explorer.exe 0xc000022 error

Status
Not open for further replies.
2012-02-12 19:21:21 . 2012-02-13 17:31:22 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-02-11 14:03:47 . 2012-02-13 17:54:43 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8}.reg.dat
2012-02-11 14:03:47 . 2012-02-13 17:54:43 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D}.reg.dat
2012-02-11 13:53:56 . 2012-02-13 17:36:48 8,898 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-02-11 13:48:14 . 2012-02-13 17:29:50 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-06-13 00:57:56 . 2010-06-13 00:57:56 74 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp.vir
2010-06-13 00:47:33 . 2010-06-13 00:47:33 55 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe.vir
2010-06-12 13:57:42 . 2010-06-12 13:57:42 78 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\cid.drv.vir
2010-06-12 13:57:42 . 2010-06-12 13:57:42 33 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv.vir
2010-06-12 02:39:42 . 2010-06-12 02:39:42 71 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp.vir
2010-06-12 02:28:57 . 2010-06-12 02:28:57 18 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll.vir
2010-06-12 02:18:33 . 2010-06-12 02:18:33 9 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\FS.sys.vir
2010-06-12 01:58:53 . 2010-06-12 01:58:53 4 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp.vir
2010-06-12 01:58:53 . 2010-06-12 01:58:53 53 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\energy.dll.vir
2010-06-12 01:58:52 . 2010-06-12 01:58:53 17 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv.vir
2010-06-12 01:58:52 . 2010-06-12 01:58:52 63 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys.vir
2010-06-12 01:58:52 . 2010-06-12 01:58:52 46 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp.vir
2010-06-12 01:58:52 . 2010-06-12 01:58:52 11 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\FS.exe.vir
2010-06-12 01:58:52 . 2010-06-12 23:45:04 73 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\PE.drv.vir
2010-06-12 01:58:48 . 2010-06-12 01:58:48 45 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\sld.drv.vir
2010-06-12 01:58:47 . 2010-06-12 01:58:47 49 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\eb.sys.vir
2010-06-12 01:58:47 . 2010-06-12 01:58:47 2 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\sld.sys.vir
2010-06-12 01:58:47 . 2010-06-12 01:58:47 31 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll.vir
2010-06-12 01:58:39 . 2010-06-12 01:58:39 14 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll.vir
2010-06-12 01:58:36 . 2010-06-12 13:57:42 45 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\PE.dll.vir
2010-06-12 01:58:36 . 2010-06-12 01:58:36 63 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll.vir
2010-06-12 01:58:23 . 2010-06-12 01:58:23 50 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe.vir
2010-06-12 01:58:12 . 2010-06-12 01:58:12 4,286 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\de6342b\SMAV.ico.vir
2010-06-12 01:58:11 . 2010-06-12 01:58:11 334 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\de6342b\6738.mof.vir
2010-06-12 01:58:10 . 2009-01-14 09:14:07 1,929 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\de6342b\BackUp\QuickSet.lnk.vir
2010-06-12 01:58:10 . 2009-01-14 09:16:01 743 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\de6342b\BackUp\Bluetooth.lnk.vir
2010-06-12 01:58:10 . 2009-04-11 17:25:54 881 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\de6342b\BackUp\wkcalrem.LNK.vir
2010-06-12 01:58:10 . 2010-02-08 19:59:27 1,702 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\de6342b\BackUp\LimeWire On Startup.lnk.vir
2010-06-12 01:58:10 . 2009-02-24 00:00:32 1,815 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\de6342b\BackUp\Dell Dock.lnk.vir
2010-06-12 01:58:04 . 2010-06-12 01:58:04 12,252 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\de6342b\SMAVSys\vd952342.bd.vir
2010-03-26 17:06:12 . 2010-03-26 17:06:50 2,709,504 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\de6342b\CUde63.exe.vir
2009-07-04 16:21:42 . 2009-05-14 09:58:00 61,440 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\ndisapi.dll.vir
2009-07-04 16:21:42 . 2009-06-22 14:58:22 13,312 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\drivers\snetcfg.exe.vir
2009-05-31 00:16:08 . 2009-05-31 00:20:10 835 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\Logs\2009-05-30 19-16-080.log.vir
2009-05-30 23:35:37 . 2009-05-30 23:37:13 835 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\Logs\2009-05-30 18-35-370.log.vir
2009-05-30 23:10:38 . 2009-05-30 23:12:07 835 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\Logs\2009-05-30 18-10-380.log.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 228 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-68.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 196 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-67.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 180 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-66.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 176 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-65.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 252 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-64.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 248 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-63.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 200 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-62.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 236 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-61.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 200 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-60.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 168 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-59.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 156 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-58.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 168 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-57.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 248 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-56.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 116 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-55.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 232 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-54.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 176 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-53.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 208 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-52.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 196 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-51.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 188 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-50.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 196 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-49.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 196 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-48.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 188 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-47.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 180 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-46.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 180 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-45.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 220 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-44.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 196 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-43.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 188 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-42.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 164 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-41.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 160 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-40.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 256 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-39.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 116 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-38.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 204 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-37.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 320 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-36.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 316 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-35.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 160 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-34.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 176 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-33.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 364 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-32.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 156 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-31.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 172 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-30.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 336 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-29.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 196 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-28.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 332 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-27.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 192 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-26.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 208 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-25.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 396 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-24.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 188 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-23.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 204 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-22.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 368 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-21.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 272 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-20.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 308 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-19.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 160 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-18.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 156 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-17.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 144 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-16.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 236 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-15.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 140 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-14.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 232 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-13.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 164 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-12.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 168 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-11.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 164 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-10.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 148 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-9.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 176 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-8.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 156 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-7.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 156 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-6.db.vir
2009-05-30 01:17:01 . 2009-05-30 01:17:01 212 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-5.db.vir
2009-05-30 01:17:00 . 2009-05-30 01:17:01 144 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-4.db.vir
2009-05-30 01:17:00 . 2009-05-30 01:17:00 148 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-3.db.vir
2009-05-30 01:17:00 . 2009-05-30 01:17:00 240 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-2.db.vir
2009-05-30 01:17:00 . 2009-05-30 01:17:00 240 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-1.db.vir
2009-05-30 01:17:00 . 2009-05-30 01:17:00 232 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\regb-0.db.vir
2009-05-30 01:17:00 . 2009-05-30 01:17:01 4 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\QuarantineW\2009-05-29 20-17-000\filelist.db.vir
2009-05-30 01:15:27 . 2009-05-30 01:16:57 3,150 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\Results\Update.db.vir
2009-05-30 01:15:27 . 2009-05-30 01:16:57 2,009,788 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\Results\Evidence.db.vir
2009-05-30 01:15:27 . 2009-05-30 01:16:57 7,612 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\Results\Junk.db.vir
2009-05-30 01:15:27 . 2009-05-30 01:16:57 75,670 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\Results\Registry.db.vir
2009-05-30 01:15:13 . 2009-05-30 01:17:01 64,906 ----a-w- C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Roaming\RegTool\Logs\2009-05-29 20-15-130.log.vir
 
Hi chiro.j.elliott,

Let's see if we can get a peek at what is loading or trying to load at startup. This will also show us how much you can do in normal windows. If you don't have another computer which you can view these instructions, please print them out.

In safe mode

Download OTL and save it to C:\

Next

Boot to normal windows.

In normal windows

Open Task Manager with ctrl,alt,del as you have been doing.
  • In Task Manager, click the Options button
  • check mark Allways on Top
  • This will keep Taskmanager from disappearing when you click on anything else.

    In Task Manager
    • click file
    • click New Task(Run...)
    • type the following line into the open: field
      iexplore
    • click ok
Internet Explorer should open. Browse to this topic and continue.

Using your left mouse button, click on the top blue portion of Task Manager and slide it down to the lower part of your screen so these instructions are visible.

Next
  • Holding down your left mouse button, highlight all the text in the codebox below.
  • Do not copy the word CODE ,
  • right click the highlighted text and choose copy

Code: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDISRD /s
HKEY_CURRENT_USER\Control Panel\Desktop|foregroundlocktimeout /rs
/md5start
DpPwdFlt.*
snetcfg.*
NetFilter.*
ndisrd.*
/md5stop

In Task Manager
  • click file
  • click New Task(Run...)
  • type the following line into the open: field
    C:\OTL.exe
  • click ok
OTL should open.

  • Right click anywhere in the white field under Custom Scans and Fixes and choose paste.
  • the text you copied earlier should appear
  • Click the Run Scan button
A log named OTL.txt should open please copy and paste it's contents in your next reply.

Another log named Extra.txt will be saved at C:\ (OTL.txt can also be found there). Please post it also. you may even be able to attach the logs.
 
I am posting this from normal windows!!



OTL logfile created on: 2/14/2012 2:33:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 58.37% Memory free
8.09 Gb Paging File | 6.38 Gb Available in Paging File | 78.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 202.76 Gb Free Space | 70.40% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.25 Gb Free Space | 32.49% Space Free | Partition Type: NTFS
Drive E: | 557.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 14:14:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/12/22 23:55:34 | 002,479,864 | ---- | M] (AuthenTec, Inc.) [Disabled | Stopped] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2008/11/20 04:21:12 | 000,031,744 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/09/23 22:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/08/25 04:31:36 | 000,251,904 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/08/25 04:31:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/04 08:54:56 | 003,542,616 | ---- | M] () [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/06/09 12:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/09 13:08:52 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/08 10:03:36 | 000,067,104 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2009/04/10 23:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/12/23 00:54:58 | 000,548,864 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2008/11/20 04:20:52 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/11/14 17:25:42 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2008/10/27 05:21:50 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/10/27 00:25:30 | 000,315,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/10/27 00:25:30 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/09/03 05:59:18 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/08/25 05:26:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/25 04:31:46 | 000,458,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/08/22 11:05:40 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\swmsflt.sys -- (swmsflt)
DRV:64bit: - [2008/08/20 12:41:52 | 000,191,872 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV:64bit: - [2008/08/20 12:40:48 | 000,200,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV:64bit: - [2008/07/17 04:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 04:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 04:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 05:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2008/06/16 03:25:20 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/06/16 03:25:14 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/06/16 03:25:12 | 000,120,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/16 03:25:10 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/01/20 20:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 01:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2009/01/14 03:26:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/11 15:22:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2009/01/14 03:26:01 | 000,000,000 | ---D | M]

[2010/02/08 13:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2010/02/08 13:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/02/01 14:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\r5a2vp3k.default\extensions
[2012/02/11 07:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/11 15:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
() (No name found) -- C:\USERS\RYAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5A2VP3K.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/02/11 15:22:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/24 05:21:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/24 05:21:10 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/13 11:49:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2961302D-0820-4732-9602-FF83D5402027}: DhcpNameServer = 209.183.50.151 209.183.50.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F989BEA-572A-4367-97B7-768ECC652223}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB2F24BD-7F6D-4397-9084-EBC202AA3EF3}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tbr - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/04 06:00:00 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 14:14:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012/02/13 11:55:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/13 11:55:49 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\temp
[2012/02/13 11:50:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/12 13:47:03 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Malwarebytes
[2012/02/12 13:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/12 13:46:57 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/12 13:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/12 13:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/12 13:43:57 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ryan\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/11 07:48:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/11 07:48:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/11 07:48:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/11 07:48:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/11 07:46:06 | 004,401,300 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2012/02/09 13:31:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/09 13:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/09 13:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/02/09 13:21:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HijackThis.exe
[2012/02/09 13:17:50 | 002,405,576 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HousecallLauncher64.exe
[2012/02/09 13:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/02/09 13:08:52 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/02/09 13:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/02/09 13:08:12 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\DAEMON Tools Lite
[2012/02/09 13:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/02/09 13:06:50 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HousecallLauncher.exe
[2012/02/09 13:05:04 | 014,190,784 | ---- | C] (DT Soft Ltd.) -- C:\Users\Ryan\Desktop\DTLite4452-0287.exe
[2012/02/09 13:03:24 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Roxio
[2012/02/09 12:58:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/02 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\PCPro
[2012/02/02 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\PC Cleaners
[2012/02/02 10:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/02/01 21:05:16 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\ElevatedDiagnostics
[2012/02/01 16:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/02/01 16:46:19 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Uniblue
[2012/02/01 16:46:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012/01/30 15:30:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2012/01/30 15:30:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2012/01/30 15:30:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2012/01/30 15:30:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2012/01/30 15:30:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2012/01/30 15:30:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2012/01/30 14:44:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/01/30 14:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/01/30 14:42:10 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/01/30 14:42:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/01/30 14:42:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/01/30 14:42:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/01/30 14:36:22 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/29 22:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video&sound
[2012/01/29 22:16:28 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Mozilla
[2012/01/29 19:31:48 | 000,000,000 | ---D | C] -- C:\RebateInformer
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Ryan\AppData\Local\*.tmp files -> C:\Users\Ryan\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/14 14:34:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/14 14:34:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/14 14:32:19 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/14 14:32:19 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/14 14:32:19 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/14 14:24:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 14:24:23 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 14:24:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/14 14:14:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/02/13 11:49:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/13 11:48:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/12 13:46:58 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 13:46:04 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ryan\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/11 07:46:16 | 004,401,300 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2012/02/09 15:22:27 | 000,009,019 | ---- | M] () -- C:\Users\Ryan\Desktop\attach.zip
[2012/02/09 13:31:29 | 000,000,945 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/09 13:31:19 | 000,000,765 | ---- | M] () -- C:\Users\Ryan\Desktop\NTREGOPT.lnk
[2012/02/09 13:31:19 | 000,000,746 | ---- | M] () -- C:\Users\Ryan\Desktop\ERUNT.lnk
[2012/02/09 13:26:01 | 000,692,831 | ---- | M] () -- C:\Users\Ryan\AppData\Local\census.cache
[2012/02/09 13:25:52 | 000,151,775 | ---- | M] () -- C:\Users\Ryan\AppData\Local\ars.cache
[2012/02/09 13:21:11 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HijackThis.exe
[2012/02/09 13:17:53 | 002,405,576 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HousecallLauncher64.exe
[2012/02/09 13:14:12 | 000,001,356 | ---- | M] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat
[2012/02/09 13:13:49 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ryan\Desktop\HousecallLauncher.exe
[2012/02/09 13:11:00 | 000,000,036 | ---- | M] () -- C:\Users\Ryan\AppData\Local\housecall.guid.cache
[2012/02/09 13:08:52 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/02/09 13:05:53 | 001,402,880 | ---- | M] () -- C:\Users\Ryan\Desktop\HiJackThis.msi
[2012/02/09 13:05:19 | 014,190,784 | ---- | M] (DT Soft Ltd.) -- C:\Users\Ryan\Desktop\DTLite4452-0287.exe
[2012/02/09 12:43:33 | 060,979,200 | ---- | M] () -- C:\Users\Ryan\Desktop\PCRegedit.iso
[2012/02/01 22:27:00 | 000,000,176 | ---- | M] () -- C:\MSsupport.htm
[2012/02/01 14:05:56 | 000,000,732 | ---- | M] () -- C:\Users\Ryan\AppData\Local\d3d9caps64.dat
[2012/01/30 15:35:10 | 000,280,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/30 14:36:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/29 23:02:28 | 000,000,998 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\wklnhst.dat
[2012/01/29 22:28:23 | 000,000,121 | ---- | M] () -- C:\Windows\wininit.ini
[2012/01/29 22:16:21 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/29 21:45:36 | 000,441,257 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120129-223201.backup
[2012/01/29 21:38:42 | 000,441,257 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120129-214536.backup
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Ryan\AppData\Local\*.tmp files -> C:\Users\Ryan\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/12 13:46:58 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 07:48:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/11 07:48:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/11 07:48:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/11 07:48:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/11 07:48:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/09 15:22:27 | 000,009,019 | ---- | C] () -- C:\Users\Ryan\Desktop\attach.zip
[2012/02/09 13:31:29 | 000,000,945 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/09 13:31:19 | 000,000,765 | ---- | C] () -- C:\Users\Ryan\Desktop\NTREGOPT.lnk
[2012/02/09 13:31:19 | 000,000,746 | ---- | C] () -- C:\Users\Ryan\Desktop\ERUNT.lnk
[2012/02/09 13:26:01 | 000,692,831 | ---- | C] () -- C:\Users\Ryan\AppData\Local\census.cache
[2012/02/09 13:25:52 | 000,151,775 | ---- | C] () -- C:\Users\Ryan\AppData\Local\ars.cache
[2012/02/09 13:11:00 | 000,000,036 | ---- | C] () -- C:\Users\Ryan\AppData\Local\housecall.guid.cache
[2012/02/09 13:05:53 | 001,402,880 | ---- | C] () -- C:\Users\Ryan\Desktop\HiJackThis.msi
[2012/02/09 12:42:06 | 060,979,200 | ---- | C] () -- C:\Users\Ryan\Desktop\PCRegedit.iso
[2012/02/01 22:27:00 | 000,000,176 | ---- | C] () -- C:\MSsupport.htm
[2012/02/01 13:57:56 | 000,000,732 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps64.dat
[2012/01/30 10:52:23 | 000,280,704 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/29 22:28:23 | 000,000,121 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/29 22:16:21 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/29 22:16:21 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/02/22 22:03:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/16 14:45:18 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/16 14:44:22 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/16 14:43:29 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/04 10:21:42 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\NFUninstall.exe
[2009/04/11 11:12:25 | 000,001,356 | ---- | C] () -- C:\Users\Ryan\AppData\Local\d3d9caps.dat
[2009/02/24 14:16:35 | 000,000,998 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\wklnhst.dat
[2009/02/24 13:58:15 | 000,009,728 | ---- | C] () -- C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/14 04:40:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/01/14 04:12:33 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/01/14 03:17:49 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDISRD /s >
"FN" = @yOaTVCNRyG@O_JpSwW\e!!
"FNU" = HjoQL<CqT>wpJLG@>vwQL
"ApiDll" = =eSNVBs_N`KlVvw`r!

< HKEY_CURRENT_USER\Control Panel\Desktop|foregroundlocktimeout /rs >
HKEY_CURRENT_USER\Control Panel\Desktop\\ForegroundLockTimeout: 0


< MD5 for: DPPWDFLT.DLL >
[2008/06/09 12:47:36 | 000,150,592 | ---- | M] (DigitalPersona, Inc.) MD5=BD6AFDFA9482A97A47FEF17ADE5AFFC8 -- C:\Windows\SysWOW64\DpPwdFlt.dll

< MD5 for: SNETCFG.EXE.VIR >
[2009/06/22 08:58:22 | 000,013,312 | ---- | M] (Windows (R) Server 2003 DDK provider) MD5=70DC35386A3061A16C3C22389C3EBF2B -- C:\Qoobox\Quarantine\C\Windows\SysWOW64\drivers\snetcfg.exe.vir

< End of report >

extras report is attached!!!
 
Hi chiro.j.elliott,

I take it you are in normal windows but are running things from task manager?

This is looking promising. I need to have a look at a couple of more items.







Next
  • Holding down your left mouse button, highlight all the text in the codebox below.
  • Do not copy the word CODE ,
  • right click the highlighted text and choose copy

Code: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS /s
/md5start
ndis.sys.*
ndisapi.*
/md5stop

In Task Manager
  • click file
  • click New Task(Run...)
  • type the following line into the open: field
    C:\OTL.exe
  • click ok
OTL should open.

Click the None button (it may look greyed out) this will make for a shorter log.

  • Right click anywhere in the white field under Custom Scans and Fixes and choose paste.
  • the text you copied earlier should appear
  • Click the Run Scan button
A log named OTL.txt should open please copy and paste it's contents in your next reply. There will be no Extra.txt this time.
 
OTL logfile created on: 2/15/2012 10:25:39 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 65.99% Memory free
8.09 Gb Paging File | 6.69 Gb Available in Paging File | 82.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 197.72 Gb Free Space | 68.65% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.25 Gb Free Space | 32.49% Space Free | Partition Type: NTFS
Drive E: | 557.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS /s >
"DisplayName" = NDIS System Driver
"Group" = NDIS Wrapper
"ImagePath" = system32\drivers\ndis.sys
"Description" = NDIS System Driver
"ErrorControl" = 3
"Start" = 0
"Type" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS\IfTypes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS\IfTypes\1]
"IfType" = 1
"IfUsedNetLuidIndices" = 01 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS\IfTypes\131]
"IfType" = 131
"IfUsedNetLuidIndices" = FF FB BF 03 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS\IfTypes\23]
"IfType" = 23
"IfUsedNetLuidIndices" = 03 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS\IfTypes\24]
"IfType" = 24
"IfUsedNetLuidIndices" = 01 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS\IfTypes\6]
"IfType" = 6
"IfUsedNetLuidIndices" = A9 03 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS\IfTypes\71]
"IfType" = 71
"IfUsedNetLuidIndices" = 01 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS\IfTypes\71\1]
"PortAuthReceiveAuthorizationState" = 2
"PortAuthReceiveControlState" = 2
"PortAuthSendAuthorizationState" = 2
"PortAuthSendControlState" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS\Parameters]
"PortAuthReceiveAuthorizationState" = 2
"PortAuthReceiveControlState" = 2
"PortAuthSendAuthorizationState" = 2
"PortAuthSendControlState" = 2
"ProcessorAffinityMask" = -1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS\Enum]
"0" = Root\LEGACY_NDIS\0000
"Count" = 1
"NextInstance" = 1


< MD5 for: NDIS.SYS >
[2008/01/20 20:50:38 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_03e5c74ad46c7e4e\ndis.sys
[2008/02/07 22:41:30 | 000,643,640 | ---- | M] (Microsoft Corporation) MD5=37A917C8586225B0D04E407C11639B7E -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_02504837f08cff85\ndis.sys
[2009/04/11 01:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\ERDNT\cache64\ndis.sys
[2009/04/11 01:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\SysNative\drivers\ndis.sys
[2009/04/11 01:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_05d14056d18e499a\ndis.sys
[2008/02/08 11:31:28 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=F9A3AE5C9F047D71A36A99F9ABCA7D02 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_04649429ed923a09\ndis.sys

< MD5 for: NDISAPI.DLL.VIR >
[2009/05/14 03:58:00 | 000,061,440 | ---- | M] (NT Kernel Resources) MD5=FE4C4F2696C7EF01FB5FC87B3E71D639 -- C:\Qoobox\Quarantine\C\Windows\SysWOW64\ndisapi.dll.vir

< End of report >
 
Hi chiro.j.elliott,

Sorry for the delay.

Let's take a run at this with combofix in normal windows. If possible let it finish up in normal windows.

It may take out the bit of malware that I see and may also find more, might even fix or identify the problem.

In Task Manager
  • click file
  • click New Task(Run...)
  • copy and paste the following line into the open: field
    c:\users\Ryan\Desktop\ComboFix.exe
  • click ok
Combofix should start running.

Please post the log. Any change in the computer?
 
ran combofix it said something about expired and running in limited mode but it ran and report is posted am going to try rebooting to reg mode (normal) now !!!


ComboFix 12-02-11.02 - Ryan 02/16/2012 13:43:12.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2466 [GMT -6:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 19:45 . 2012-02-16 19:46 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2012-02-16 19:45 . 2012-02-16 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 19:45 . 2012-02-16 19:45 -------- d-----w- c:\users\Becca\AppData\Local\temp
2012-02-15 16:50 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-15 16:50 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-15 09:58 . 2012-02-15 09:58 -------- d-----w- c:\windows\SysWow64\spool
2012-02-15 09:58 . 2012-02-15 09:58 -------- d-----w- c:\program files\Windows Portable Devices
2012-02-15 09:58 . 2012-02-15 09:58 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-02-15 09:39 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe
2012-02-15 09:04 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-02-15 09:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-02-15 09:04 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-02-15 09:04 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-02-15 09:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-02-15 09:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-02-14 23:54 . 2011-12-15 06:42 77312 ----a-w- c:\windows\system32\iesetup.dll
2012-02-14 23:53 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2012-02-14 23:53 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2012-02-14 23:53 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-02-14 23:53 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-02-14 23:53 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-02-14 23:53 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-02-14 23:53 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-02-14 23:53 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-02-14 23:53 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-14 23:53 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-14 23:53 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-14 23:52 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-14 23:52 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-02-14 23:52 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-14 23:52 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2012-02-14 23:52 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-14 23:51 . 2011-10-25 16:13 1570816 ----a-w- c:\windows\system32\quartz.dll
2012-02-14 23:51 . 2011-10-25 16:13 352256 ----a-w- c:\windows\system32\qdvd.dll
2012-02-14 23:51 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2012-02-14 23:51 . 2011-10-25 15:58 497152 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-02-14 23:51 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-14 23:51 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-14 23:49 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-14 23:48 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2012-02-14 23:48 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-02-14 23:48 . 2011-04-21 14:17 695296 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-02-14 23:48 . 2009-06-17 10:37 35328 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-02-14 23:47 . 2012-01-17 10:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCCE0D40-3C03-441B-8DA9-95011F36DEB9}\mpengine.dll
2012-02-14 23:47 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2012-02-14 23:47 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-14 23:40 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-02-14 23:40 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-14 20:14 . 2012-02-14 20:14 584192 ----a-w- C:\OTL.exe
2012-02-12 19:47 . 2012-02-12 19:47 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2012-02-12 19:46 . 2012-02-12 19:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-12 19:46 . 2012-02-12 19:46 -------- d-----w- c:\programdata\Malwarebytes
2012-02-12 19:46 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 13:46 . 2012-02-11 21:22 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-02-11 13:46 . 2012-02-11 21:22 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-02-09 19:31 . 2012-02-09 19:31 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-09 19:08 . 2012-02-09 19:08 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-09 19:08 . 2012-02-09 19:08 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-09 19:08 . 2012-02-09 19:09 -------- d-----w- c:\users\Ryan\AppData\Roaming\DAEMON Tools Lite
2012-02-09 19:08 . 2012-02-09 19:08 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-02-09 19:03 . 2012-02-09 19:03 -------- d-----w- c:\users\Ryan\AppData\Roaming\Roxio
2012-02-07 17:19 . 2012-02-07 17:19 0 ---ha-w- c:\users\Ryan\AppData\Local\BITD27A.tmp
2012-02-02 16:00 . 2012-02-02 17:29 -------- d-----w- c:\users\Ryan\AppData\Roaming\PCPro
2012-02-02 16:00 . 2012-02-02 16:00 -------- d-----w- c:\users\Ryan\AppData\Roaming\PC Cleaners
2012-02-02 16:00 . 2012-02-02 16:00 -------- d-----w- c:\programdata\PC1Data
2012-02-02 03:05 . 2012-02-02 03:05 -------- d-----w- c:\users\Ryan\AppData\Local\ElevatedDiagnostics
2012-02-01 22:46 . 2012-02-01 22:46 -------- d-----w- c:\programdata\Uniblue
2012-02-01 22:46 . 2012-02-01 22:46 -------- d-----w- c:\users\Ryan\AppData\Roaming\Uniblue
2012-02-01 22:46 . 2012-02-01 22:46 -------- d-----w- c:\program files (x86)\Uniblue
2012-01-30 21:55 . 2012-01-30 21:55 -------- d-----w- c:\users\Becca\AppData\Local\Mozilla
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\system32\vi-VN
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\system32\eu-ES
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\system32\ca-ES
2012-01-30 20:44 . 2012-01-30 20:44 -------- d-----w- c:\windows\system32\EventProviders
2012-01-30 20:42 . 2011-11-10 11:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-30 20:36 . 2012-01-30 20:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-30 01:59 . 2012-01-30 01:59 -------- d-----w- c:\users\Becca\AppData\Roaming\Yahoo!
2012-01-30 01:31 . 2012-01-30 01:31 -------- d-----w- C:\RebateInformer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 11:10 . 2010-01-03 04:55 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-01-13 1081416]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-11-28 46432]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 04:03]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 04:03]
.
2011-04-14 c:\windows\Tasks\User_Feed_Synchronization-{12ECB99D-00AB-48A8-BD64-67809E5DA21C}.job
- c:\windows\system32\msfeedssync.exe [2012-02-14 04:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\r5a2vp3k.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-16 13:51:42
ComboFix-quarantined-files.txt 2012-02-16 19:51
ComboFix2.txt 2012-02-13 17:55
ComboFix3.txt 2012-02-12 19:37
ComboFix4.txt 2012-02-11 14:04
.
Pre-Run: 212,997,038,080 bytes free
Post-Run: 212,986,986,496 bytes free
.
- - End Of File - - B1556404B3A11119BA4C36CF67763E17
 
No Change in windows loading area!! still having to run everything from task manager!! Here is sequence of boot

windowns loads fine to login screen-- click on login name and i get 00xc000022 error saying explorer.exe has failed to initializes- hit close windows loads blank screen nothing running-- error message apperers saying Microsoft mobile PC presentation adaptability client stopped working-- must hit close button--- second message windows explore has stopped working-- must hit close button-- from there i have a blank screen but can CTRL-ALT- DEL to task manager

hope something helps!!
 
Hi chiro.j.elliott,

I'm looking at another possible solution but in the meantime we'll remove the traces.

Lets give combofix a run in safemode. Boot to safe mode with networking.

Delete the copy of combofix you have from your desktop and download a new one from

Link 1
Link 2

Save it to your desktop. Do not run it.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code: 
Driver::
NDISRD

Registry::
[HKEY_CURRENT_USER\Control Panel\Desktop]
"foregroundlocktimeout"=dword:00030d40

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif
 
ComboFix 12-02-17.02 - Ryan 02/18/2012 13:20:08.2.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.3372 [GMT -6:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
Command switches used :: c:\users\Ryan\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DpPwdFlt.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NDISRD
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-18 19:26 . 2012-02-18 19:29 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2012-02-18 19:26 . 2012-02-18 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-18 19:26 . 2012-02-18 19:26 -------- d-----w- c:\users\Becca\AppData\Local\temp
2012-02-17 10:09 . 2012-01-17 10:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{929D0A21-9A37-4B32-AC5C-AE4396D4B85A}\mpengine.dll
2012-02-15 16:50 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-15 16:50 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-15 09:58 . 2012-02-15 09:58 -------- d-----w- c:\windows\SysWow64\spool
2012-02-15 09:58 . 2012-02-15 09:58 -------- d-----w- c:\program files\Windows Portable Devices
2012-02-15 09:58 . 2012-02-15 09:58 -------- d-----w- c:\program files (x86)\Windows Portable Devices
2012-02-15 09:39 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe
2012-02-15 09:04 . 2009-09-10 02:05 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2012-02-15 09:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2012-02-15 09:04 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-02-15 09:04 . 2009-09-10 02:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-02-15 09:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2012-02-15 09:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2012-02-14 23:54 . 2011-12-15 06:42 77312 ----a-w- c:\windows\system32\iesetup.dll
2012-02-14 23:53 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2012-02-14 23:53 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2012-02-14 23:53 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-02-14 23:53 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-02-14 23:53 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-02-14 23:53 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-02-14 23:53 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2012-02-14 23:53 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2012-02-14 23:53 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-14 23:53 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-14 23:53 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-14 23:52 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-14 23:52 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-02-14 23:52 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-14 23:52 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2012-02-14 23:52 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-14 23:51 . 2011-10-25 16:13 1570816 ----a-w- c:\windows\system32\quartz.dll
2012-02-14 23:51 . 2011-10-25 16:13 352256 ----a-w- c:\windows\system32\qdvd.dll
2012-02-14 23:51 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2012-02-14 23:51 . 2011-10-25 15:58 497152 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-02-14 23:51 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-14 23:51 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-14 23:49 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-14 23:48 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2012-02-14 23:48 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-02-14 23:48 . 2011-04-21 14:17 695296 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-02-14 23:48 . 2009-06-17 10:37 35328 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-02-14 23:47 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2012-02-14 23:47 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-14 23:40 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2012-02-14 23:40 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-14 20:14 . 2012-02-14 20:14 584192 ----a-w- C:\OTL.exe
2012-02-12 19:47 . 2012-02-12 19:47 -------- d-----w- c:\users\Ryan\AppData\Roaming\Malwarebytes
2012-02-12 19:46 . 2012-02-12 19:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-12 19:46 . 2012-02-12 19:46 -------- d-----w- c:\programdata\Malwarebytes
2012-02-12 19:46 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 13:46 . 2012-02-18 19:14 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-02-11 13:46 . 2012-02-18 19:14 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-02-09 19:31 . 2012-02-09 19:31 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-09 19:08 . 2012-02-09 19:08 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-09 19:08 . 2012-02-09 19:08 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-09 19:08 . 2012-02-09 19:09 -------- d-----w- c:\users\Ryan\AppData\Roaming\DAEMON Tools Lite
2012-02-09 19:08 . 2012-02-09 19:08 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-02-09 19:03 . 2012-02-09 19:03 -------- d-----w- c:\users\Ryan\AppData\Roaming\Roxio
2012-02-07 17:19 . 2012-02-07 17:19 0 ---ha-w- c:\users\Ryan\AppData\Local\BITD27A.tmp
2012-02-02 16:00 . 2012-02-02 17:29 -------- d-----w- c:\users\Ryan\AppData\Roaming\PCPro
2012-02-02 16:00 . 2012-02-02 16:00 -------- d-----w- c:\users\Ryan\AppData\Roaming\PC Cleaners
2012-02-02 16:00 . 2012-02-02 16:00 -------- d-----w- c:\programdata\PC1Data
2012-02-02 03:05 . 2012-02-02 03:05 -------- d-----w- c:\users\Ryan\AppData\Local\ElevatedDiagnostics
2012-02-01 22:46 . 2012-02-01 22:46 -------- d-----w- c:\programdata\Uniblue
2012-02-01 22:46 . 2012-02-01 22:46 -------- d-----w- c:\users\Ryan\AppData\Roaming\Uniblue
2012-02-01 22:46 . 2012-02-01 22:46 -------- d-----w- c:\program files (x86)\Uniblue
2012-01-30 21:55 . 2012-01-30 21:55 -------- d-----w- c:\users\Becca\AppData\Local\Mozilla
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\system32\vi-VN
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\system32\eu-ES
2012-01-30 21:30 . 2012-02-02 18:21 -------- d-----w- c:\windows\system32\ca-ES
2012-01-30 20:44 . 2012-01-30 20:44 -------- d-----w- c:\windows\system32\EventProviders
2012-01-30 20:42 . 2011-11-10 11:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-30 20:36 . 2012-01-30 20:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-30 01:59 . 2012-01-30 01:59 -------- d-----w- c:\users\Becca\AppData\Roaming\Yahoo!
2012-01-30 01:31 . 2012-01-30 01:31 -------- d-----w- C:\RebateInformer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 11:10 . 2010-01-03 04:55 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-16_19.45.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 15:45 . 2012-02-16 20:10 96904 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-23 23:54 . 2012-02-15 16:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-23 23:54 . 2012-02-17 10:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-23 23:54 . 2012-02-15 16:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-23 23:54 . 2012-02-17 10:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-23 23:54 . 2012-02-17 10:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-23 23:54 . 2012-02-15 16:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-23 23:58 . 2012-02-16 20:10 9604 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-439345834-1935634858-439274127-1000_UserData.bin
- 2009-02-23 23:58 . 2012-02-14 20:29 9604 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-439345834-1935634858-439274127-1000_UserData.bin
- 2012-02-15 10:00 . 2012-02-15 10:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-18 19:28 . 2012-02-18 19:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-15 10:00 . 2012-02-15 10:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-18 19:28 . 2012-02-18 19:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-24 00:41 . 2012-02-18 14:49 522368 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:46 . 2012-02-18 19:09 603516 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-02-18 19:09 103586 c:\windows\system32\perfc009.dat
+ 2012-01-31 17:11 . 2012-02-18 19:01 263116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-31 17:11 . 2012-01-31 17:11 263116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-16 20:05 . 2012-02-18 19:02 263884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-439345834-1935634858-439274127-1000-8192.dat
- 2006-11-02 12:33 . 2012-02-15 10:01 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2012-02-16 20:05 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-01-13 1081416]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-11-28 46432]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 04:03]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 04:03]
.
2011-04-14 c:\windows\Tasks\User_Feed_Synchronization-{12ECB99D-00AB-48A8-BD64-67809E5DA21C}.job
- c:\windows\system32\msfeedssync.exe [2012-02-14 04:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\r5a2vp3k.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-18 13:35:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-18 19:35
ComboFix2.txt 2012-02-16 19:51
ComboFix3.txt 2012-02-13 17:55
ComboFix4.txt 2012-02-12 19:37
ComboFix5.txt 2012-02-18 19:18
.
Pre-Run: 212,602,757,120 bytes free
Post-Run: 212,493,230,080 bytes free
.
- - End Of File - - 1DF030B2B19909902F309DB271449142
 
well just out of curiosity I tried logging into the other personal account (my Sisters) set up on this computer and even is safe mode I get the 00xc000022 error and when I get there I can run nothing in Task Manager!! just thought you might want to know not sure if it means anything!!!
 
Hi chiro.j.elliott,

The symptom seem to match a failed SP2 install.

I think we have removed all the malware. I don't know if the infection was present before or after you installed SP2. If it was present before then it's possible it caused the service pack to install incorrectly or the SP just didn't install correctly.

Since we just removed some malware I think the best method to try is uninstalling the SP. Before we go there let's try a bit more troubleshooting as it may be an incompable driver.

In Task Manager
  • click file
  • click New Task(Run...)
  • type the following line into the open: field
    msconfig.exe
  • click ok
System Configuration Utility should open.

1. On the General tab, click to select the option Selective startup
2. click to clear the option Load startup items
3. On the Services tab, click to select the Hide all Microsoft services check box, (make sure this is checked or you could loose all system restore points)
4. then click Disable all
5. click ok then restart

Problem still there?
 
Hi chiro.j.elliott,

Well the only option left is to try to uninstall Service Pack2.

Go back into msconfig. On the General tab click the Normal Startup option, and then click OK.

Reboot when prompted.

In Task Manager
  • click file
  • click New Task(Run...)
  • type the following line into the open: field
    Appwiz.cpl
  • click ok
You should now be shown a lists of installed programs.
  • Click View installed updates.
  • On the Uninstall an update page, click Service Pack for Microsoft Windows (KB948465), and then click Uninstall.
  • Follow the instructions on your screen.
 
Hi chiro.j.elliott,

Sorry I didn't see you had replied.

I'm down to my last 2 suggestions. One having some Windows Tech guys look at this and the other is trying system Restore to the time SP2 was installed.

I'd like to try the Techs first since System Restore may work but may also reintroduce any infections that were present at the time. We just got this clean but if it come down to it we can clean it again.

Go HERE , there is a link to either register (you will need to register if you aren't all ready) or log in near the top. Once you have registered/logged in Go to the Microsoft Windows™ Forum, Start a new topic explaining the problem. Also post a link to this topic so they can see what we have done/tried.

since the proper procedure for removing some of the tools will remove some system restore points I'll leave the tools on the computer for now. The quarantined items will also remain on the computer. I'll leave this thread open so you can post here any requests the Tech may need in regard to the tools. I'll keep an eye on your new thread, we can continue here once your are finished there.
 
Last edited:
Status
Not open for further replies.
Back
Top