1

Just of today my pc has suddenly been acting-up when I attempt to launch a number of exe files (applications) including the System Restore application. I receive this error message, "This file does not have a program associated with it for performing this action. Create an association in the Set Association control panel."

However most programs are cabable of being launched successfully and others can't. My os is Vista.

Should I carry out all preparations as per thread "Read before Posting a request for Assistance" dated 16 July 2008 or is there an express version?

Any guidance you can provide would be appreciated.

2
Contributors
15
Replies
16
Views
5 Years
Discussion Span
Last Post by ejohnson
0

The Read Me First sticky is what we require. The date refers to when it was first posted, it IS kept up to date. No, there is no express version, all steps must be done, in order. If you have a problem with one, move onto the next. We need ALL the logs to be copy/pasted, NOT attached, we will not open attached files. After we see all the logs then we can advise the next steps needed.

0

The Read Me First sticky is what we require. The date refers to when it was first posted, it IS kept up to date. No, there is no express version, all steps must be done, in order. If you have a problem with one, move onto the next. We need ALL the logs to be copy/pasted, NOT attached, we will not open attached files. After we see all the logs then we can advise the next steps needed.

OK, thanks for the quick response, as requested I'm carrying out the Read Me First sticky and managed to perform the fist action uninstalling the P2P application.

However, item 2,

2 – Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003, 7 & Vista ONLY)
• You can put ATF-Cleaner on your Desktop for easy access. Leave it for now.

has hit a snag, after downloading it I cannot launch it because I receive the message,

"This file does not have a program associated with it for performing this action. Create an an association in the Set Association control panel."

Any suggestions to circumvent this?

0

Download this file and save it to the desktop. If you can't download with the infected machine then use another clean computer, save the file on a flash drive and take it to the infected one and install from there.
http://download.bleepingcomputer.com/reg/FixNCR.reg

Double click on the file to fix the registry and after that you should be able to run programs normally. If it doesn't work, let me know.

0

Download this file and save it to the desktop. If you can't download with the infected machine then use another clean computer, save the file on a flash drive and take it to the infected one and install from there.
http://download.bleepingcomputer.com/reg/FixNCR.reg

Double click on the file to fix the registry and after that you should be able to run programs normally. If it doesn't work, let me know.

I saved the file using another computer on a flash drive then double clicked on the file via the infected computer only to have the same error message without launching the application.

i.e. "This file does not have a program associated withit for performing this action....."

...any further suggestions would be appreciated.

0

Try this one, same instructions.
http://www.winhelponline.com/exefix_xp.com

I was unable to obtain a log as instructed from the MalwareBytes Anti-Malware log and I only have GMER one not two.

GMER One

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-31 18:05:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC35
Running: 5l2m0gno.exe; Driver: C:\Users\ejohnson\AppData\Local\Temp\awtcqkow.sys


---- System - GMER 1.0.15 ----

SSDT 88407BE0 ZwCreateKey
SSDT 88430B40 ZwCreateMutant
SSDT 884066E0 ZwCreateProcess
SSDT 884069E0 ZwCreateProcessEx
SSDT 88430F00 ZwCreateSymbolicLinkObject
SSDT 88430480 ZwCreateThread
SSDT 884081E0 ZwDeleteKey
SSDT 88408AE0 ZwDeleteValueKey
SSDT 884310E0 ZwDuplicateObject
SSDT 88430840 ZwLoadDriver
SSDT 88406FE0 ZwOpenProcess
SSDT 884300C0 ZwOpenSection
SSDT 884072E0 ZwOpenThread
SSDT 884084E0 ZwRenameKey
SSDT 884087E0 ZwRestoreKey
SSDT 88430D20 ZwSetSystemInformation
SSDT 88407EE0 ZwSetValueKey
SSDT 884075E0 ZwTerminateProcess
SSDT 884078E0 ZwTerminateThread
SSDT 884302A0 ZwWriteVirtualMemory
SSDT 88430660 ZwCreateThreadEx
SSDT 88406CE0 ZwCreateUserProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by ejohnson at 13:46:28 on 2011-12-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2558.823 [GMT 11:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\SYSTEM32\astsrv.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\users\ejohnson\program\update\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Bentley\MicroStation\ustation.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
C:\Program Files\Reimage\Reimage Repair\Reimage.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: SearchCore for Browsers: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~2\search~1\BROWSE~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Push Client] c:\users\ejohnson\appdata\local\att connect\participant\pull.exe
uRun: [Messenger (Yahoo!)] ~"c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [TkBellExe] "c:\users\ejohnson\program\update\realsched.exe" -osboot
mRun: [Registry Crawler] c:\progra~1\rcrawler\RCrawler.exe -TRAYONLY
mRun: [NSU_agent] "c:\program files\nokia\nokia software updater\nsu3ui_agent.exe"
mRun: [DATAMNGR] c:\progra~1\search~2\search~1\DATAMN~1.EXE
StartupFolder: c:\users\ejohnson\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.18\amvconverter\grab.html
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: prisonplanet.com\www
Trusted Zone: sdnmail.net
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cmc-markets.webex.com/client/T26L/event/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.165.32,93.188.166.169
TCP: DhcpNameServer = 61.9.194.49 61.9.195.193
TCP: Interfaces\{63E08FD3-32E3-4B6F-83EE-0467B8C86B8B} : DhcpNameServer = 10.0.0.138 10.0.0.138
TCP: Interfaces\{703E5C5A-6AF6-428C-A4C1-36DE330F240A} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{899084C5-8D0E-4B31-A485-E5B368E1018B} : NameServer = 93.188.165.32,93.188.166.169
TCP: Interfaces\{938D406D-A0D8-4F9C-9CB6-89D4722E456D} : DhcpNameServer = 10.0.0.138 10.0.0.138
TCP: Interfaces\{D276FD6C-5C08-4275-9D62-05AF01A88028} : DhcpNameServer = 61.9.194.49 61.9.195.193
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\search~2\search~1\datamngr.dll c:\progra~1\search~2\search~1\IEBHO.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-5-15 188272]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-7-11 68136]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-5-15 64080]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111v.sys [2010-6-16 870400]
S2 gupdate1ca1294100c4db0;Google Update Service (gupdate1ca1294100c4db0);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]
S2 Security Activity Dashboard Service;Security Activity Dashboard Service; [x]
S3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2009-12-21 68096]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2009-12-7 54272]
S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2010-1-14 21504]
S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2010-1-14 20480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]
.
=============== Created Last 30 ================
.
2011-12-31 02:30:27 -------- d-----w- C:\rei
2011-12-31 02:30:22 -------- d-----w- c:\program files\Reimage
2011-12-19 06:05:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-12-19 06:05:03 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-12-19 06:05:02 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-12-19 06:05:02 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-12-19 06:05:01 98816 ----a-w- c:\windows\system32\mfps.dll
2011-12-19 06:05:01 2873344 ----a-w- c:\windows\system32\mf.dll
2011-12-19 06:00:19 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-12-19 06:00:19 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-12-19 06:00:19 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-12-19 06:00:17 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-12-19 06:00:14 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-12-19 06:00:14 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-12-19 06:00:13 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-12-15 08:27:18 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 08:27:18 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 08:27:15 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 08:27:11 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 08:27:06 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 08:26:55 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-12-30 22:05:40 16608 ----a-w- c:\windows\gdrv.sys
2011-12-19 06:04:59 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-12-19 06:00:23 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2011-12-14 09:15:39 60304 ----a-w- c:\users\ejohnson\g2mdlhlpx.exe
2011-11-26 03:27:23 32768 ----a-w- c:\windows\closewnd.exe
2011-11-21 05:50:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-05-13 10:03:22 33850672 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-08-31 12:28:11 714528 ----a-w- c:\program files\JavaSetup6u15.exe
2009-07-26 04:44:47 2490368 ----a-w- c:\program files\Quote.exe
2009-07-26 03:10:53 4990280 ----a-w- c:\program files\MM5_en_Installer.exe
2009-07-24 11:22:09 58165 ----a-w- c:\program files\SkypeSetup.exe
2005-12-19 16:22:16 1654784 ----a-w- c:\program files\StockChartX.ocx
2004-12-23 14:47:02 438272 ----a-w- c:\program files\quote.dll
.
============= FINISH: 13:47:25.26 ===============


DDS.Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/12/2009 11:19:08 AM
System Uptime: 12/31/2011 9:05:18 AM (4 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2333/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 338.111 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 871.975 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Ó°Òô·ç±© 2008 Beta1
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
AT&T Connect Participant Application v8.9.15
Babylon
Bentley MicroStation V8i 08.11.05.17
BigPond Broadband ADSL FAQ
Browser Configuration Utility
CAM UnZip 4.42
CodeBlocks
Crimson Editor 3.72
CUEcards 2000
DHTML Editing Component
DjVuLibre+DjView
Download Accelerator Plus (DAP)
Energy Saver Advance B8.1015.1
Express Burn
Express Rip
File Type Assistant
Final Media Player 2011
Forex Strategy Builder v2.64
FormatFactory (¸ñʽ¹¤³§) V1.70 ¶à¹úÓïÑÔ°æ
FormatFactory 2.30
Free Window Registry Repair
Gigabyte Raid Configurer
Go Trader MT4 4.00
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
GoToMeeting 5.1.0.880
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
hp LaserJet 1000
HSQuote V1
iOrgSoft AMV Converter 3.3.8
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 24
Magic ISO Maker v5.5 (build 0281)
Maple 10
Marketmaker CFD-FX Asia Pacific
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MinGW 5.1.6
MP3 Player Utilities 4.18
MSVC80_x86_v2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NCH Toolbox
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
NVIDIA Drivers
NVIDIA PhysX
OpenOffice.org 3.1
PC Connectivity Solution
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Registry Crawler
Reimage Repair
SearchCore for Browsers
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Skype Toolbars
Skype™ 4.2
SpeedBit Video Downloader
Spelling Dictionaries Support For Adobe Reader 9
StuffIt 2010
StuffIt Expander 2010
SweetIM for Messenger 3.0
SweetIM Toolbar for Internet Explorer 3.8
Trend Micro Titanium Maximum Security
Trend Micro™ Titanium™ Maximum Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Vtune 7.4
WebEx
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
Windows Driver Package - Nokia Modem (10/07/2010 4.6)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows iLivid Toolbar
WinRAR archiver
Xvid 1.2.2 final uninstall
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/31/2011 9:07:20 AM, Error: Service Control Manager [7000] - The Security Activity Dashboard Service service failed to start due to the following error: The system cannot find the path specified.
12/29/2011 11:33:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
12/29/2011 11:33:29 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/27/2011 4:17:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1ca1294100c4db0) service to connect.
12/27/2011 4:17:57 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1ca1294100c4db0) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

thankyou

0

We need to see the MBA-M log. That is essentially the easiest log to obtain from a program. Open the program, click on the Logs Tab and they are sorted by date. Find the one you ran, double click to open it and then go to the top, click Edit, Select All, Copy and come back here and copy/paste that log into a reply.

0

The MBA application that I found in the link on the "Read Me before posting requests" post, after an analysis. I can't see a tab for the log.

Maybe I have the wrong program as it's the Reimage application? I could not see a download button for any other application. So, I'm assuming this is the MBA Program.

A screen shot of the application after analysis is attached.

Attachments Try1.jpg 58.99 KB
0

The MBA application that I found in the link on the "Read Me before posting requests" post, after an analysis. I can't see a tab for the log.

Maybe I have the wrong program as it's the Reimage application? I could not see a download button for any other application. So, I'm assuming this is the MBA Program.

A screen shot of the application after analysis is attached.

You obviously downloaded the wrong program.

The program name you state is Reimage...it doesn't say Malwarebytes' Anti-Malware anyplace on it.

Download for MBA-M is plainly visible at the very top of the link from the sticky and it says that. Reimage is NOT at the top of the page. The Reimage is an AD for the Reimage program and IT is looked upon as a rogue program itself and their own website has a poor reputation. Get rid of that program ASAP!

Go back to the link in the sticky and read the page very carefully, it clearly shows right at the top of the page as Malwarebytes Anti-Malware 1.60.0.1800 Official Download For Malwarebytes Anti-Malware and immediately below those words you will see Download with two Majorgeeks download listings and one Internode for persons in Australia.

Edited by jholland1964: n/a

Attachments MBA-M_Majorgeeks_Download_page.jpg 28.07 KB
0

You obviously downloaded the wrong program.

The program name you state is Reimage...it doesn't say Malwarebytes' Anti-Malware anyplace on it.

Download for MBA-M is plainly visible at the very top of the link from the sticky and it says that. Reimage is NOT at the top of the page. The Reimage is an AD for the Reimage program and IT is looked upon as a rogue program itself and their own website has a poor reputation. Get rid of that program ASAP!

Go back to the link in the sticky and read the page very carefully, it clearly shows right at the top of the page as Malwarebytes Anti-Malware 1.60.0.1800 Official Download For Malwarebytes Anti-Malware and immediately below those words you will see Download with two Majorgeeks download listings and one Internode for persons in Australia.

Thanks for the advice here is the MalwareBytes Anti-Malware log after deletion of Trojans.

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.01.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
ejohnson :: EJOHNSON-PC [administrator]

Protection: Enabled

1/2/2012 9:45:16 AM
mbam-log-2012-01-02 (09-45-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235475
Time elapsed: 31 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKCR\Typelib\{E24211B3-A78A-C6A9-D317-70979ACE5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCR\XML.XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCR\XML.XML.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.32,93.188.166.169) Good: () -> Quarantined and repaired successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{899084C5-8D0E-4B31-A485-E5B368E1018B}|NameServer (Trojan.DNSChanger) -> Bad: (93.188.165.32,93.188.166.169) Good: () -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
c:\users\ejohnson\appdata\roaming\5043163.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\users\ejohnson\appdata\local\temp\f681.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\ejohnson\Desktop\.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\akxiqc6zf.exe (Rogue.VirusProtector) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)

0

You have the TDSS Rootkit on there. Download and run this program http://www.bleepingcomputer.com/download/anti-virus/tdsskiller

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection. If it does not say Cure, leave it at the default action of Skip and press the Continue button. Do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

After you do that then do this:

MBA-M was only a Quick Scan. Instructions are very clear, Full Scan must be done.
Please run it again,FULL scan please, have it remove everything found, then Reboot. Post back here with the logs.

Edited by jholland1964: n/a

0

I ran TDSS Rootkit it did'nt seem to discover anything.

Then I ran MBA-M as a full scan, found 1 trojan that is now deleted. Here is the log.

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.01.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
ejohnson :: EJOHNSON-PC [administrator]

Protection: Enabled

1/2/2012 11:31:31 AM
mbam-log-2012-01-02 (11-31-31).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 581759
Time elapsed: 3 hour(s), 33 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\users\ejohnson\appdata\local\update.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

0

Please now run this program, Follow the directions to the letter. That is extremely important.

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Post back here with that log.

0

Please now run this program, Follow the directions to the letter. That is extremely important.

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Post back here with that log.

The log from the ComboFix is below. I have not checked extensively it appears most applications are running except for OpenOffice which gives an error

"The application cannot be started: loading component library failed file:///C:/Program%20Files/OpenOffice.org%203/Program/>>/Basis/Program/fwkmi.dll"


ComboFix 12-01-01.06 - ejohnson 01/02/2012 18:01:57.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2558.1509 [GMT 11:00]
Running from: d:\download\Free System Clenup Programs\Combo Fix\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OpenOffice.org 3\Basis\program\fwkmi.dll
c:\programdata\uha2i83v0232
c:\users\ejohnson\AppData\Roaming\desktop.ini
c:\users\ejohnson\AppData\Roaming\EurekaLog
c:\users\ejohnson\g2mdlhlpx.exe
c:\users\ejohnson\GoToAssistDownloadHelper.exe
c:\users\ejohnson\ia_remove.sh3737.tmp
c:\users\ejohnson\ia_remove.sh8338.tmp
c:\users\ejohnson\ia_remove.sh9748.tmp
c:\users\ejohnson\ia_remove.sh9843.tmp
c:\windows\system32\service
c:\windows\system32\service\09092009_TIS17_SfFniAU.log
c:\windows\system32\service\09122009_TIS17_SfFniAU.log
c:\windows\system32\service\11112009_TIS17_SfFniAU.log
c:\windows\system32\service\15092009_TIS17_SfFniAU.log
c:\windows\system32\service\17112009_TIS17_SfFniAU.log
c:\windows\system32\service\21092009_TIS17_SfFniAU.log
c:\windows\system32\service\23092009_TIS17_SfFniAU.log
c:\windows\system32\service\28092009_TIS17_SfFniAU.log
c:\windows\system32\service\30082009_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-02 07:14 . 2012-01-02 07:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-02 07:14 . 2012-01-02 07:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-02 07:14 . 2012-01-02 07:14 -------- d-----w- c:\users\Trish\AppData\Local\temp
2012-01-02 07:14 . 2012-01-02 07:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-02 00:31 . 2012-01-02 00:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-01 22:42 . 2012-01-01 22:42 -------- d-----w- c:\users\ejohnson\AppData\Roaming\Malwarebytes
2012-01-01 22:42 . 2012-01-01 22:42 -------- d-----w- c:\programdata\Malwarebytes
2012-01-01 22:42 . 2012-01-01 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-01 22:42 . 2011-12-10 04:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-01 03:08 . 2012-01-02 00:33 -------- d-----w- c:\users\ejohnson\AppData\Local\Adobe
2011-12-19 06:05 . 2011-12-19 06:05 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-12-19 06:05 . 2011-12-19 06:05 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-12-19 06:05 . 2011-12-19 06:05 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-12-19 06:05 . 2011-12-19 06:05 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-12-19 06:05 . 2011-12-19 06:05 98816 ----a-w- c:\windows\system32\mfps.dll
2011-12-19 06:05 . 2011-12-19 06:05 2873344 ----a-w- c:\windows\system32\mf.dll
2011-12-19 06:00 . 2011-12-19 06:00 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-12-19 06:00 . 2011-12-19 06:00 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-12-19 06:00 . 2011-12-19 06:00 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-12-19 06:00 . 2011-12-19 06:00 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-12-19 06:00 . 2011-12-19 06:00 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-12-19 06:00 . 2011-12-19 06:00 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-12-19 06:00 . 2011-12-19 06:00 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-12-15 08:27 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 08:27 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 08:27 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 08:27 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 08:27 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 08:26 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 07:23 . 2009-07-11 08:51 16608 ----a-w- c:\windows\gdrv.sys
2011-12-19 06:00 . 2011-12-19 06:00 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-11-26 03:27 . 2011-11-26 03:27 32768 ----a-w- c:\windows\closewnd.exe
2011-11-21 05:50 . 2011-05-15 03:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-31 17:53 . 2011-10-31 17:53 0 ---ha-w- c:\users\ejohnson\AppData\Local\BIT4AB8.tmp
2010-05-13 10:03 . 2010-05-13 10:02 33850672 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-08-31 12:28 . 2009-08-31 12:28 714528 ----a-w- c:\program files\JavaSetup6u15.exe
2009-07-26 04:44 . 2009-07-26 04:40 2490368 ----a-w- c:\program files\Quote.exe
2009-07-26 03:10 . 2009-07-26 03:23 4990280 ----a-w- c:\program files\MM5_en_Installer.exe
2009-07-24 11:22 . 2009-07-24 10:28 58165 ----a-w- c:\program files\SkypeSetup.exe
2005-12-19 16:22 . 2009-07-18 10:33 1654784 ----a-w- c:\program files\StockChartX.ocx
2004-12-23 14:47 . 2009-07-18 10:33 438272 ----a-w- c:\program files\quote.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2011-04-16 01:08 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 06:06 1361208 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-08 26100520]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Push Client"="c:\users\ejohnson\AppData\Local\ATT Connect\Participant\pull.exe" [2010-02-14 956656]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-04-25 39816]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2011-04-16 2918576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="Skytel.exe" [2008-07-24 1833504]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-03 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-03 13687328]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-04-14 111928]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-10-17 3825080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"TkBellExe"="c:\users\ejohnson\program\Update\realsched.exe" [2011-06-10 273544]
"Registry Crawler"="c:\progra~1\RCrawler\RCrawler.exe" [2002-01-27 446464]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-08-11 169264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\ejohnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2010-1-14 995328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-12-11 21:49 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~2\SEARCH~1\datamngr.dll c:\progra~1\SEARCH~2\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 gupdate1ca1294100c4db0;Google Update Service (gupdate1ca1294100c4db0);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 133104]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service; [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 cpuz134;cpuz134;c:\users\ejohnson\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\dm9usb.sys [2007-07-21 54272]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-01-02 40776]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111v.sys [2007-06-01 870400]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-09-24 68136]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-05-15 64080]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-08-20 05:24]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 10:37]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 10:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: prisonplanet.com\www
Trusted Zone: sdnmail.net
TCP: DhcpNameServer = 61.9.194.49 61.9.195.193
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.

0

The log from the ComboFix is below. I have not checked extensively it appears most applications are running except for OpenOffice which gives an error

"The application cannot be started: loading component library failed file:///C:/Program%20Files/OpenOffice.org%203/Program/>>/Basis/Program/fwkmi.dll"


ComboFix 12-01-01.06 - ejohnson 01/02/2012 18:01:57.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2558.1509 [GMT 11:00]
Running from: d:\download\Free System Clenup Programs\Combo Fix\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OpenOffice.org 3\Basis\program\fwkmi.dll
c:\programdata\uha2i83v0232
c:\users\ejohnson\AppData\Roaming\desktop.ini
c:\users\ejohnson\AppData\Roaming\EurekaLog
c:\users\ejohnson\g2mdlhlpx.exe
c:\users\ejohnson\GoToAssistDownloadHelper.exe
c:\users\ejohnson\ia_remove.sh3737.tmp
c:\users\ejohnson\ia_remove.sh8338.tmp
c:\users\ejohnson\ia_remove.sh9748.tmp
c:\users\ejohnson\ia_remove.sh9843.tmp
c:\windows\system32\service
c:\windows\system32\service\09092009_TIS17_SfFniAU.log
c:\windows\system32\service\09122009_TIS17_SfFniAU.log
c:\windows\system32\service\11112009_TIS17_SfFniAU.log
c:\windows\system32\service\15092009_TIS17_SfFniAU.log
c:\windows\system32\service\17112009_TIS17_SfFniAU.log
c:\windows\system32\service\21092009_TIS17_SfFniAU.log
c:\windows\system32\service\23092009_TIS17_SfFniAU.log
c:\windows\system32\service\28092009_TIS17_SfFniAU.log
c:\windows\system32\service\30082009_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-02 07:14 . 2012-01-02 07:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-02 07:14 . 2012-01-02 07:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-02 07:14 . 2012-01-02 07:14 -------- d-----w- c:\users\Trish\AppData\Local\temp
2012-01-02 07:14 . 2012-01-02 07:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-01-02 00:31 . 2012-01-02 00:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-01 22:42 . 2012-01-01 22:42 -------- d-----w- c:\users\ejohnson\AppData\Roaming\Malwarebytes
2012-01-01 22:42 . 2012-01-01 22:42 -------- d-----w- c:\programdata\Malwarebytes
2012-01-01 22:42 . 2012-01-01 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-01 22:42 . 2011-12-10 04:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-01 03:08 . 2012-01-02 00:33 -------- d-----w- c:\users\ejohnson\AppData\Local\Adobe
2011-12-19 06:05 . 2011-12-19 06:05 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-12-19 06:05 . 2011-12-19 06:05 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-12-19 06:05 . 2011-12-19 06:05 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-12-19 06:05 . 2011-12-19 06:05 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-12-19 06:05 . 2011-12-19 06:05 98816 ----a-w- c:\windows\system32\mfps.dll
2011-12-19 06:05 . 2011-12-19 06:05 2873344 ----a-w- c:\windows\system32\mf.dll
2011-12-19 06:00 . 2011-12-19 06:00 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-12-19 06:00 . 2011-12-19 06:00 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-12-19 06:00 . 2011-12-19 06:00 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-12-19 06:00 . 2011-12-19 06:00 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-12-19 06:00 . 2011-12-19 06:00 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-12-19 06:00 . 2011-12-19 06:00 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-12-19 06:00 . 2011-12-19 06:00 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-12-15 08:27 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 08:27 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 08:27 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 08:27 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 08:27 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 08:26 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-02 07:23 . 2009-07-11 08:51 16608 ----a-w- c:\windows\gdrv.sys
2011-12-19 06:00 . 2011-12-19 06:00 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-11-26 03:27 . 2011-11-26 03:27 32768 ----a-w- c:\windows\closewnd.exe
2011-11-21 05:50 . 2011-05-15 03:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-31 17:53 . 2011-10-31 17:53 0 ---ha-w- c:\users\ejohnson\AppData\Local\BIT4AB8.tmp
2010-05-13 10:03 . 2010-05-13 10:02 33850672 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-08-31 12:28 . 2009-08-31 12:28 714528 ----a-w- c:\program files\JavaSetup6u15.exe
2009-07-26 04:44 . 2009-07-26 04:40 2490368 ----a-w- c:\program files\Quote.exe
2009-07-26 03:10 . 2009-07-26 03:23 4990280 ----a-w- c:\program files\MM5_en_Installer.exe
2009-07-24 11:22 . 2009-07-24 10:28 58165 ----a-w- c:\program files\SkypeSetup.exe
2005-12-19 16:22 . 2009-07-18 10:33 1654784 ----a-w- c:\program files\StockChartX.ocx
2004-12-23 14:47 . 2009-07-18 10:33 438272 ----a-w- c:\program files\quote.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2011-04-16 01:08 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 06:06 1361208 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-08 26100520]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Push Client"="c:\users\ejohnson\AppData\Local\ATT Connect\Participant\pull.exe" [2010-02-14 956656]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-04-25 39816]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2011-04-16 2918576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="Skytel.exe" [2008-07-24 1833504]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-03 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-03 13687328]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-04-14 111928]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-10-17 3825080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"TkBellExe"="c:\users\ejohnson\program\Update\realsched.exe" [2011-06-10 273544]
"Registry Crawler"="c:\progra~1\RCrawler\RCrawler.exe" [2002-01-27 446464]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-08-11 169264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\ejohnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2010-1-14 995328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-12-11 21:49 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~2\SEARCH~1\datamngr.dll c:\progra~1\SEARCH~2\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 gupdate1ca1294100c4db0;Google Update Service (gupdate1ca1294100c4db0);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 133104]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service; [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 cpuz134;cpuz134;c:\users\ejohnson\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\dm9usb.sys [2007-07-21 54272]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 133104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-01-02 40776]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111v.sys [2007-06-01 870400]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-09-24 68136]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-05-15 64080]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-08-20 05:24]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 10:37]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 10:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: prisonplanet.com\www
Trusted Zone: sdnmail.net
TCP: DhcpNameServer = 61.9.194.49 61.9.195.193
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.

PS I may be a bit late responding to your next post as I'm going to bed soon to start the first day of work for 2013.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.