Jump to content


Photo
- - - - -

Infected by Malware, desktop files missing


  • This topic is locked This topic is locked
6 replies to this topic

#1 zen824

zen824

    New Member

  • Members
  • Pip
  • 3 posts

Posted 18 February 2013 - 10:45 PM

I have tried on previous thread that others have posted but was not able to recover the files on my desktop..
Urgently need help...Have run OTL with the following Results :

OTL logfile created on: 19/2/2013 10:43:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian_Lim\Documents
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1.85 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 33.86% Memory free
3.95 Gb Paging File | 2.65 Gb Available in Paging File | 67.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.88 Gb Total Space | 190.86 Gb Free Space | 82.67% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.95 Gb Free Space | 97.47% Space Free | Partition Type: NTFS

Computer Name: L11109429 | User Name: localadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 14:11:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julian_Lim\Documents\OTL.exe
PRC - [2012/08/15 22:46:51 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Julian_Lim\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/07/30 16:13:04 | 005,164,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/22 16:45:58 | 000,803,560 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\VistaCPMonitor.exe
PRC - [2012/06/22 16:45:46 | 004,850,920 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\DataProvider.exe
PRC - [2012/06/22 16:45:46 | 002,282,216 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\AATray.exe
PRC - [2012/06/22 16:45:46 | 002,143,464 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\Sync.exe
PRC - [2012/06/22 16:45:46 | 001,004,264 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\SOCIAccess.exe
PRC - [2012/06/22 16:45:46 | 000,159,976 | ---- | M] (IBM Corporation) -- C:\Program Files\Encentuate\ObsService.exe
PRC - [2012/03/19 14:08:14 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2012/03/19 14:08:12 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2012/03/19 14:08:06 | 001,906,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2012/03/19 14:08:06 | 001,471,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2012/03/19 14:08:06 | 000,357,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
PRC - [2012/03/19 14:08:04 | 001,851,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/01/21 04:10:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/01/21 04:10:00 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_cf0a9cf3\stacsv.exe
PRC - [2010/01/14 13:51:08 | 000,263,488 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcagswd.exe
PRC - [2010/01/14 13:51:04 | 004,228,416 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcags.exe
PRC - [2010/01/14 13:50:30 | 008,422,720 | ---- | M] (McAfee Inc.) -- C:\Program Files\McAfee\DLP\Agent\fcag.exe
PRC - [2009/11/11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_cf0a9cf3\AEstSrv.exe
PRC - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/01/08 21:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Julian_Lim\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/09/01 16:38:08 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2008/09/01 16:38:06 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2008/08/08 15:53:44 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
PRC - [2008/01/21 10:24:58 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/02/14 12:27:26 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/22 16:45:46 | 001,004,264 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\Encentuate\SOCIAccess.exe -- (SOCIAccess)
SRV - [2012/06/22 16:45:46 | 000,159,976 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\Encentuate\ObsService.exe -- (ObsService)
SRV - [2012/03/19 14:08:14 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2012/03/19 14:08:14 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2012/03/19 14:08:06 | 001,906,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2012/03/19 14:08:06 | 000,357,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2012/03/19 14:08:04 | 001,851,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/05/26 18:14:20 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/21 04:10:00 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_cf0a9cf3\stacsv.exe -- (STacSV)
SRV - [2010/01/14 13:51:04 | 004,228,416 | ---- | M] (McAfee Inc.) [Auto | Running] -- C:\Program Files\McAfee\DLP\Agent\fcags.exe -- (McAfeeDLPAgentService)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/09/02 18:03:36 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2009/03/03 02:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_cf0a9cf3\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/09/26 12:51:38 | 001,712,128 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2008/09/01 16:38:08 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2008/09/01 16:38:06 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2008/08/08 15:53:44 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/01/21 10:23:07 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfesmfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/02/18 18:32:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/01/17 17:00:00 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130218.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/17 17:00:00 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130218.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/27 23:52:20 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2012/08/15 16:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/15 16:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/19 12:50:59 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/19 14:08:18 | 000,043,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2012/03/19 14:08:16 | 000,043,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2012/03/19 14:08:14 | 000,321,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2012/03/19 14:08:14 | 000,287,352 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2012/03/19 14:08:10 | 000,099,744 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2012/03/19 14:08:10 | 000,038,352 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WGX.SYS -- (WGX)
DRV - [2012/03/19 14:06:20 | 000,043,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer3.sys -- (Teefer3)
DRV - [2010/08/31 05:05:16 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/07/12 21:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/07/12 21:48:56 | 000,073,032 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/05/18 13:06:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/05/18 13:06:12 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2010/05/18 13:06:12 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2010/02/26 15:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/21 04:10:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/01/14 13:50:26 | 000,030,792 | ---- | M] (McAfee Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\fcdrv5.sys -- (fcdrv5)
DRV - [2010/01/14 13:50:24 | 000,024,648 | ---- | M] (McAfee Inc.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fcdrv4.sys -- (fcdrv4)
DRV - [2010/01/14 13:50:22 | 000,097,864 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fcdrv3.sys -- (fcdrv3)
DRV - [2010/01/14 13:50:20 | 000,114,760 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fcdrv2.sys -- (fcdrv2)
DRV - [2010/01/14 13:50:20 | 000,066,120 | ---- | M] (McAfee Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\fcdrv1.sys -- (fcdrv1)
DRV - [2009/12/10 09:40:52 | 000,197,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress)
DRV - [2009/10/05 13:03:20 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009/09/18 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/09/02 18:02:46 | 000,048,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/02 18:01:36 | 000,343,760 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/07/20 15:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/10 18:21:45 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/07/08 13:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/08 13:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/01/13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/08/28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/01/21 10:23:00 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 15:30:53 | 000,052,224 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc21x4vm.sys -- (dc21x4vm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}



========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0E33DD4F-A358-4b33-922F-A34A5DA07024}: C:\Program Files\Encentuate\Firefox_ext [2012/10/18 13:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2CF6AC3D-EDE7-4f33-92A4-50E0B1EB4E0E}: C:\Program Files\Encentuate\Firefox_xpcom [2012/10/18 13:06:46 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://mysportsnet.ssc.gov.sg/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://mysportsnet.ssc.gov.sg/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Julian_Lim\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Julian_Lim\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Julian_Lim\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Chrome IE Tab (Enabled) = C:\Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.5.14.1_0\plugin/blackfishietab.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Julian_Lim\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Julian_Lim\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Julian_Lim\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Julian_Lim\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Julian_Lim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Facebook = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Facepad for Facebook\u2122 = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgaknhmchnjaphondjciheacngggiclo\4.0_0\
CHR - Extension: Google Search = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Tasks (by Google) = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: Google Calendar = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: PanicButton = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: IE Tab = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.10.10.1_0\
CHR - Extension: Apple Shooter = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\4.0.0_0\
CHR - Extension: PDF to Word Converter App = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam\2.1_0\
CHR - Extension: TransferBigFiles.com Gmail Extension = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajnjaghjodocddaglgghffgacnoepgf\1.0.14_0\
CHR - Extension: Evernote Web = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Google Maps = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Mail Checker = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Gtalklet = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijcfiakajpjojbebgmoahoddbeafckk\0.6.2.5_0\
CHR - Extension: Gmail = \Users\Julian_Lim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (CEnBrowserListener Object) - {089D765F-DF2D-42EA-8013-E9F6BCE95216} - C:\Program Files\Encentuate\WebSSOAgent.dll (IBM Corporation)
O2 - BHO: (McAfee DLP Internet Explorer Plugin) - {4B988589-D11C-4762-806E-0E4A6EC5F76B} - C:\Program Files\McAfee\DLP\Agent\fcplie.dll (McAfee Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ViewerHelper Class) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Communicator 2007 R2.lnk ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: consentpromptbehavioradmin = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: filteradministratortoken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.208.1.96 10.208.1.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = soe.sgnet.gov.sg
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D633520-3F74-438B-AA6E-68A205BA4A67}: DhcpNameServer = 10.208.1.96 10.208.1.95
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C8ACC43-3894-4207-97D8-78847A3E2825}: DhcpNameServer = 165.21.83.88 165.21.100.88
O18 - Protocol\Handler\rmh {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Filter\application/msword {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-excel {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-powerpoint {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd-viewer {CD4527E8-4FC7-48DB-9806-10537B501237} - C:\Program Files\Microsoft\Rights Management Add-on\rmadoc.exe (Microsoft Corporation)
O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Encentuate\EncUserInit.exe C:\Windows\system32\userinit.exe) - C:\Program Files\Encentuate\EncUserInit.exe (IBM Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/19 10:39:09 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/02/18 18:29:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/02/18 18:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/18 18:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/18 18:28:48 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/18 18:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/18 18:28:11 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.70.0.1100.exe
[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Templates
[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Start Menu
[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\SendTo
[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Recent
[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\PrintHood
[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\NetHood
[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\My Documents
[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Local Settings
[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Cookies
[2013/02/18 17:17:42 | 000,000,000 | -HSD | C] -- C:\Users\localadmin\Application Data
[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Videos
[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Pictures
[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Music
[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Links
[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Favorites
[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Downloads
[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Documents
[2013/02/18 17:17:39 | 000,000,000 | R--D | C] -- C:\Users\localadmin\Desktop
[2013/02/18 17:17:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin\Saved Games
[2013/02/18 17:17:39 | 000,000,000 | ---D | C] -- C:\Users\localadmin\AppData
[2013/02/15 12:34:56 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/15 12:34:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/15 12:34:02 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/15 12:34:02 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/14 12:27:24 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/14 12:27:24 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/14 12:10:55 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/02/14 12:10:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/02/14 12:09:38 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/02/14 12:09:37 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/02/14 12:09:37 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/14 12:09:37 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/14 12:09:37 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/14 12:09:36 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/14 12:09:36 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/14 12:09:35 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/02/14 12:09:34 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/02/14 12:08:47 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/02/14 12:08:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2013/02/04 10:40:52 | 000,946,176 | ---- | C] (IBM Corporation and others) -- C:\Windows\System32\icuuc34.dll
[2013/02/04 10:40:51 | 000,843,776 | ---- | C] (IBM Corporation and others) -- C:\Windows\System32\icuin34.dll
[2013/02/04 10:40:50 | 008,847,360 | ---- | C] (IBM Corporation and others) -- C:\Windows\System32\icudt34.dll
[2013/02/04 10:33:35 | 000,089,600 | ---- | C] (SAP AG) -- C:\Windows\System32\libsapu16vc90.dll
[2013/02/04 10:33:34 | 005,075,456 | ---- | C] (SAP AG) -- C:\Windows\System32\librfc32u.dll
[2013/02/04 10:31:20 | 000,721,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vb40032.dll
[2013/02/04 10:31:20 | 000,068,640 | ---- | C] (MicroHelp, Inc.) -- C:\Windows\System32\Gauge32.OCX
[2013/02/04 10:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAP Front End
[2013/02/04 10:30:16 | 000,114,688 | ---- | C] (heilerSoftware) -- C:\Windows\System32\h5dlg32.dll
[2013/02/04 10:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SAP Shared
[2013/02/04 10:28:54 | 000,000,000 | ---D | C] -- C:\SAP
[2013/02/04 10:28:54 | 000,000,000 | ---D | C] -- \SAP
[2013/02/04 10:28:31 | 000,133,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcans32.dll
[2013/02/04 10:28:30 | 004,220,928 | ---- | C] (SAP AG) -- C:\Windows\System32\librfc32.dll
[2013/02/04 10:28:29 | 001,708,648 | ---- | C] (SAP, Walldorf) -- C:\Windows\System32\SAPbtmp.dll

========== Files - Modified Within 30 Days ==========

[2013/02/19 10:52:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1216582894-834684500-1334827815-125591UA.job
[2013/02/19 10:43:37 | 000,000,474 | ---- | M] () -- C:\Windows\SMSCFG.INI
[2013/02/19 10:39:55 | 000,099,912 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/02/19 10:39:07 | 000,003,808 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/19 10:39:07 | 000,003,808 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/19 10:38:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/19 10:38:25 | 1989,550,080 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/19 10:25:05 | 000,017,176 | ---- | M] () -- C:\Windows\System32\results.xml
[2013/02/19 10:24:33 | 000,640,504 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/19 10:24:33 | 000,122,322 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/19 09:39:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/19 09:14:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1216582894-834684500-1334827815-125591UA.job
[2013/02/19 05:14:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1216582894-834684500-1334827815-125591Core.job
[2013/02/18 22:52:01 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1216582894-834684500-1334827815-125591Core.job
[2013/02/18 18:32:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/02/18 17:39:09 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.70.0.1100.exe
[2013/02/15 12:33:27 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/02/15 12:33:20 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/15 12:33:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/02/15 12:33:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/02/15 12:33:18 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/02/15 12:33:18 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/02/15 12:26:11 | 000,442,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/14 12:27:24 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/14 12:27:24 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/13 09:46:23 | 277,111,083 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2013/02/19 10:25:05 | 000,017,176 | ---- | C] () -- C:\Windows\System32\results.xml
[2013/02/18 18:28:11 | 010,156,344 | ---- | C] () -- \mbam-setup-1.70.0.1100.exe
[2013/02/18 17:17:39 | 000,000,258 | ---- | C] () -- C:\Users\localadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/02/18 17:17:39 | 000,000,240 | ---- | C] () -- C:\Users\localadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/02/14 12:27:26 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/04 10:30:18 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll
[2013/02/04 10:30:17 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll
[2013/02/04 10:30:17 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll
[2013/02/04 10:30:16 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll
[2013/02/04 10:30:16 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll
[2012/09/06 14:06:47 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2011/09/13 14:48:45 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/09/13 14:46:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/09/13 14:39:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/10/21 16:17:18 | 000,099,912 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/21 15:26:54 | 1989,550,080 | -HS- | C] () -- \hiberfil.sys
[2009/07/10 17:55:47 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2006/11/02 18:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 14:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2006/11/02 20:54:32 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >

#2 zen824

zen824

    New Member

  • Members
  • Pip
  • 3 posts

Posted 18 February 2013 - 11:04 PM

From Extra.txt

OTL Extras logfile created on: 19/2/2013 10:43:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julian_Lim\Documents
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1.85 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 33.86% Memory free
3.95 Gb Paging File | 2.65 Gb Available in Paging File | 67.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.88 Gb Total Space | 190.86 Gb Free Space | 82.67% Space Free | Partition Type:

NTFS
Drive D: | 2.00 Gb Total Space | 1.95 Gb Free Space | 97.47% Space Free | Partition Type: NTFS

Computer Name: L11109429 | User Name: localadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File

Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%

\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --

playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-

playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft

Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 513

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\FirewallRules]
"{1CB3442B-5EBA-4EAD-A37E-515BCED72B54}" = rport=3702 | protocol=17 | dir=out | svc=bits |

app=%systemroot%\system32\svchost.exe |
"{276B88EF-32AF-464A-9E9C-598EC866D94D}" = lport=6004 | protocol=17 | dir=in | app=c:\program

files\microsoft office\office12\outlook.exe |
"{3164CB84-D8EC-40F4-A160-72FCCD97C961}" = lport=137 | protocol=17 | dir=in | app=system |
"{4EA17E62-A247-4FC7-ADD7-CA0B362098C3}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=

%systemroot%\system32\svchost.exe |
"{56B00F54-191B-415C-A3D6-515185DA1BD2}" = lport=445 | protocol=6 | dir=in | app=system |
"{6178B59B-957F-45B4-8D40-4FBDEF762BBC}" = rport=139 | protocol=6 | dir=out | app=system |
"{6F295795-4F4E-407A-8C08-DFF93DAC1738}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |

app=%systemroot%\system32\svchost.exe |
"{92758D7B-7060-4D8B-897C-45DAF9126C91}" = lport=2178 | protocol=6 | dir=in | app=system |
"{B3719137-8070-4A49-BD22-F421680BF97A}" = lport=138 | protocol=17 | dir=in | app=system |
"{B5E0FBD8-6B3E-47A9-B696-11FA460B85BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{B69095C1-1B03-489C-BDA0-9716FCA4BAE3}" = rport=445 | protocol=6 | dir=out | app=system |
"{C8B8B506-997C-4595-8762-B72B8133C1C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |

name=@firewallapi.dll,-28539 |
"{D07D6C5A-626C-4132-AA2C-72648D2638C4}" = rport=2178 | protocol=6 | dir=out | app=system |
"{D452BB6B-FDE4-4FBF-B2F7-95B42FC887ED}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=

%systemroot%\system32\svchost.exe |
"{D4D9F6FF-7F78-4719-BE16-2596E5622D84}" = lport=rpc | protocol=6 | dir=in | svc=spooler |

app=%systemroot%\system32\spoolsv.exe |
"{F06C0A99-A725-4C72-A879-CF846EA3484F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0C83A95-F1AE-44EC-A95C-444C9DF9A9AE}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

\FirewallRules]
"{0BCE40B7-55C5-4925-9619-A1F299AF7B1E}" = protocol=6 | dir=in | app=c:\program files\common

files\symantec shared\ccapp.exe |
"{205DD849-DD95-476B-A45D-A78D4B718B34}" = protocol=6 | dir=in | app=c:\program files\microsoft

office communicator\communicator.exe |
"{2B378E66-936D-484B-A86C-815A5C4DCF1E}" = protocol=6 | dir=in | app=c:\program files\common

files\symantec shared\ccapp.exe |
"{4E357FCC-5C3F-430C-A3E3-A62F7508F200}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545

|
"{5214318C-7B45-4DB4-8C9B-3156B16F6619}" = protocol=17 | dir=in | app=c:\program files

\microsoft office communicator\communicator.exe |
"{7467EC6E-4B02-40B8-9C83-D78CED83CB7C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546

|
"{80AA31E9-0B2E-415B-9E31-183709340B09}" = protocol=6 | dir=in | app=c:\program files\symantec

\symantec endpoint protection\smc.exe |
"{8354FD11-C961-4E30-BA6D-6066E0463FE5}" = protocol=17 | dir=in | app=c:\program files

\microsoft office communicator\communicator.exe |
"{8695CA23-632A-4935-818E-5720189955DC}" = protocol=17 | dir=in | app=c:\program files

\symantec\symantec endpoint protection\snac.exe |
"{8960E1A5-3C81-4314-B7A0-99D96B2CC521}" = protocol=17 | dir=in | app=c:\program files

\symantec\symantec endpoint protection\snac.exe |
"{90C079BD-FDE1-4508-891A-B2A9FE0CF64F}" = protocol=6 | dir=in | app=c:\program files\symantec

\symantec endpoint protection\snac.exe |
"{A0B7359A-06AA-43C3-97C6-91B5216CE8E1}" = protocol=6 | dir=in | app=c:\program files\symantec

\symantec endpoint protection\snac.exe |
"{A1DA5BBE-061C-4702-9124-A7F1A09DFBC2}" = protocol=6 | dir=in | app=c:\program files\symantec

\symantec endpoint protection\smc.exe |
"{B2165FFA-819D-49C8-82DF-761B6B2B2436}" = protocol=17 | dir=in | app=c:\program files

\symantec\symantec endpoint protection\smc.exe |
"{BB6C5A31-F4FF-409B-B9B5-47DB4B41B7D6}" = protocol=17 | dir=in | app=c:\program files\common

files\symantec shared\ccapp.exe |
"{C23213BC-1E78-4A2B-86D9-9F107A56438D}" = protocol=17 | dir=in | app=c:\program files

\symantec\symantec endpoint protection\smc.exe |
"{D2AF204B-2C01-438D-B873-362334903810}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544

|
"{DDB700B8-41BA-4C15-9A78-7853B6B8F24C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F0AACEE5-0FCE-445E-BC50-48EB80A8F231}" = protocol=6 | dir=in | app=c:\program files\microsoft

office communicator\communicator.exe |
"{FB169F4D-69AD-4120-98A4-8648442E96BF}" = protocol=17 | dir=in | app=c:\program files\common

files\symantec shared\ccapp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C1BA7F-527E-4D4F-859D-071245EDE309}" = EDS MSOffice Set Primary Language UK 1.0(1)
"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2(1)
"{1411F4A8-CC2C-4E69-A638-578E232D6DEE}" = SSC Outlook Signature 1.0(2)
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2D781F8E-DF4B-4D99-913E-1EE9CA35601C}" = Video Lan VLC Media Player 1.0.5(1)
"{304F6A42-3302-4795-B221-B5F30E47CC19}" = IBM TAM E-SSOAccessAgent UIController 8.0.1.11(1)
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3505E1E2-8127-4681-A3EC-F9B5CAAA07C9}" = Rights Management Add-on for Internet Explorer
"{3566A6AF-5E16-450E-82FA-725A6361716A}" = eWebEditPro+XML 5 with WebImageFX Client
"{39A65E04-9D1C-4834-9E42-C92A4C3411D1}" = Symantec EndPoint Disable CAB Scanning 1.0(1)
"{3DB9856C-40AF-451B-B71E-05CA651F377A}" = Oracle Jinitiator 1.3.1.9(1)
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4599b9be-ea19-4944-952b-cee73900f38e}.sdb" = Java
"{4B62131E-3159-4CDF-9F1B-230046FAF0B1}" = Microsoft RSClientPrint2008 ActiveX 10.50.2500(1)
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5E8B9CBE-1247-440F-9622-AEF50A42838E}" = Acro CutePDF Writer 2.8(1)
"{6225A276-829E-407D-97A1-DF99AF001F84}" = GPLGS Converter 1.0(1)
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{6D8D3E5B-F7B8-4DCB-84B7-5B0DAC453580}" = Ektron DMS400 Client
"{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}" = Microsoft Office LiveMeeting 2007 R2(1)
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{7299052B-02A4-4627-81F2-1818DA5D550D}" = Microsoft Visual C++ 2005 Redistributable
"{73E5146F-C2CF-4A2C-A4E1-1A64B9706400}" = iPassConnect
"{829AC692-C6F1-4FC2-849B-F7DD74C1E3E2}" = McAfee DLP Agent
"{8461C192-EA40-4F9F-AA0A-47C17399AEF9}" = Symantec Endpoint Protection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F5F0A-BE2D-4763-B764-BF6EFE93A68B}" = Adobe Flash Player 11 ActiveX
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1

(x86)
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" =

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" =

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" =

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007

Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English)

2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English)

2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" =

Microsoft Office 2007 Service Pack 3 (SP3)
"{98F75186-F255-4884-A4CA-0C859E85AF85}" = FTDI USB Device Driver 2.08.02(1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86

9.0.30729.17
"{9B92B20A-6A19-428F-8BD0-52DF859B1C61}" = Adobe Shockwave Player 11.6
"{9FEAC0B9-289F-4BB8-A5FA-7A5D20D794C7}" = Microsoft Office Livemeeting 2007 Outlook Plugin R2

(1)
"{A32DAA91-0EF5-435A-ABFC-47B47482A720}" = Innervations Ballistic MeasurementSys 2011.0.1(1)
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1

(x86)
"{A8CF0D2D-4B00-4967-93EB-CDC767A2E255}" = IBM TAM E-SSO AccessAgent User 8.1.0.0130_0144(2)
"{AB6FFA58-F491-11D3-8951-000000015799}" = iPassConnect
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
"{AC76BA86-7AD7-2448-0000-A00000000003}" = Chinese Traditional Fonts Support For Adobe Reader X
"{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{B65D9480-CA42-468D-9B70-AB927A769219}" = AUOClient
"{BDEAA6D1-16BD-4950-B834-DD629BAD42C9}" = HP REMAS Cisco VPN Profiles 4.0(2)
"{C2B2F358-0FA0-4D89-B0C1-9BFB23C87B29}" = WebTrends Report Exporter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP 1(2)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1

(x86)
"{D952C4F9-2488-3723-84BE-1BFA907DCAC9}" = Google Talk Plugin
"{D9D2DF7C-BC47-45B3-A21B-F8BEF33AC492}" = SSC JRE DisableNextGenJavaPlugin 1.6.0.37(1)
"{DE9145F3-2528-4449-8F27-D33661D9F3F3}" = Lotus Notes 8.0.2 (Basic)
"{E4DD98E9-48ED-4FDF-AE14-5A20A4D18414}" = SEP Remediation Script 2.0(2)
"{e661a234-b6cc-42f1-88d5-1d01725b81e3}.sdb" = javaw
"{EDB3CE7B-D1FB-43E6-BE5C-F30644F8A42F}" = SSC VPN Profile 1.0(1)
"{EEDE649C-7181-40AD-91AB-0D1AB22607C7}" = TAM E-SSO AccessAgent
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco VPN Client 5.0.05.0290(1)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"DWG TrueView 2011" = DWG TrueView 2011
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROPLUS" = Microsoft Office Professional Plus 2007
"SAPGUI710" = SAP GUI for Windows 7.20

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/6/2012 5:00:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
external.zen824. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need to
double-check the DNS A record configuration for external.zen824 because
it could not be resolved.

Error - 8/6/2012 5:02:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sgkdhmcpool1.zen824. Resolution: If you are using manual configuration
for Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sgkdhmcpool1.zen824
because it could not be resolved.

Error - 8/6/2012 5:02:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
external.zen824. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need to
double-check the DNS A record configuration for external.zen824 because
it could not be resolved.

Error - 8/6/2012 5:02:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sgkdhmcpool1.zen824. Resolution: If you are using manual configuration
for Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sgkdhmcpool1.zen824
because it could not be resolved.

Error - 8/6/2012 5:02:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
external.zen824. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need to
double-check the DNS A record configuration for external.zen824 because
it could not be resolved.

Error - 8/6/2012 5:03:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sgkdhmcpool1.zen824. Resolution: If you are using manual configuration
for Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sgkdhmcpool1.zen824
because it could not be resolved.

Error - 8/6/2012 5:03:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
external.zen824. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need to
double-check the DNS A record configuration for external.zen824 because
it could not be resolved.

Error - 8/6/2012 5:03:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sgkdhmcpool1.zen824. Resolution: If you are using manual configuration
for Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sgkdhmcpool1.zen824
because it could not be resolved.

Error - 8/6/2012 5:03:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
external.zen824. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need to
double-check the DNS A record configuration for external.zen824 because
it could not be resolved.

Error - 8/6/2012 5:04:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sgkdhmcpool1.zen824. Resolution: If you are using manual configuration
for Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sgkdhmcpool1.zen824
because it could not be resolved.

Error - 8/6/2012 5:04:14 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
external.zen824. Resolution: If you are using manual configuration for
Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need to
double-check the DNS A record configuration for external.zen824 because
it could not be resolved.

Error - 8/6/2012 5:04:44 AM | Computer Name = L11109429.zen824 | Source = Communicator | ID =

15728643
Description = Communicator was unable to resolve the DNS hostname of the login server
sgkdhmcpool1.zen824. Resolution: If you are using manual configuration
for Communicator, please check that the server name is typed correctly and in full.
If you are using automatic configuration, the network administrator will need
to double-check the DNS A record configuration for sgkdhmcpool1.zen824
because it could not be resolved.

[ OSession Events ]
Error - 13/12/2010 6:39:47 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 29828
seconds with 4020 seconds of active time. This session ended with a crash.

Error - 17/2/2011 4:18:11 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15215
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 27/2/2011 10:12:45 PM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 78
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/8/2011 12:42:05 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 89150
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 8/11/2011 3:53:45 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 16119
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 23/3/2012 2:56:30 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 18382
seconds with 300 seconds of active time. This session ended with a crash.

Error - 23/4/2012 10:43:53 PM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 503025
seconds with 2520 seconds of active time. This session ended with a crash.

Error - 29/8/2012 4:40:13 AM | Computer Name = L11109429.zen824 | Source = Microsoft Office 12

Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 284
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/2/2012 8:00:04 AM | Computer Name = L11109429.zen824 | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain SOE due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain

controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 3/2/2012 8:27:31 AM | Computer Name = L11109429.zen824 | Source = Microsoft-Windows-

GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 3/2/2012 8:35:35 AM | Computer Name = L11109429.zen824 | Source = Microsoft-Windows-

GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 6/2/2012 12:02:44 AM | Computer Name = L11109429.zen824 | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain SOE due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain

controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 6/2/2012 12:02:45 AM | Computer Name = L11109429.zen824 | Source = Microsoft-Windows-

GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 6/2/2012 12:02:49 AM | Computer Name = L11109429.zen824 | Source = Microsoft-Windows-

GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 6/2/2012 12:04:03 AM | Computer Name = L11109429.zen824 | Source = DCOM | ID = 10005
Description =

Error - 6/2/2012 12:04:03 AM | Computer Name = L11109429.zen824 | Source = Service Control

Manager | ID = 7009
Description =

Error - 6/2/2012 12:04:03 AM | Computer Name = L11109429.zen824 | Source = Service Control

Manager | ID = 7000
Description =

Error - 6/2/2012 12:15:44 AM | Computer Name = L11109429.zen824 | Source = DCOM | ID = 10010
Description =


< End of report >

#3 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 19 February 2013 - 08:36 AM

Hello Zen824 and welcome to MalwareBytes forums.

Please do not try anything else on your own. You should not have copy-catted anyone else's fixes. Not a good idea on your own.
Did you also know making the 1st reply to your own original post makes the request harder to spot ??

Always Copy and Paste any log I ask for. You may use a separate post for each, as needed.
Treat this computer as if it were in isolation / quarantine.
No websurfing, no online transactions.

About when did this issue first start? Was there a significant or noticeable "message/warning" just before or during the original incident?

Please read all my directions. If you have a question, STOP and ask first.
DO NOT make changes or additions on your own.

Do as much as possible of the following:
Step 1
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html

Step 2
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

There will be -lots- to do later.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 19 February 2013 - 10:19 AM

@Zen824
Questions for you: Is this connected to a local network?
Does this system belong to a corporate entity or an organization?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#5 zen824

zen824

    New Member

  • Members
  • Pip
  • 3 posts

Posted 19 February 2013 - 11:32 AM

@Zen824
Questions for you: Is this connected to a local network?
Does this system belong to a corporate entity or an organization?

Yes it is connected to a local network. System belong to an organization..wil try other your steps tmr..

#6 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 19 February 2013 - 11:46 AM

"This system" must be disconnected from your network.

Reminder that you have other support options:
If you are in an organization or a corporate customer, contact Corporate Support for assistance.

If you would like to use our Malwarebytes Premium Consumer Services partner
Comprehensive fee based solutions to all your computer support needs — from installation and set-up to troubleshooting and tune-ups please go to the Malwarebytes Premium Services support site.
These fee based services are provided by a third-party vendor and not directly by the Malwarebytes Corporation
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#7 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 24 February 2013 - 01:55 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users