 14:55:13

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8aed8e2a5efb8ec6efb681066600ca24
[BSP] f9411680eb20257ebec59c1df8564283 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 41 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 81920 | Size: 15728 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 30801920 | Size: 304301 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] a01d0af9fd801c08dba6a1398b6e1032
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 [VISIBLE] Offset (sectors): 249 | Size: 2031 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
----------

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-08 14:59:05
-----------------------------
14:59:05.773 OS Version: Windows x64 6.1.7601 Service Pack 1
14:59:05.773 Number of processors: 2 586 0x170A
14:59:05.773 ComputerName: MERCURYIII UserName: ibn
14:59:07.271 Initialize success
14:59:07.411 AVAST engine defs: 12010800
14:59:42.714 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:59:42.714 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
14:59:42.730 Disk 0 MBR read successfully
14:59:42.730 Disk 0 MBR scan
14:59:42.730 Disk 0 Windows 7 default MBR code
14:59:42.745 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:59:42.745 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
14:59:42.777 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
14:59:42.777 Service scanning
14:59:44.851 Modules scanning
14:59:44.851 Disk 0 trace - called modules:
14:59:44.898 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:59:44.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800445e060]
14:59:44.914 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004102050]
14:59:45.741 AVAST engine scan C:\Windows
14:59:48.861 AVAST engine scan C:\Windows\system32
15:01:26.955 AVAST engine scan C:\Windows\system32\drivers
15:01:45.786 AVAST engine scan C:\Users\ibn
15:07:20.547 Disk 0 MBR has been saved successfully to "C:\Users\ibn\Desktop\MBR.dat"
15:07:20.562 The log file has been saved successfully to "C:\Users\ibn\Desktop\aswMBR log.txt"
-----------------------

OTL files were over capacity see attachedd

kevinf80 · « **Reply #5 on:** January 08, 2012, 04:19:20 PM »

Do not see a great deal wrong with your logs upto now, OK lets run an online AV scan. This scan is very thorough so will take a few hours to complete:

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check
Click the button.
Accept any security warnings from your browser.
Check
Leave the tick out of remove found threats
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Kevin

Kaz · « **Reply #6 on:** January 08, 2012, 07:51:44 PM »

Here is the ETWETscan:

C:\Users\ibn\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\ODSERV.EXE probably a variant of Win32/Agent.KRKACQZ trojan
C:\Users\ibn\Downloads\RegZooka.exe a variant of Win32/Adware.RegGenie application

kevinf80 · « **Reply #7 on:** January 09, 2012, 03:26:46 AM »

You will have to "Show" hidden folders to upload one of the files below to VirusTotal, instructions Here if required.

Download SystemLook from one of the links below and save it to your Desktop.
Link 1
Link 2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code: [Select]

:dir
C:\Program Files (x86)\RegZooka

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Next,

Upload a File to Virustotal
Please visit Virustotal

Click the Browse... button
Navigate to the file C:\Users\ibn\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\ODSERV.EXE
Click the Open button
Click the Send button
If you get a message saying File has already been analyzed: click Reanalyze file now
Copy and paste the results back here please.
Repeat the above steps for the following files

C:\Users\ibn\Downloads\RegZooka.exe

Let me see the log from SystemLook and the results from VirusTotal....

Kevin

Kaz · « **Reply #8 on:** January 09, 2012, 11:44:07 AM »

Here are the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:27 on 09/01/2012 by ibn
Administrator - Elevation successful

========== dir ==========

C:\Program Files (x86)\RegZooka - Parameters: "(none)"

---Files---
dbupdate.dat   --a---- 5 bytes   [01:20 07/12/2011]   [01:20 07/12/2011]
rzupdate.dat   --a---- 3 bytes   [04:31 09/12/2011]   [04:31 09/12/2011]

---Folders---
None found.

-= EOF =-
------------------------------
File name: RegZooka.exe
Submission date: 2012-01-09 17:12:50 (UTC)
Current status: finished
Result: 1/ 43 (2.3%)

Antivirus   Version   Last update   Result
AhnLab-V3   2012.01.09.00   2012.01.09   -
AntiVir   7.11.20.203   2012.01.09   -
Antiy-AVL   2.0.3.7   2012.01.09   -
Avast   6.0.1289.0   2012.01.09   -
AVG   10.0.0.1190   2012.01.09   -
BitDefender   7.2   2012.01.09   -
ByteHero   1.0.0.1   2011.12.31   -
CAT-QuickHeal   12.00   2012.01.09   -
ClamAV   0.97.3.0   2012.01.09   -
Commtouch   5.3.2.6   2012.01.09   -
Comodo   11225   2012.01.09   -
DrWeb   5.0.2.03300   2012.01.09   -
Emsisoft   5.1.0.11   2012.01.09   -
eSafe   7.0.17.0   2012.01.09   -
eTrust-Vet   37.0.9671   2012.01.09   -
F-Prot   4.6.5.141   2012.01.09   -
F-Secure   9.0.16440.0   2012.01.09   -
Fortinet   4.3.388.0   2012.01.09   -
GData   22.342/22.634   2012.01.09   -
Ikarus   T3.1.1.109.0   2012.01.09   -
Jiangmin   13.0.900   2012.01.08   -
K7AntiVirus   9.124.5897   2012.01.09   -
Kaspersky   9.0.0.837   2012.01.09   -
McAfee   5.400.0.1158   2012.01.09   -
McAfee-GW-Edition   2010.1E   2012.01.09   -
Microsoft   1.7903   2012.01.09   -
NOD32   6780   2012.01.09   a variant of Win32/Adware.RegGenie
Norman   6.07.13   2012.01.09   -
nProtect   2012-01-09.01   2012.01.09   -
Panda   10.0.3.5   2012.01.09   -
PCTools   8.0.0.5   2012.01.09   -
Prevx   3.0   2012.01.09   -
Rising   23.92.00.02   2012.01.09   -
Sophos   4.73.0   2012.01.09   -
SUPERAntiSpyware   4.40.0.1006   2012.01.09   -
Symantec   20111.2.0.82   2012.01.09   -
TheHacker   6.7.0.1.373   2012.01.08   -
TrendMicro   9.500.0.1008   2012.01.09   -
TrendMicro-HouseCall   9.500.0.1008   2012.01.09   -
VBA32   3.12.16.4   2012.01.09   -
VIPRE   11374   2012.01.09   -
ViRobot   2012.1.9.4871   2012.01.09   -
VirusBuster   14.1.157.0   2012.01.08   -
-----------------------
File name: ODSERV.EXE
Submission date: 2012-01-09 17:25:44 (UTC)
Current status: finished
Result: 22/ 43 (51.2%)

Antivirus   Version   Last update   Result
AhnLab-V3   2012.01.09.00   2012.01.09   -
AntiVir   7.11.20.203   2012.01.09   -
Antiy-AVL   2.0.3.7   2012.01.09   -
Avast   6.0.1289.0   2012.01.09   -
AVG   10.0.0.1190   2012.01.09   -
BitDefender   7.2   2012.01.09   Trojan.Generic.3124949
ByteHero   1.0.0.1   2011.12.31   -
CAT-QuickHeal   12.00   2012.01.09   -
ClamAV   0.97.3.0   2012.01.09   -
Commtouch   5.3.2.6   2012.01.09   W32/Trojan2.MTDH
Comodo   11225   2012.01.09   UnclassifiedMalware
DrWeb   5.0.2.03300   2012.01.09   -
Emsisoft   5.1.0.11   2012.01.09   -
eSafe   7.0.17.0   2012.01.09   Win32.Trojan
eTrust-Vet   37.0.9671   2012.01.09   Win32/Tnega.BAC
F-Prot   4.6.5.141   2012.01.09   W32/Trojan2.MTDH
F-Secure   9.0.16440.0   2012.01.09   Trojan.Generic.3124949
Fortinet   4.3.388.0   2012.01.09   W32/Malware_fam.NB
GData   22.342/22.634   2012.01.09   Trojan.Generic.3124949
Ikarus   T3.1.1.109.0   2012.01.09   -
Jiangmin   13.0.900   2012.01.08   -
K7AntiVirus   9.124.5897   2012.01.09   Trojan
Kaspersky   9.0.0.837   2012.01.09   -
McAfee   5.400.0.1158   2012.01.09   Generic.dx!vwd
McAfee-GW-Edition   2010.1E   2012.01.09   Heuristic.LooksLike.Win32.Suspicious.J!83
Microsoft   1.7903   2012.01.09   -
NOD32   6780   2012.01.09   probably a variant of Win32/Agent.KRKACQZ
Norman   6.07.13   2012.01.09   W32/Suspicious_Gen2.PAMOV
nProtect   2012-01-09.01   2012.01.09   Trojan/W32.Agent.53248.ABW
Panda   10.0.3.5   2012.01.09   -
PCTools   8.0.0.5   2012.01.09   Trojan.Generic
Prevx   3.0   2012.01.09   -
Rising   23.92.00.02   2012.01.09   -
Sophos   4.73.0   2012.01.09   Ardamax
SUPERAntiSpyware   4.40.0.1006   2012.01.09   -
Symantec   20111.2.0.82   2012.01.09   Trojan Horse
TheHacker   6.7.0.1.373   2012.01.08   -
TrendMicro   9.500.0.1008   2012.01.09   TROJ_GEN.RC1C3H8
TrendMicro-HouseCall   9.500.0.1008   2012.01.09   TROJ_GEN.RC1C3H8
VBA32   3.12.16.4   2012.01.09   -
VIPRE   11374   2012.01.09   Trojan.Win32.Generic!BT
ViRobot   2012.1.9.4871   2012.01.09   -
VirusBuster   14.1.157.0   2012.01.08   Trojan.Small!XHWaUKvBE1I

kevinf80 · « **Reply #9 on:** January 09, 2012, 02:43:04 PM »

OK do the following:

Re-Run

by double left click, Vista and Widows 7 users right click and select Run as Administrator.

Under the box at the bottom, paste in the following. ***Note the scroll bar, make sure to copy the full script.

Code: [Select]

:OTL
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
O3 - HKU\S-1-5-21-2616600015-1080339109-972721566-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2616600015-1080339109-972721566-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/01/06 16:35:18 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{5F6EB707-C503-4A3E-BF55-BD387923A4F7}
[2012/01/06 16:34:55 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{DD03A093-EDD7-4937-A07A-2688AB12310C}
[2012/01/02 19:07:06 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{9D821172-C71E-49BA-A2FD-5BFD9A284B1B}
[2012/01/02 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{FA72F57E-81D7-4E6A-9BEF-D8A725671027}
[2012/01/01 18:08:40 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{DFDC342C-195C-40CD-9B9A-FD69287F3834}
[2012/01/01 18:08:28 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{E0A160B0-8A47-4CBC-958C-6502F65A2529}
[2011/12/31 17:19:39 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{13D4F592-9E13-4C06-A5FE-AC2BD8E6FC07}
[2011/12/27 02:00:15 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{984DD335-17BE-49B1-B49A-B9FE13EB36F3}
[2011/12/27 01:59:40 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{6F283425-9F3C-4E3D-8F23-1FCE01DA65CE}
[2011/12/19 20:16:28 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{F5ACA295-D874-4A03-BD51-C0CF98B89F93}
[2011/12/19 20:15:54 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{4B5F5CE0-FC7A-4D29-94EE-2378F547F41C}
[2011/12/13 10:10:49 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{AD53B6FC-0D04-40D9-93EB-B4209A4C454C}
[2011/12/13 10:10:12 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{00B0ADDC-F969-4BC3-927F-751EA4DBEF88}
[2011/12/09 18:14:00 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{81377E98-CA02-4133-B9D1-FED2F3B03987}
[2011/12/09 18:13:26 | 000,000,000 | ---D | C] -- C:\Users\ibn\AppData\Local\{A672EE5E-927A-423E-B627-CD1926917863}
[2012/01/07 01:04:21 | 000,007,620 | ---- | C] () -- C:\Users\ibn\AppData\Local\resmon.resmoncfg
[2012/01/07 19:04:32 | 000,000,000 | ---D | M] -- C:\Users\ibn\AppData\Roaming\uTorrent
@Alternate Data Stream - 76 bytes -> C:\Users\ibn\Documents\test.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\ibn\Documents\Mahdi.rtf:Roxio EMC Stream
:Files
C:\Users\ibn\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\ODSERV.EXE
C:\Program Files (x86)\RegZooka
C:\found.000
:Commands
[EmptyTemp]
[CREATERESTOREPOINT]
[Reboot]

Then click button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next,

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see the following in next reply:

Log from OTL fix
Log from OTL Quick scan
Log from Malwarebytes
What issues remain....

Kevin..

Kaz · « **Reply #10 on:** January 09, 2012, 05:26:46 PM »

New logs:

OTL FIX:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2616600015-1080339109-972721566-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2616600015-1080339109-972721566-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\ibn\AppData\Local\{5F6EB707-C503-4A3E-BF55-BD387923A4F7} folder moved successfully.
C:\Users\ibn\AppData\Local\{DD03A093-EDD7-4937-A07A-2688AB12310C} folder moved successfully.
C:\Users\ibn\AppData\Local\{9D821172-C71E-49BA-A2FD-5BFD9A284B1B} folder moved successfully.
C:\Users\ibn\AppData\Local\{FA72F57E-81D7-4E6A-9BEF-D8A725671027} folder moved successfully.
C:\Users\ibn\AppData\Local\{DFDC342C-195C-40CD-9B9A-FD69287F3834} folder moved successfully.
C:\Users\ibn\AppData\Local\{E0A160B0-8A47-4CBC-958C-6502F65A2529} folder moved successfully.
C:\Users\ibn\AppData\Local\{13D4F592-9E13-4C06-A5FE-AC2BD8E6FC07} folder moved successfully.
C:\Users\ibn\AppData\Local\{984DD335-17BE-49B1-B49A-B9FE13EB36F3} folder moved successfully.
C:\Users\ibn\AppData\Local\{6F283425-9F3C-4E3D-8F23-1FCE01DA65CE} folder moved successfully.
C:\Users\ibn\AppData\Local\{F5ACA295-D874-4A03-BD51-C0CF98B89F93} folder moved successfully.
C:\Users\ibn\AppData\Local\{4B5F5CE0-FC7A-4D29-94EE-2378F547F41C} folder moved successfully.
C:\Users\ibn\AppData\Local\{AD53B6FC-0D04-40D9-93EB-B4209A4C454C} folder moved successfully.
C:\Users\ibn\AppData\Local\{00B0ADDC-F969-4BC3-927F-751EA4DBEF88} folder moved successfully.
C:\Users\ibn\AppData\Local\{81377E98-CA02-4133-B9D1-FED2F3B03987} folder moved successfully.
C:\Users\ibn\AppData\Local\{A672EE5E-927A-423E-B627-CD1926917863} folder moved successfully.
C:\Users\ibn\AppData\Local\resmon.resmoncfg moved successfully.
C:\Users\ibn\AppData\Roaming\uTorrent folder moved successfully.
ADS C:\Users\ibn\Documents\test.wma:Roxio EMC Stream deleted successfully.
ADS C:\Users\ibn\Documents\Mahdi.rtf:Roxio EMC Stream deleted successfully.
========== FILES ==========
C:\Users\ibn\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\ODSERV.EXE moved successfully.
C:\Program Files (x86)\RegZooka folder moved successfully.
C:\found.000 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ibn
->Temp folder emptied: 5096685 bytes
->Temporary Internet Files folder emptied: 19097695 bytes
->Java cache emptied: 4917570 bytes
->FireFox cache emptied: 51258456 bytes
->Google Chrome cache emptied: 257492576 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 58653 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 529986 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85521 bytes
RecycleBin emptied: 6570324 bytes

Total Files Cleaned = 329.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01092012_170034

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
C:\Users\ibn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ad6 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ad7 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ad8 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ad9 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ada not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000adb not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000adc not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000add not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ade not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000adf not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ae0 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ae1 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ae2 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ae3 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ae4 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ae5 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ae6 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ae7 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ae8 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000ae9 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c46 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c47 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c48 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c49 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c4a not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c4b not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c4c not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c4d not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c4e not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c4f not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c52 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c54 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c55 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c56 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c57 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c58 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c59 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c5a not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c5b not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c5c not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c5d not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c5e not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c5f not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c60 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c61 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c62 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c63 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c64 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c65 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c66 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c67 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c69 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c6c not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c6d not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c6e not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c70 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e1b not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e1c not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e1d not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e1e not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e1f not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e20 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e21 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e22 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e23 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e24 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e25 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e26 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e27 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e28 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e29 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e2a not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e2b not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e2c not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e2d not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e2e not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e2f not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e30 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e31 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e32 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e33 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e34 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e35 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e36 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e37 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e38 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e39 not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e3a not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e3b not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e3c not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e3d not found!
File\Folder C:\Users\ibn\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000e3e not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\JETFDFD.tmp moved successfully.
File\Folder C:\Windows\temp\TMP0000031D8D49334DB3B6EA09 not found!
C:\Windows\temp\~ROMFN_00000BE0 moved successfully.

Registry entries deleted on Reboot...
-------------------------------------------------------
OTL scan log exceeded the limit so I attached.

Still unable to run Malwarebytes Anti Malware. I uninstalled it. Rebooted. Reinstalled to a new folder. Install goes fine. Click on icon, it seems to respond (i see blue circle on my screen- processing), then nothing.

kevinf80 · « **Reply #11 on:** January 09, 2012, 06:01:14 PM »

Click on Start and select Control Panel
Open Uninstall a Program
Uninstall Malwarebytes' Anti-Malware
Restart your computer very important
Download and run mbam-clean.exe from HERE
It will ask to restart your computer, please allow it to do so very important.
As it boots Tap the F8 key repeatedly until you see the Windows advanced menu.
From the Menu select Safe Mode with Networking and boot to that, accept any alerts and follow prompts as required. Next, install Malwarebytes again and update as follows :-

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Kaz · « **Reply #12 on:** January 09, 2012, 07:50:35 PM »

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
ibn :: MERCURYIII [administrator]

Protection: Disabled

1/9/2012 8:41:56 PM
mbam-log-2012-01-09 (20-41-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178962
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

kevinf80 · « **Reply #13 on:** January 10, 2012, 02:54:15 AM »

Boot back to Normal mode and run Malwarebytes quick scan, post that log. Tell me how your system is responding and what issues/concerns remain....

Kevin

Kaz · « **Reply #14 on:** January 10, 2012, 10:23:36 AM »

Ok, that worked.

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.10.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ibn :: MERCURYIII [administrator]

Protection: Enabled

1/10/2012 11:07:13 AM
mbam-log-2012-01-10 (11-07-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182091
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
---------------------------------------------------
Kevin, my system seems to be running fine now. I just see one problem, which I guess is not virus related.

It seems every night my computer slows down when I'm on the internet. I don't think it's the ISP because I have two computers on my desk. My other computer is about 3 years older than this one and runs a lot slower in general. But when my internet connection on this computer slows down, the other is not effected.

Any idea what the problem might be?

PS. The infections that I did have, were any of them serious. What are your recommendations for future security?

News:

Author Topic: [Resolved K] Malwarebytes will not open, Avast firewall will not run, (Read 3653 times)

Kaz

[Resolved K] Malwarebytes will not open, Avast firewall will not run,

kevinf80

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

Kaz

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

kevinf80

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

Kaz

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

kevinf80

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

Kaz

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

kevinf80

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

Kaz

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

kevinf80

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

Kaz

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

kevinf80

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

Kaz

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

kevinf80

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,

Kaz

Re: [Resolved K] Malwarebytes will not open, Avast firewall will not run,