Jump to content

zia16sun

Honorary Members
 View Profile  See their activity

  • Posts

    83

  • Joined

  • Last visited

 Content Type 

Everything posted by zia16sun

  1. zia16sun
    Interesting...I applied the fix, and went to my alternate system to post the result.txt, and found the same result.txt from earlier in the day. However, as I was working on that, I re-ordered the BIOS and rebooted and WE'RE UP!!! yay! If you need that Result.txt still, I can try running that fix.txt again from a command prompt, though I don't believe it necessary now. If you need this for any reason, the LPfixlog is as follows: Script used: "Disk=0 Partition=2 inactive" Script used: "Disk=0 Partition=2 active" Script used: "Disk=0 Partition=2 inactive" Script used: "Disk=0 Partition=2 active" Script used: "custom" An error occurred while attempting to delete the specified data element. Element not found. Script used: ""
  2. zia16sun
    Dang. I was hoping that the one remaining item in the FRSTlog could still be fixed: Listparts64 log: ListParts by Farbar Version: 25-09-2012 Ran by SYSTEM (administrator) on 28-09-2012 at 13:41:42 Windows 7 (X64) Running From: G:\ Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 12% Total physical RAM: 3838.36 MB Available physical RAM: 3352.57 MB Total Pagefile: 3836.51 MB Available Pagefile: 3330.63 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ======================= Partitions ========================= 1 Drive c: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (Gateway) (Fixed) (Total:286.27 GB) (Free:192.75 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:3.03 GB) NTFS 4 Drive f: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF 5 Drive g: (JUMP1) (Removable) (Total:7.31 GB) (Free:7.31 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 7500 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 11 GB 1024 KB Partition 2 Primary 100 MB 11 GB Partition 3 Primary 286 GB 11 GB ====================================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E PQSERVICE NTFS Partition 11 GB Healthy Hidden ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C SYSTEM RESE NTFS Partition 100 MB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D Gateway NTFS Partition 286 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 7500 MB 0 B ====================================================================================================== Disk: 1 There is no partition selected. There is no partition selected. Please select a partition and try again. ====================================================================================================== Windows Boot Manager -------------------- identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795} device partition=C: path \bootmgr description Windows Boot Manager locale en-US inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} default {ceda2f2a-c890-11de-beb3-cf189aeeba4a} resumeobject {ceda2f29-c890-11de-beb3-cf189aeeba4a} displayorder {ceda2f2a-c890-11de-beb3-cf189aeeba4a} toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d} timeout 30 Windows Boot Loader ------------------- identifier {ceda2f2a-c890-11de-beb3-cf189aeeba4a} device partition=D: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7} recoverysequence {ceda2f2b-c890-11de-beb3-cf189aeeba4a} recoveryenabled Yes osdevice partition=D: systemroot \Windows resumeobject {ceda2f29-c890-11de-beb3-cf189aeeba4a} nx OptIn detecthal Yes bootlog No Windows Boot Loader ------------------- identifier {ceda2f2b-c890-11de-beb3-cf189aeeba4a} device ramdisk=[D:]\Recovery\ceda2f2b-c890-11de-beb3-cf189aeeba4a\Winre.wim,{ceda2f2c-c890-11de-beb3-cf189aeeba4a} path \windows\system32\winload.exe description Windows Recovery Environment inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7} osdevice ramdisk=[D:]\Recovery\ceda2f2b-c890-11de-beb3-cf189aeeba4a\Winre.wim,{ceda2f2c-c890-11de-beb3-cf189aeeba4a} systemroot \windows nx OptIn winpe Yes custom:46000010 Yes Resume from Hibernate --------------------- identifier {ceda2f29-c890-11de-beb3-cf189aeeba4a} device partition=D: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {1afa9c49-16ab-4a5c-901b-212802da9460} filedevice partition=D: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {b2721d73-1db4-4c62-bf78-c548a880142d} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} badmemoryaccess Yes EMS Settings ------------ identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} bootems Yes Debugger Settings ----------------- identifier {4636856e-540f-4170-a130-a84776f4c654} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2} Global Settings --------------- identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} inherit {4636856e-540f-4170-a130-a84776f4c654} {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} {5189b25c-5558-4bf2-bca4-289b11bd29e2} Boot Loader Settings -------------------- identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7} inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} {7ff607e0-4395-11db-b0de-0800200c9a66} Hypervisor Settings ------------------- identifier {7ff607e0-4395-11db-b0de-0800200c9a66} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {1afa9c49-16ab-4a5c-901b-212802da9460} inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} Device options -------------- identifier {ceda2f2c-c890-11de-beb3-cf189aeeba4a} description Ramdisk Options ramdisksdidevice partition=D: ramdisksdipath \Recovery\ceda2f2b-c890-11de-beb3-cf189aeeba4a\boot.sdi ****** End Of Log ******
  3. zia16sun
    Negative. Still black screen with blinking cursor. (Yes, I reordered the BIOS to boot from HD before attempting to boot). New FRST log.... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012 Ran by SYSTEM at 28-09-2012 11:42:25 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKU\Default\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] () HKU\Default User\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] () HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ==================== Services (Whitelisted) =================== 2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [104424 2010-06-09] (SEIKO EPSON CORPORATION) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ===================== 1 MpKsl2da59b7e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C11CA1E-21A0-4931-9638-C91B62B19335}\MpKsl2da59b7e.sys [35664 2012-09-24] (Microsoft Corporation) 3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x] 3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-09-26 10:39 - 2012-09-27 17:48 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean 2012-09-25 06:07 - 2012-09-25 07:08 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-09-25 06:02 - 2012-09-25 06:02 - 00001385 ____A C:\Users\Jean\Desktop\RKreport[6].txt 2012-09-25 06:01 - 2012-09-25 06:01 - 00001363 ____A C:\Users\Jean\Desktop\RKreport[5].txt 2012-09-25 05:57 - 2012-09-25 05:57 - 00001497 ____A C:\Users\Jean\Desktop\RKreport[4].txt 2012-09-25 05:50 - 2012-09-25 05:50 - 00001523 ____A C:\Users\Jean\Desktop\RKreport[3].txt 2012-09-25 05:50 - 2012-09-25 05:50 - 00001489 ____A C:\Users\Jean\Desktop\RKreport[2].txt 2012-09-25 05:23 - 2012-09-25 05:23 - 00001471 ____A C:\Users\Jean\Desktop\RKreport[1].txt 2012-09-25 05:22 - 2012-09-27 17:48 - 00000000 ____D C:\Users\Jean\Desktop\RK_Quarantine 2012-09-24 18:04 - 2012-09-24 18:04 - 00002154 ____A C:\Windows\epplauncher.mif 2012-09-24 17:56 - 2012-09-24 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-09-24 17:56 - 2012-09-24 17:56 - 00744030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-09-24 17:56 - 2012-09-24 17:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-09-24 17:55 - 2010-04-09 03:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-09-24 17:45 - 2012-09-24 17:46 - 12621696 ____A (Microsoft Corporation) C:\Users\Jean\Downloads\mseinstall.exe 2012-09-24 17:10 - 2012-09-24 17:10 - 00274672 ____A C:\Windows\Minidump\092412-28501-01.dmp 2012-09-24 17:07 - 2012-09-24 17:07 - 00274672 ____A C:\Windows\Minidump\092412-30279-01.dmp 2012-09-24 17:04 - 2012-09-24 17:04 - 00274672 ____A C:\Windows\Minidump\092412-32510-01.dmp 2012-09-24 14:23 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2012-09-24 13:00 - 2012-09-24 13:00 - 00023308 ____A C:\Users\Jean\Desktop\Attach.txt 2012-09-24 12:57 - 2012-09-24 12:57 - 00021566 ____A C:\Users\Jean\Desktop\DDS.txt 2012-09-24 12:25 - 2012-09-24 12:25 - 00607260 ____R (Swearware) C:\Users\Jean\Downloads\dds.com 2012-09-24 12:15 - 2012-09-24 12:22 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Mozilla 2012-09-24 12:15 - 2012-09-24 12:15 - 00000000 ____D C:\Users\Jean\AppData\Local\Mozilla 2012-09-24 11:54 - 2012-09-24 11:54 - 00001101 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-09-24 11:54 - 2012-09-24 11:54 - 00000000 ____D C:\Users\All Users\Mozilla 2012-09-24 11:54 - 2012-09-24 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2012-09-24 11:54 - 2012-09-24 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-09-24 11:53 - 2012-09-24 11:53 - 17790056 ____A (Mozilla) C:\Users\Jean\Downloads\Firefox Setup 15.0.1.exe 2012-09-23 19:10 - 2012-09-23 19:10 - 00000129 ____A C:\Windows\System32\MRT.INI 2012-09-23 19:10 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-09-23 19:10 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-09-23 19:10 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-09-23 19:10 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-09-23 19:10 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-09-23 19:10 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-09-23 19:10 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-09-23 19:10 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-09-23 19:10 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-09-23 19:10 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-09-23 19:10 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-09-23 19:10 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-09-23 19:10 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-09-23 19:10 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-09-23 19:10 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-09-23 19:10 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-09-23 19:10 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-09-23 19:10 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-09-23 19:10 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-09-23 19:10 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-09-23 19:10 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-09-23 19:10 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-09-23 19:10 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-09-23 19:10 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-09-23 19:10 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-09-23 19:10 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-09-23 19:10 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-09-23 19:10 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-09-23 19:10 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-09-23 19:10 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-09-23 19:10 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-09-23 19:10 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-09-23 16:43 - 2012-09-23 16:43 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Jean\Downloads\revosetup.exe 2012-09-23 16:43 - 2012-09-23 16:43 - 00001235 ____A C:\Users\Jean\Desktop\Revo Uninstaller.lnk 2012-09-23 16:43 - 2012-09-23 16:43 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2012-09-23 14:01 - 2012-09-23 14:01 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Malwarebytes 2012-09-23 14:01 - 2012-09-07 15:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-23 13:59 - 2012-09-23 14:00 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Jean\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-23 13:57 - 2012-08-02 09:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-09-23 13:57 - 2012-08-02 09:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-09-23 13:57 - 2012-05-05 00:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll 2012-09-23 13:57 - 2012-05-04 23:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2012-09-23 13:57 - 2012-02-10 22:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2012-09-23 13:57 - 2012-02-10 22:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe 2012-09-23 13:57 - 2012-02-10 22:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe 2012-09-23 13:57 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2012-09-23 13:56 - 2012-07-18 09:31 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-09-23 13:56 - 2012-07-04 14:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-09-23 13:56 - 2012-07-04 14:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-09-23 13:56 - 2012-07-04 14:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-09-23 13:56 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-09-23 13:56 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-09-23 13:56 - 2012-05-13 21:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-09-23 13:45 - 2012-09-23 13:45 - 00274672 ____A C:\Windows\Minidump\092312-27877-01.dmp 2012-09-23 10:28 - 2012-09-23 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-23 10:28 - 2012-09-23 10:28 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-23 10:27 - 2012-09-23 12:45 - 00000000 ____D C:\886402493004868d5e 2012-09-23 10:19 - 2012-09-24 17:33 - 00000000 ____D C:\Windows\pss 2012-09-22 13:12 - 2012-09-24 16:58 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite 2012-09-22 11:08 - 2012-09-22 11:09 - 00274672 ____A C:\Windows\Minidump\092212-30841-01.dmp 2012-09-21 14:02 - 2012-09-21 14:02 - 00274672 ____A C:\Windows\Minidump\092112-40451-01.dmp 2012-09-21 12:33 - 2012-09-21 12:33 - 04096000 ____A C:\Program Files (x86)\GUTC783.tmp 2012-09-20 14:07 - 2012-09-20 14:07 - 00000000 ____D C:\Users\Jean\Documents\OneNote Notebooks 2012-09-14 12:46 - 2012-09-21 12:06 - 00000000 ___HD C:\Users\Jean\AppData\Roaming\578EEF29 ==================== 3 Months Modified Files ================== 2012-09-25 06:02 - 2012-09-25 06:02 - 00001385 ____A C:\Users\Jean\Desktop\RKreport[6].txt 2012-09-25 06:01 - 2012-09-25 06:01 - 00001363 ____A C:\Users\Jean\Desktop\RKreport[5].txt 2012-09-25 05:57 - 2012-09-25 05:57 - 00001497 ____A C:\Users\Jean\Desktop\RKreport[4].txt 2012-09-25 05:56 - 2011-02-28 13:09 - 00418304 __ASH C:\Users\Jean\Desktop\Thumbs.db 2012-09-25 05:50 - 2012-09-25 05:50 - 00001523 ____A C:\Users\Jean\Desktop\RKreport[3].txt 2012-09-25 05:50 - 2012-09-25 05:50 - 00001489 ____A C:\Users\Jean\Desktop\RKreport[2].txt 2012-09-25 05:23 - 2012-09-25 05:23 - 00001471 ____A C:\Users\Jean\Desktop\RKreport[1].txt 2012-09-24 19:06 - 2009-11-03 07:13 - 01301382 ____A C:\Windows\WindowsUpdate.log 2012-09-24 19:00 - 2011-03-27 10:28 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-24 18:30 - 2012-07-21 20:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-24 18:17 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-24 18:17 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-24 18:08 - 2011-03-27 10:28 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-24 18:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-24 18:06 - 2009-07-13 20:51 - 00660577 ____A C:\Windows\setupact.log 2012-09-24 18:04 - 2012-09-24 18:04 - 00002154 ____A C:\Windows\epplauncher.mif 2012-09-24 17:56 - 2012-09-24 17:56 - 00744030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-09-24 17:46 - 2012-09-24 17:45 - 12621696 ____A (Microsoft Corporation) C:\Users\Jean\Downloads\mseinstall.exe 2012-09-24 17:10 - 2012-09-24 17:10 - 00274672 ____A C:\Windows\Minidump\092412-28501-01.dmp 2012-09-24 17:10 - 2011-06-18 19:40 - 313961177 ____A C:\Windows\MEMORY.DMP 2012-09-24 17:07 - 2012-09-24 17:07 - 00274672 ____A C:\Windows\Minidump\092412-30279-01.dmp 2012-09-24 17:04 - 2012-09-24 17:04 - 00274672 ____A C:\Windows\Minidump\092412-32510-01.dmp 2012-09-24 16:58 - 2009-08-14 22:59 - 02028614 ____A C:\Windows\PFRO.log 2012-09-24 14:29 - 2010-02-02 15:52 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-09-24 13:00 - 2012-09-24 13:00 - 00023308 ____A C:\Users\Jean\Desktop\Attach.txt 2012-09-24 12:57 - 2012-09-24 12:57 - 00021566 ____A C:\Users\Jean\Desktop\DDS.txt 2012-09-24 12:25 - 2012-09-24 12:25 - 00607260 ____R (Swearware) C:\Users\Jean\Downloads\dds.com 2012-09-24 11:54 - 2012-09-24 11:54 - 00001101 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-09-24 11:53 - 2012-09-24 11:53 - 17790056 ____A (Mozilla) C:\Users\Jean\Downloads\Firefox Setup 15.0.1.exe 2012-09-24 06:38 - 2009-07-13 20:45 - 00452640 ____A C:\Windows\System32\FNTCACHE.DAT 2012-09-23 19:10 - 2012-09-23 19:10 - 00000129 ____A C:\Windows\System32\MRT.INI 2012-09-23 16:43 - 2012-09-23 16:43 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Jean\Downloads\revosetup.exe 2012-09-23 16:43 - 2012-09-23 16:43 - 00001235 ____A C:\Users\Jean\Desktop\Revo Uninstaller.lnk 2012-09-23 14:00 - 2012-09-23 13:59 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Jean\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-23 13:45 - 2012-09-23 13:45 - 00274672 ____A C:\Windows\Minidump\092312-27877-01.dmp 2012-09-23 10:20 - 2009-07-13 20:51 - 00660017 ____A C:\Windows\setupact(67).log 2012-09-22 11:09 - 2012-09-22 11:08 - 00274672 ____A C:\Windows\Minidump\092212-30841-01.dmp 2012-09-21 14:02 - 2012-09-21 14:02 - 00274672 ____A C:\Windows\Minidump\092112-40451-01.dmp 2012-09-21 13:51 - 2011-11-30 13:21 - 00001371 ____A C:\Users\Jean\Desktop\Norton Installation Files.lnk 2012-09-21 13:33 - 2012-07-21 20:03 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-09-21 13:33 - 2012-07-21 20:03 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-09-21 12:33 - 2012-09-21 12:33 - 04096000 ____A C:\Program Files (x86)\GUTC783.tmp 2012-09-09 10:01 - 2012-08-21 07:23 - 00065536 __ASH C:\Users\Jean\Documents\Thumbs.db 2012-09-07 15:04 - 2012-09-23 14:01 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-30 22:43 - 2010-07-26 09:29 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-08-24 03:15 - 2012-09-23 19:10 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-24 02:39 - 2012-09-23 19:10 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-24 02:31 - 2012-09-23 19:10 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-24 02:22 - 2012-09-23 19:10 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-24 02:21 - 2012-09-23 19:10 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-24 02:20 - 2012-09-23 19:10 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-24 02:18 - 2012-09-23 19:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-24 02:17 - 2012-09-23 19:10 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-24 02:14 - 2012-09-23 19:10 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-24 02:14 - 2012-09-23 19:10 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-24 02:13 - 2012-09-23 19:10 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-24 02:12 - 2012-09-23 19:10 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-24 02:11 - 2012-09-23 19:10 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-24 02:10 - 2012-09-23 19:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-24 02:09 - 2012-09-23 19:10 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-24 02:04 - 2012-09-23 19:10 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-23 23:27 - 2012-09-23 19:10 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-23 23:03 - 2012-09-23 19:10 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-23 22:59 - 2012-09-23 19:10 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-23 22:51 - 2012-09-23 19:10 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-23 22:51 - 2012-09-23 19:10 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-23 22:51 - 2012-09-23 19:10 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-23 22:49 - 2012-09-23 19:10 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-23 22:48 - 2012-09-23 19:10 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-23 22:47 - 2012-09-23 19:10 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-23 22:47 - 2012-09-23 19:10 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-08-23 22:47 - 2012-09-23 19:10 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-23 22:45 - 2012-09-23 19:10 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-08-23 22:44 - 2012-09-23 19:10 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-23 22:44 - 2012-09-23 19:10 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-23 22:43 - 2012-09-23 19:10 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-23 22:40 - 2012-09-23 19:10 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-15 20:16 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-12 17:40 - 2011-09-21 13:06 - 00001164 ____A C:\Windows\wininit.ini 2012-08-12 17:23 - 2012-08-12 17:23 - 00001064 ____A C:\Users\Jean\Desktop\Smart PC Cleaner.lnk 2012-08-02 09:55 - 2012-09-23 13:57 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-08-02 09:05 - 2012-09-23 13:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-07-24 07:03 - 2009-11-03 07:36 - 00067574 ____A C:\Windows\DirectX.log 2012-07-18 09:31 - 2012-09-23 13:56 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-16 12:20 - 2012-07-16 12:18 - 00000000 ____A C:\Users\Jean\Desktop\OK 2012-07-16 12:19 - 2012-07-16 12:18 - 04098584 ____A (Microsoft Corporation) C:\Users\Jean\Downloads\X16-32694.exe.tmp 2012-07-15 16:05 - 2012-07-15 16:05 - 00001247 ____A C:\Users\Jean\Desktop\Any Video Converter.lnk 2012-07-12 20:20 - 2009-07-13 21:08 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-04 14:04 - 2012-09-23 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:01 - 2012-09-23 13:56 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:01 - 2012-09-23 13:56 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:26 - 2012-09-23 13:56 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:23 - 2012-09-23 13:56 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll ATTENTION: ========> Check for possible partition/boot infection: C:\Windows\svchost.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-23 10:26:58 Restore point made on: 2012-09-23 16:45:08 Restore point made on: 2012-09-23 16:48:31 Restore point made on: 2012-09-23 17:25:11 Restore point made on: 2012-09-23 19:05:58 Restore point made on: 2012-09-24 09:35:21 Restore point made on: 2012-09-24 09:57:13 Restore point made on: 2012-09-24 10:01:51 Restore point made on: 2012-09-24 10:10:03 Restore point made on: 2012-09-24 10:16:13 Restore point made on: 2012-09-24 10:22:51 Restore point made on: 2012-09-24 10:23:55 Restore point made on: 2012-09-24 10:28:17 Restore point made on: 2012-09-24 10:34:48 Restore point made on: 2012-09-24 10:36:21 Restore point made on: 2012-09-24 10:42:25 Restore point made on: 2012-09-24 11:09:59 Restore point made on: 2012-09-24 11:36:05 Restore point made on: 2012-09-24 17:55:18 Restore point made on: 2012-09-24 19:06:11 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 3838.36 MB Available physical RAM: 3209.19 MB Total Pagefile: 3836.51 MB Available Pagefile: 3212.42 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: (Gateway) (Fixed) (Total:286.27 GB) (Free:192.75 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:3.03 GB) NTFS 3 Drive f: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF 4 Drive g: (JUMP1) (Removable) (Total:7.31 GB) (Free:7.31 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 7500 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 11 GB 1024 KB Partition 2 Primary 100 MB 11 GB Partition 3 Primary 286 GB 11 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E PQSERVICE NTFS Partition 11 GB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Gateway NTFS Partition 286 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 7500 MB 0 B ================================================================================== Disk: 1 There is no partition selected. There is no partition selected. Please select a partition and try again. ========================================================= Last Boot: 2012-09-20 22:14 ==================== End Of Log =============================
  4. zia16sun
    Thanks! :fingers crossed: Here's the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-09-2012 Ran by SYSTEM at 2012-09-28 10:26:16 Run:1 Running from G:\ ============================================== The operation completed successfully. The operation completed successfully. ==== End of Fixlog ====
  5. zia16sun
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012 Ran by SYSTEM at 28-09-2012 09:46:46 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKU\Default\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] () HKU\Default User\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] () HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ==================== Services (Whitelisted) =================== 2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [104424 2010-06-09] (SEIKO EPSON CORPORATION) 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ===================== 1 MpKsl2da59b7e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C11CA1E-21A0-4931-9638-C91B62B19335}\MpKsl2da59b7e.sys [35664 2012-09-24] (Microsoft Corporation) 3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x] 3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-09-26 10:39 - 2012-09-27 17:48 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean 2012-09-25 06:07 - 2012-09-25 07:08 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-09-25 06:02 - 2012-09-25 06:02 - 00001385 ____A C:\Users\Jean\Desktop\RKreport[6].txt 2012-09-25 06:01 - 2012-09-25 06:01 - 00001363 ____A C:\Users\Jean\Desktop\RKreport[5].txt 2012-09-25 05:57 - 2012-09-25 05:57 - 00001497 ____A C:\Users\Jean\Desktop\RKreport[4].txt 2012-09-25 05:50 - 2012-09-25 05:50 - 00001523 ____A C:\Users\Jean\Desktop\RKreport[3].txt 2012-09-25 05:50 - 2012-09-25 05:50 - 00001489 ____A C:\Users\Jean\Desktop\RKreport[2].txt 2012-09-25 05:23 - 2012-09-25 05:23 - 00001471 ____A C:\Users\Jean\Desktop\RKreport[1].txt 2012-09-25 05:22 - 2012-09-27 17:48 - 00000000 ____D C:\Users\Jean\Desktop\RK_Quarantine 2012-09-24 18:04 - 2012-09-24 18:04 - 00002154 ____A C:\Windows\epplauncher.mif 2012-09-24 17:56 - 2012-09-24 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-09-24 17:56 - 2012-09-24 17:56 - 00744030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-09-24 17:56 - 2012-09-24 17:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-09-24 17:55 - 2010-04-09 03:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-09-24 17:45 - 2012-09-24 17:46 - 12621696 ____A (Microsoft Corporation) C:\Users\Jean\Downloads\mseinstall.exe 2012-09-24 17:10 - 2012-09-24 17:10 - 00274672 ____A C:\Windows\Minidump\092412-28501-01.dmp 2012-09-24 17:07 - 2012-09-24 17:07 - 00274672 ____A C:\Windows\Minidump\092412-30279-01.dmp 2012-09-24 17:04 - 2012-09-24 17:04 - 00274672 ____A C:\Windows\Minidump\092412-32510-01.dmp 2012-09-24 14:23 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2012-09-24 13:00 - 2012-09-24 13:00 - 00023308 ____A C:\Users\Jean\Desktop\Attach.txt 2012-09-24 12:57 - 2012-09-24 12:57 - 00021566 ____A C:\Users\Jean\Desktop\DDS.txt 2012-09-24 12:25 - 2012-09-24 12:25 - 00607260 ____R (Swearware) C:\Users\Jean\Downloads\dds.com 2012-09-24 12:15 - 2012-09-24 12:22 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Mozilla 2012-09-24 12:15 - 2012-09-24 12:15 - 00000000 ____D C:\Users\Jean\AppData\Local\Mozilla 2012-09-24 11:54 - 2012-09-24 11:54 - 00001101 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-09-24 11:54 - 2012-09-24 11:54 - 00000000 ____D C:\Users\All Users\Mozilla 2012-09-24 11:54 - 2012-09-24 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2012-09-24 11:54 - 2012-09-24 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-09-24 11:53 - 2012-09-24 11:53 - 17790056 ____A (Mozilla) C:\Users\Jean\Downloads\Firefox Setup 15.0.1.exe 2012-09-23 19:10 - 2012-09-23 19:10 - 00000129 ____A C:\Windows\System32\MRT.INI 2012-09-23 19:10 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-09-23 19:10 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-09-23 19:10 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-09-23 19:10 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-09-23 19:10 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-09-23 19:10 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-09-23 19:10 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-09-23 19:10 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-09-23 19:10 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-09-23 19:10 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-09-23 19:10 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-09-23 19:10 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-09-23 19:10 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-09-23 19:10 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-09-23 19:10 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-09-23 19:10 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-09-23 19:10 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-09-23 19:10 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-09-23 19:10 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-09-23 19:10 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-09-23 19:10 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-09-23 19:10 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-09-23 19:10 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-09-23 19:10 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-09-23 19:10 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-09-23 19:10 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-09-23 19:10 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-09-23 19:10 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-09-23 19:10 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-09-23 19:10 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-09-23 19:10 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-09-23 19:10 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-09-23 16:43 - 2012-09-23 16:43 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Jean\Downloads\revosetup.exe 2012-09-23 16:43 - 2012-09-23 16:43 - 00001235 ____A C:\Users\Jean\Desktop\Revo Uninstaller.lnk 2012-09-23 16:43 - 2012-09-23 16:43 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2012-09-23 14:01 - 2012-09-23 14:01 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Malwarebytes 2012-09-23 14:01 - 2012-09-07 15:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-23 13:59 - 2012-09-23 14:00 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Jean\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-23 13:57 - 2012-08-02 09:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-09-23 13:57 - 2012-08-02 09:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-09-23 13:57 - 2012-05-05 00:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll 2012-09-23 13:57 - 2012-05-04 23:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2012-09-23 13:57 - 2012-02-10 22:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2012-09-23 13:57 - 2012-02-10 22:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe 2012-09-23 13:57 - 2012-02-10 22:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe 2012-09-23 13:57 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2012-09-23 13:56 - 2012-07-18 09:31 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-09-23 13:56 - 2012-07-04 14:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-09-23 13:56 - 2012-07-04 14:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-09-23 13:56 - 2012-07-04 14:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-09-23 13:56 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-09-23 13:56 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-09-23 13:56 - 2012-05-13 21:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-09-23 13:45 - 2012-09-23 13:45 - 00274672 ____A C:\Windows\Minidump\092312-27877-01.dmp 2012-09-23 10:28 - 2012-09-23 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-23 10:28 - 2012-09-23 10:28 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-23 10:27 - 2012-09-23 12:45 - 00000000 ____D C:\886402493004868d5e 2012-09-23 10:19 - 2012-09-24 17:33 - 00000000 ____D C:\Windows\pss 2012-09-22 13:12 - 2012-09-24 16:58 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite 2012-09-22 11:08 - 2012-09-22 11:09 - 00274672 ____A C:\Windows\Minidump\092212-30841-01.dmp 2012-09-21 14:02 - 2012-09-21 14:02 - 00274672 ____A C:\Windows\Minidump\092112-40451-01.dmp 2012-09-21 12:33 - 2012-09-21 12:33 - 04096000 ____A C:\Program Files (x86)\GUTC783.tmp 2012-09-20 14:07 - 2012-09-20 14:07 - 00000000 ____D C:\Users\Jean\Documents\OneNote Notebooks 2012-09-14 12:46 - 2012-09-21 12:06 - 00000000 ___HD C:\Users\Jean\AppData\Roaming\578EEF29 ==================== 3 Months Modified Files ================== 2012-09-25 06:02 - 2012-09-25 06:02 - 00001385 ____A C:\Users\Jean\Desktop\RKreport[6].txt 2012-09-25 06:01 - 2012-09-25 06:01 - 00001363 ____A C:\Users\Jean\Desktop\RKreport[5].txt 2012-09-25 05:57 - 2012-09-25 05:57 - 00001497 ____A C:\Users\Jean\Desktop\RKreport[4].txt 2012-09-25 05:56 - 2011-02-28 13:09 - 00418304 __ASH C:\Users\Jean\Desktop\Thumbs.db 2012-09-25 05:50 - 2012-09-25 05:50 - 00001523 ____A C:\Users\Jean\Desktop\RKreport[3].txt 2012-09-25 05:50 - 2012-09-25 05:50 - 00001489 ____A C:\Users\Jean\Desktop\RKreport[2].txt 2012-09-25 05:23 - 2012-09-25 05:23 - 00001471 ____A C:\Users\Jean\Desktop\RKreport[1].txt 2012-09-24 19:06 - 2009-11-03 07:13 - 01301382 ____A C:\Windows\WindowsUpdate.log 2012-09-24 19:00 - 2011-03-27 10:28 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-24 18:30 - 2012-07-21 20:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-24 18:17 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-24 18:17 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-24 18:08 - 2011-03-27 10:28 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-24 18:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-24 18:06 - 2009-07-13 20:51 - 00660577 ____A C:\Windows\setupact.log 2012-09-24 18:04 - 2012-09-24 18:04 - 00002154 ____A C:\Windows\epplauncher.mif 2012-09-24 17:56 - 2012-09-24 17:56 - 00744030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-09-24 17:46 - 2012-09-24 17:45 - 12621696 ____A (Microsoft Corporation) C:\Users\Jean\Downloads\mseinstall.exe 2012-09-24 17:10 - 2012-09-24 17:10 - 00274672 ____A C:\Windows\Minidump\092412-28501-01.dmp 2012-09-24 17:10 - 2011-06-18 19:40 - 313961177 ____A C:\Windows\MEMORY.DMP 2012-09-24 17:07 - 2012-09-24 17:07 - 00274672 ____A C:\Windows\Minidump\092412-30279-01.dmp 2012-09-24 17:04 - 2012-09-24 17:04 - 00274672 ____A C:\Windows\Minidump\092412-32510-01.dmp 2012-09-24 16:58 - 2009-08-14 22:59 - 02028614 ____A C:\Windows\PFRO.log 2012-09-24 14:29 - 2010-02-02 15:52 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-09-24 13:00 - 2012-09-24 13:00 - 00023308 ____A C:\Users\Jean\Desktop\Attach.txt 2012-09-24 12:57 - 2012-09-24 12:57 - 00021566 ____A C:\Users\Jean\Desktop\DDS.txt 2012-09-24 12:25 - 2012-09-24 12:25 - 00607260 ____R (Swearware) C:\Users\Jean\Downloads\dds.com 2012-09-24 11:54 - 2012-09-24 11:54 - 00001101 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-09-24 11:53 - 2012-09-24 11:53 - 17790056 ____A (Mozilla) C:\Users\Jean\Downloads\Firefox Setup 15.0.1.exe 2012-09-24 06:38 - 2009-07-13 20:45 - 00452640 ____A C:\Windows\System32\FNTCACHE.DAT 2012-09-23 19:10 - 2012-09-23 19:10 - 00000129 ____A C:\Windows\System32\MRT.INI 2012-09-23 16:43 - 2012-09-23 16:43 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Jean\Downloads\revosetup.exe 2012-09-23 16:43 - 2012-09-23 16:43 - 00001235 ____A C:\Users\Jean\Desktop\Revo Uninstaller.lnk 2012-09-23 14:00 - 2012-09-23 13:59 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Jean\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-23 13:45 - 2012-09-23 13:45 - 00274672 ____A C:\Windows\Minidump\092312-27877-01.dmp 2012-09-23 10:20 - 2009-07-13 20:51 - 00660017 ____A C:\Windows\setupact(67).log 2012-09-22 11:09 - 2012-09-22 11:08 - 00274672 ____A C:\Windows\Minidump\092212-30841-01.dmp 2012-09-21 14:02 - 2012-09-21 14:02 - 00274672 ____A C:\Windows\Minidump\092112-40451-01.dmp 2012-09-21 13:51 - 2011-11-30 13:21 - 00001371 ____A C:\Users\Jean\Desktop\Norton Installation Files.lnk 2012-09-21 13:33 - 2012-07-21 20:03 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-09-21 13:33 - 2012-07-21 20:03 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-09-21 12:33 - 2012-09-21 12:33 - 04096000 ____A C:\Program Files (x86)\GUTC783.tmp 2012-09-09 10:01 - 2012-08-21 07:23 - 00065536 __ASH C:\Users\Jean\Documents\Thumbs.db 2012-09-07 15:04 - 2012-09-23 14:01 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-30 22:43 - 2010-07-26 09:29 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-08-24 03:15 - 2012-09-23 19:10 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-24 02:39 - 2012-09-23 19:10 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-24 02:31 - 2012-09-23 19:10 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-24 02:22 - 2012-09-23 19:10 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-24 02:21 - 2012-09-23 19:10 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-24 02:20 - 2012-09-23 19:10 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-24 02:18 - 2012-09-23 19:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-24 02:17 - 2012-09-23 19:10 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-24 02:14 - 2012-09-23 19:10 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-24 02:14 - 2012-09-23 19:10 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-24 02:13 - 2012-09-23 19:10 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-24 02:12 - 2012-09-23 19:10 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-24 02:11 - 2012-09-23 19:10 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-24 02:10 - 2012-09-23 19:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-24 02:09 - 2012-09-23 19:10 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-24 02:04 - 2012-09-23 19:10 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-23 23:27 - 2012-09-23 19:10 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-23 23:03 - 2012-09-23 19:10 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-23 22:59 - 2012-09-23 19:10 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-23 22:51 - 2012-09-23 19:10 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-23 22:51 - 2012-09-23 19:10 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-23 22:51 - 2012-09-23 19:10 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-23 22:49 - 2012-09-23 19:10 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-23 22:48 - 2012-09-23 19:10 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-23 22:47 - 2012-09-23 19:10 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-23 22:47 - 2012-09-23 19:10 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-08-23 22:47 - 2012-09-23 19:10 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-23 22:45 - 2012-09-23 19:10 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-08-23 22:44 - 2012-09-23 19:10 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-23 22:44 - 2012-09-23 19:10 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-23 22:43 - 2012-09-23 19:10 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-23 22:40 - 2012-09-23 19:10 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-15 20:16 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-12 17:40 - 2011-09-21 13:06 - 00001164 ____A C:\Windows\wininit.ini 2012-08-12 17:23 - 2012-08-12 17:23 - 00001064 ____A C:\Users\Jean\Desktop\Smart PC Cleaner.lnk 2012-08-02 09:55 - 2012-09-23 13:57 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-08-02 09:05 - 2012-09-23 13:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-07-24 07:03 - 2009-11-03 07:36 - 00067574 ____A C:\Windows\DirectX.log 2012-07-18 09:31 - 2012-09-23 13:56 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-16 12:20 - 2012-07-16 12:18 - 00000000 ____A C:\Users\Jean\Desktop\OK 2012-07-16 12:19 - 2012-07-16 12:18 - 04098584 ____A (Microsoft Corporation) C:\Users\Jean\Downloads\X16-32694.exe.tmp 2012-07-15 16:05 - 2012-07-15 16:05 - 00001247 ____A C:\Users\Jean\Desktop\Any Video Converter.lnk 2012-07-12 20:20 - 2009-07-13 21:08 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-04 14:04 - 2012-09-23 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:01 - 2012-09-23 13:56 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:01 - 2012-09-23 13:56 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:26 - 2012-09-23 13:56 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:23 - 2012-09-23 13:56 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll ATTENTION: ========> Check for possible partition/boot infection: C:\Windows\svchost.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-23 10:26:58 Restore point made on: 2012-09-23 16:45:08 Restore point made on: 2012-09-23 16:48:31 Restore point made on: 2012-09-23 17:25:11 Restore point made on: 2012-09-23 19:05:58 Restore point made on: 2012-09-24 09:35:21 Restore point made on: 2012-09-24 09:57:13 Restore point made on: 2012-09-24 10:01:51 Restore point made on: 2012-09-24 10:10:03 Restore point made on: 2012-09-24 10:16:13 Restore point made on: 2012-09-24 10:22:51 Restore point made on: 2012-09-24 10:23:55 Restore point made on: 2012-09-24 10:28:17 Restore point made on: 2012-09-24 10:34:48 Restore point made on: 2012-09-24 10:36:21 Restore point made on: 2012-09-24 10:42:25 Restore point made on: 2012-09-24 11:09:59 Restore point made on: 2012-09-24 11:36:05 Restore point made on: 2012-09-24 17:55:18 Restore point made on: 2012-09-24 19:06:11 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 3838.36 MB Available physical RAM: 3197.64 MB Total Pagefile: 3836.51 MB Available Pagefile: 3206.9 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: (Gateway) (Fixed) (Total:286.27 GB) (Free:192.75 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:3.03 GB) NTFS 3 Drive f: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF 4 Drive g: (JUMP1) (Removable) (Total:7.31 GB) (Free:7.31 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection. Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 7500 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 11 GB 1024 KB Partition 2 Primary 100 MB 11 GB Partition 3 Primary 286 GB 11 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E PQSERVICE NTFS Partition 11 GB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Gateway NTFS Partition 286 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 7500 MB 0 B ================================================================================== Disk: 1 There is no partition selected. There is no partition selected. Please select a partition and try again. ========================================================= Last Boot: 2012-09-20 22:14 ==================== End Of Log =============================
  6. zia16sun
    Yes, I know I had the wrong backup disc, but I now have the right disc. If you need a new Farbar scan showing that, I can run one. I will not do anything until I receive further instruction from you in the AM. Thanks.
  7. zia16sun
    Makes sense. I’ve got two options at this point, and I'll go which ever direction you deem best. 1 - I've got my hands on a Win 7 64bit backup disc and have gone through the steps above for System Recovery Options. Farbar logs read as follows (Note: the error that indicates I used the wrong Windows 7 backup disc is correct - because Microsoft sent me the wrong .iso initially, but I have now rectified that and have the 64 bit disc burnt as well and ran the services.exe scan from that boot): Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-09-2012 Ran by SYSTEM at 27-09-2012 12:06:24 Running from G:\ Windows 7 Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK. ==================== Registry (Whitelisted) =================== HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKU\Default\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] () HKU\Default User\...\RunOnce: [scrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162336 2009-07-21] () Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222 ==================== Services (Whitelisted) =================== 2 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated) 3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [250288 2012-09-21] (Adobe Systems Incorporated) 2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [55144 2011-10-24] (Apple Inc.) 4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation) 2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation) 2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [104424 2010-06-09] (SEIKO EPSON CORPORATION) 2 ePowerSvc; C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [844320 2009-08-05] (Acer Incorporated) 3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [867080 2010-02-26] (Acresso Software Inc.) 3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation) 3 GameConsoleService; "C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe" [238328 2010-01-04] (WildTangent, Inc.) 2 Greg_Service; C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated) 2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [136176 2011-03-27] (Google Inc.) 3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [136176 2011-03-27] (Google Inc.) 2 HsfXAudioService; C:\Windows\SysWOW64\XAudio64.dll [436736 2009-04-29] (Conexant Systems, Inc.) 3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856384 2009-06-10] (Microsoft Corporation) 2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.) 2 LightScribeService; "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [73728 2010-11-22] (Hewlett-Packard Company) 3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-05] (Mozilla Foundation) 2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2010-05-18] (Nero AG) 4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation) 2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [62720 2009-08-20] (NewTech Infosystems, Inc.) 3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [440696 2011-07-20] (Microsoft Corporation) 3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation) 3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) 2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [160944 2012-07-13] (Skype Technologies) 3 Sony SCSI Helper Service; "C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2009-11-09] (Sony Corporation) 2 Updater Service; C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [240160 2009-07-03] (Acer) 2 YahooAUService; "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe" [602392 2008-11-09] (Yahoo! Inc.) 2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] 3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x] ==================== Drivers (Whitelisted) ==================== 0 99229891; C:\Windows\System32\drivers\30903339.sys [208216 2012-09-25] () 3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1484800 2009-07-08] (Atheros Communications, Inc.) 3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) 3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) 3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [1311232 2009-06-10] (Broadcom Corporation) 3 CAXHWAZL; C:\Windows\System32\DRIVERS\CAXHWAZL.sys [292864 2009-02-12] (Conexant Systems, Inc.) 3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRT64.sys [686080 2009-08-11] (Conexant Systems Inc.) 3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) 3 HSF_DPV; C:\Windows\System32\DRIVERS\CAX_DPV.sys [1485824 2009-02-12] (Conexant Systems, Inc.) 3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6108416 2009-06-10] (Intel Corporation) 3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [29720 2010-07-28] (Initio Corporation) 3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [317480 2009-06-20] (Broadcom Corporation) 3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) 3 L1E; C:\Windows\System32\DRIVERS\L1E62x64.sys [54272 2009-06-19] (Atheros Communications, Inc.) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation) 1 MpKsl5b59b0ba; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C11CA1E-21A0-4931-9638-C91B62B19335}\MpKsl5b59b0ba.sys [35664 2012-09-25] (Microsoft Corporation) 3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [620544 2009-06-10] (Ralink Technology, Corp.) 0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55024 2008-06-16] (Sonic Solutions) 3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Conexant Systems, Inc.) 3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.) 3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Conexant Systems, Inc.) 3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-08-02] (Apple, Inc.) 3 winachsf; C:\Windows\System32\DRIVERS\CAX_CNXT.sys [740864 2009-02-12] (Conexant Systems, Inc.) 2 XAudio; C:\Windows\System32\DRIVERS\XAudio64.sys [10240 2009-04-29] (Conexant Systems, Inc.) 3 54911887; [x] 3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x] 3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-09-26 10:39 - 2012-09-26 10:48 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean 2012-09-25 07:08 - 2012-09-25 07:08 - 00208216 ____A C:\Windows\System32\Drivers\30903339.sys 2012-09-25 06:59 - 2012-09-25 06:59 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\34674318.sys 2012-09-25 06:09 - 2012-09-25 06:09 - 00282896 ____A C:\Windows\Minidump\092512-43711-01.dmp 2012-09-25 06:07 - 2012-09-25 07:08 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-09-25 06:02 - 2012-09-25 06:02 - 00001385 ____A C:\Users\Jean\Desktop\RKreport[6].txt 2012-09-25 06:01 - 2012-09-25 06:01 - 00001363 ____A C:\Users\Jean\Desktop\RKreport[5].txt 2012-09-25 05:57 - 2012-09-25 05:57 - 00001497 ____A C:\Users\Jean\Desktop\RKreport[4].txt 2012-09-25 05:50 - 2012-09-25 05:50 - 00001523 ____A C:\Users\Jean\Desktop\RKreport[3].txt 2012-09-25 05:50 - 2012-09-25 05:50 - 00001489 ____A C:\Users\Jean\Desktop\RKreport[2].txt 2012-09-25 05:47 - 2012-09-25 05:47 - 00001170 ____A C:\Users\Jean\Desktop\tdsskiller - Shortcut.lnk 2012-09-25 05:46 - 2012-09-25 05:46 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Jean\Downloads\tdsskiller.exe 2012-09-25 05:23 - 2012-09-25 05:23 - 00001471 ____A C:\Users\Jean\Desktop\RKreport[1].txt 2012-09-25 05:22 - 2012-09-25 05:57 - 00000000 ____D C:\Users\Jean\Desktop\RK_Quarantine 2012-09-25 05:21 - 2012-09-25 05:21 - 01391616 ____A C:\Users\Jean\Downloads\RogueKiller.exe 2012-09-24 19:07 - 2012-09-24 19:08 - 00000000 ___RD C:\Program Files (x86)\Skype 2012-09-24 18:04 - 2012-09-24 18:04 - 00002154 ____A C:\Windows\epplauncher.mif 2012-09-24 17:56 - 2012-09-24 17:57 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-09-24 17:56 - 2012-09-24 17:56 - 00744030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-09-24 17:56 - 2012-09-24 17:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-09-24 17:55 - 2010-04-09 03:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-09-24 17:45 - 2012-09-24 17:46 - 12621696 ____A (Microsoft Corporation) C:\Users\Jean\Downloads\mseinstall.exe 2012-09-24 17:10 - 2012-09-24 17:10 - 00274672 ____A C:\Windows\Minidump\092412-28501-01.dmp 2012-09-24 17:07 - 2012-09-24 17:07 - 00274672 ____A C:\Windows\Minidump\092412-30279-01.dmp 2012-09-24 17:04 - 2012-09-24 17:04 - 00274672 ____A C:\Windows\Minidump\092412-32510-01.dmp 2012-09-24 14:23 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2012-09-24 13:00 - 2012-09-24 13:00 - 00023308 ____A C:\Users\Jean\Desktop\Attach.txt 2012-09-24 12:57 - 2012-09-24 12:57 - 00021566 ____A C:\Users\Jean\Desktop\DDS.txt 2012-09-24 12:25 - 2012-09-24 12:25 - 00607260 ____R (Swearware) C:\Users\Jean\Downloads\dds.com 2012-09-24 12:15 - 2012-09-24 12:22 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Mozilla 2012-09-24 12:15 - 2012-09-24 12:15 - 00000000 ____D C:\Users\Jean\AppData\Local\Mozilla 2012-09-24 11:54 - 2012-09-24 11:54 - 00001101 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-09-24 11:54 - 2012-09-24 11:54 - 00000000 ____D C:\Users\All Users\Mozilla 2012-09-24 11:54 - 2012-09-24 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2012-09-24 11:54 - 2012-09-24 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2012-09-24 11:53 - 2012-09-24 11:53 - 17790056 ____A (Mozilla) C:\Users\Jean\Downloads\Firefox Setup 15.0.1.exe 2012-09-23 19:10 - 2012-09-23 19:10 - 00000129 ____A C:\Windows\System32\MRT.INI 2012-09-23 19:10 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-09-23 19:10 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-09-23 19:10 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-09-23 19:10 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-09-23 19:10 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-09-23 19:10 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-09-23 19:10 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-09-23 19:10 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-09-23 19:10 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-09-23 19:10 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-09-23 19:10 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-09-23 19:10 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-09-23 19:10 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-09-23 19:10 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-09-23 19:10 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-09-23 19:10 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-09-23 19:10 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-09-23 19:10 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-09-23 19:10 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-09-23 19:10 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-09-23 19:10 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-09-23 19:10 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-09-23 19:10 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-09-23 19:10 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-09-23 19:10 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-09-23 19:10 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-09-23 19:10 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-09-23 19:10 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-09-23 19:10 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-09-23 19:10 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-09-23 19:10 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-09-23 19:10 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-09-23 16:43 - 2012-09-23 16:43 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Jean\Downloads\revosetup.exe 2012-09-23 16:43 - 2012-09-23 16:43 - 00001235 ____A C:\Users\Jean\Desktop\Revo Uninstaller.lnk 2012-09-23 16:43 - 2012-09-23 16:43 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2012-09-23 14:01 - 2012-09-23 14:01 - 00000000 ____D C:\Users\Jean\AppData\Roaming\Malwarebytes 2012-09-23 14:01 - 2012-09-07 15:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-23 13:59 - 2012-09-23 14:00 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Jean\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-23 13:57 - 2012-08-02 09:55 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-09-23 13:57 - 2012-08-02 09:05 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-09-23 13:57 - 2012-05-05 00:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll 2012-09-23 13:57 - 2012-05-04 23:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2012-09-23 13:57 - 2012-02-10 22:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2012-09-23 13:57 - 2012-02-10 22:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe 2012-09-23 13:57 - 2012-02-10 22:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe 2012-09-23 13:57 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2012-09-23 13:56 - 2012-07-18 09:31 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-09-23 13:56 - 2012-07-04 14:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-09-23 13:56 - 2012-07-04 14:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-09-23 13:56 - 2012-07-04 14:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-09-23 13:56 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-09-23 13:56 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-09-23 13:56 - 2012-05-13 21:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-09-23 13:45 - 2012-09-23 13:45 - 00274672 ____A C:\Windows\Minidump\092312-27877-01.dmp 2012-09-23 10:28 - 2012-09-23 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-23 10:28 - 2012-09-23 10:28 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-09-23 10:27 - 2012-09-23 12:45 - 00000000 ____D C:\886402493004868d5e 2012-09-23 10:19 - 2012-09-24 17:33 - 00000000 ____D C:\Windows\pss 2012-09-22 13:12 - 2012-09-24 16:58 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite 2012-09-22 11:08 - 2012-09-22 11:09 - 00274672 ____A C:\Windows\Minidump\092212-30841-01.dmp 2012-09-21 14:02 - 2012-09-21 14:02 - 00274672 ____A C:\Windows\Minidump\092112-40451-01.dmp 2012-09-21 12:33 - 2012-09-21 12:33 - 04096000 ____A C:\Program Files (x86)\GUTC783.tmp 2012-09-20 14:07 - 2012-09-20 14:07 - 00000000 ____D C:\Users\Jean\Documents\OneNote Notebooks 2012-09-14 12:46 - 2012-09-21 12:06 - 00000000 ___HD C:\Users\Jean\AppData\Roaming\578EEF29 ==================== 3 Months Modified Files ================== 2012-09-25 07:08 - 2012-09-25 07:08 - 00208216 ____A C:\Windows\System32\Drivers\30903339.sys 2012-09-25 07:06 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-25 07:06 - 2009-07-13 20:45 - 00017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-25 07:03 - 2009-11-03 07:13 - 01416668 ____A C:\Windows\WindowsUpdate.log 2012-09-25 07:00 - 2011-03-27 10:28 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-25 06:59 - 2012-09-25 06:59 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\34674318.sys 2012-09-25 06:58 - 2011-03-27 10:28 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-25 06:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-25 06:57 - 2009-07-13 20:51 - 00660801 ____A C:\Windows\setupact.log 2012-09-25 06:30 - 2012-07-21 20:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-25 06:09 - 2012-09-25 06:09 - 00282896 ____A C:\Windows\Minidump\092512-43711-01.dmp 2012-09-25 06:09 - 2011-06-18 19:40 - 402492025 ____A C:\Windows\MEMORY.DMP 2012-09-25 06:02 - 2012-09-25 06:02 - 00001385 ____A C:\Users\Jean\Desktop\RKreport[6].txt 2012-09-25 06:01 - 2012-09-25 06:01 - 00001363 ____A C:\Users\Jean\Desktop\RKreport[5].txt 2012-09-25 05:57 - 2012-09-25 05:57 - 00001497 ____A C:\Users\Jean\Desktop\RKreport[4].txt 2012-09-25 05:56 - 2011-02-28 13:09 - 00418304 __ASH C:\Users\Jean\Desktop\Thumbs.db 2012-09-25 05:50 - 2012-09-25 05:50 - 00001523 ____A C:\Users\Jean\Desktop\RKreport[3].txt 2012-09-25 05:50 - 2012-09-25 05:50 - 00001489 ____A C:\Users\Jean\Desktop\RKreport[2].txt 2012-09-25 05:47 - 2012-09-25 05:47 - 00001170 ____A C:\Users\Jean\Desktop\tdsskiller - Shortcut.lnk 2012-09-25 05:46 - 2012-09-25 05:46 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Jean\Downloads\tdsskiller.exe 2012-09-25 05:23 - 2012-09-25 05:23 - 00001471 ____A C:\Users\Jean\Desktop\RKreport[1].txt 2012-09-25 05:21 - 2012-09-25 05:21 - 01391616 ____A C:\Users\Jean\Downloads\RogueKiller.exe 2012-09-24 19:08 - 2011-03-27 10:27 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2012-09-24 18:04 - 2012-09-24 18:04 - 00002154 ____A C:\Windows\epplauncher.mif 2012-09-24 17:56 - 2012-09-24 17:56 - 00744030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-09-24 17:46 - 2012-09-24 17:45 - 12621696 ____A (Microsoft Corporation) C:\Users\Jean\Downloads\mseinstall.exe 2012-09-24 17:10 - 2012-09-24 17:10 - 00274672 ____A C:\Windows\Minidump\092412-28501-01.dmp 2012-09-24 17:07 - 2012-09-24 17:07 - 00274672 ____A C:\Windows\Minidump\092412-30279-01.dmp 2012-09-24 17:04 - 2012-09-24 17:04 - 00274672 ____A C:\Windows\Minidump\092412-32510-01.dmp 2012-09-24 16:58 - 2009-08-14 22:59 - 02028614 ____A C:\Windows\PFRO.log 2012-09-24 14:29 - 2010-02-02 15:52 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-09-24 13:00 - 2012-09-24 13:00 - 00023308 ____A C:\Users\Jean\Desktop\Attach.txt 2012-09-24 12:57 - 2012-09-24 12:57 - 00021566 ____A C:\Users\Jean\Desktop\DDS.txt 2012-09-24 12:25 - 2012-09-24 12:25 - 00607260 ____R (Swearware) C:\Users\Jean\Downloads\dds.com 2012-09-24 11:54 - 2012-09-24 11:54 - 00001101 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-09-24 11:53 - 2012-09-24 11:53 - 17790056 ____A (Mozilla) C:\Users\Jean\Downloads\Firefox Setup 15.0.1.exe 2012-09-24 06:38 - 2009-07-13 20:45 - 00452640 ____A C:\Windows\System32\FNTCACHE.DAT 2012-09-23 19:10 - 2012-09-23 19:10 - 00000129 ____A C:\Windows\System32\MRT.INI 2012-09-23 16:43 - 2012-09-23 16:43 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Jean\Downloads\revosetup.exe 2012-09-23 16:43 - 2012-09-23 16:43 - 00001235 ____A C:\Users\Jean\Desktop\Revo Uninstaller.lnk 2012-09-23 14:00 - 2012-09-23 13:59 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Jean\Downloads\mbam-setup-1.65.0.1400.exe 2012-09-23 13:45 - 2012-09-23 13:45 - 00274672 ____A C:\Windows\Minidump\092312-27877-01.dmp 2012-09-23 10:20 - 2009-07-13 20:51 - 00660017 ____A C:\Windows\setupact(67).log 2012-09-22 11:09 - 2012-09-22 11:08 - 00274672 ____A C:\Windows\Minidump\092212-30841-01.dmp 2012-09-21 14:02 - 2012-09-21 14:02 - 00274672 ____A C:\Windows\Minidump\092112-40451-01.dmp 2012-09-21 13:51 - 2011-11-30 13:21 - 00001371 ____A C:\Users\Jean\Desktop\Norton Installation Files.lnk 2012-09-21 13:33 - 2012-07-21 20:03 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-09-21 13:33 - 2012-07-21 20:03 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-09-21 12:33 - 2012-09-21 12:33 - 04096000 ____A C:\Program Files (x86)\GUTC783.tmp 2012-09-09 10:01 - 2012-08-21 07:23 - 00065536 __ASH C:\Users\Jean\Documents\Thumbs.db 2012-09-07 15:04 - 2012-09-23 14:01 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-30 22:43 - 2010-07-26 09:29 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-08-24 03:15 - 2012-09-23 19:10 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-24 02:39 - 2012-09-23 19:10 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-24 02:31 - 2012-09-23 19:10 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-24 02:22 - 2012-09-23 19:10 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-24 02:21 - 2012-09-23 19:10 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-24 02:20 - 2012-09-23 19:10 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-24 02:18 - 2012-09-23 19:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-24 02:17 - 2012-09-23 19:10 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-24 02:14 - 2012-09-23 19:10 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-24 02:14 - 2012-09-23 19:10 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-24 02:13 - 2012-09-23 19:10 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-24 02:12 - 2012-09-23 19:10 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-24 02:11 - 2012-09-23 19:10 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-24 02:10 - 2012-09-23 19:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-24 02:09 - 2012-09-23 19:10 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-24 02:04 - 2012-09-23 19:10 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-23 23:27 - 2012-09-23 19:10 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-23 23:03 - 2012-09-23 19:10 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-23 22:59 - 2012-09-23 19:10 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-23 22:51 - 2012-09-23 19:10 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-23 22:51 - 2012-09-23 19:10 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-23 22:51 - 2012-09-23 19:10 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-23 22:49 - 2012-09-23 19:10 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-23 22:48 - 2012-09-23 19:10 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-23 22:47 - 2012-09-23 19:10 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-23 22:47 - 2012-09-23 19:10 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-08-23 22:47 - 2012-09-23 19:10 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-23 22:45 - 2012-09-23 19:10 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-08-23 22:44 - 2012-09-23 19:10 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-23 22:44 - 2012-09-23 19:10 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-23 22:43 - 2012-09-23 19:10 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-23 22:40 - 2012-09-23 19:10 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-15 20:16 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-12 17:40 - 2011-09-21 13:06 - 00001164 ____A C:\Windows\wininit.ini 2012-08-12 17:23 - 2012-08-12 17:23 - 00001064 ____A C:\Users\Jean\Desktop\Smart PC Cleaner.lnk 2012-08-02 09:55 - 2012-09-23 13:57 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-08-02 09:05 - 2012-09-23 13:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-07-24 07:03 - 2009-11-03 07:36 - 00067574 ____A C:\Windows\DirectX.log 2012-07-18 09:31 - 2012-09-23 13:56 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-16 12:20 - 2012-07-16 12:18 - 00000000 ____A C:\Users\Jean\Desktop\OK 2012-07-16 12:19 - 2012-07-16 12:18 - 04098584 ____A (Microsoft Corporation) C:\Users\Jean\Downloads\X16-32694.exe.tmp 2012-07-15 16:05 - 2012-07-15 16:05 - 00001247 ____A C:\Users\Jean\Desktop\Any Video Converter.lnk 2012-07-12 20:20 - 2009-07-13 21:08 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-04 14:04 - 2012-09-23 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:01 - 2012-09-23 13:56 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:01 - 2012-09-23 13:56 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:26 - 2012-09-23 13:56 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:23 - 2012-09-23 13:56 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll ATTENTION: ========> Check for possible partition/boot infection: C:\Windows\svchost.exe ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2011-04-27 16:42] - [2011-02-25 22:23] - 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93 C:\Windows\System32\winlogon.exe [2010-01-26 16:30] - [2009-10-27 22:24] - 0389632 ____A (Microsoft Corporation) DA3E2A6FA9660CC75B471530CE88453A C:\Windows\System32\wininit.exe [2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA C:\Windows\System32\svchost.exe [2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\User32.dll [2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6 C:\Windows\System32\userinit.exe [2009-07-13 15:50] - [2009-07-13 17:39] - 0030208 ____A (Microsoft Corporation) 6F8F1376A13114CC10C0E69274F5A4DE C:\Windows\System32\Drivers\volsnap.sys [2009-07-13 15:20] - [2009-07-13 17:45] - 0294992 ____A (Microsoft Corporation) 58F82EED8CA24B461441F9C3E4F0BF5C TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-23 10:26:58 Restore point made on: 2012-09-23 16:45:08 Restore point made on: 2012-09-23 16:48:31 Restore point made on: 2012-09-23 17:25:11 Restore point made on: 2012-09-23 19:05:58 Restore point made on: 2012-09-24 09:35:21 Restore point made on: 2012-09-24 09:57:13 Restore point made on: 2012-09-24 10:01:51 Restore point made on: 2012-09-24 10:10:03 Restore point made on: 2012-09-24 10:16:13 Restore point made on: 2012-09-24 10:22:51 Restore point made on: 2012-09-24 10:23:55 Restore point made on: 2012-09-24 10:28:17 Restore point made on: 2012-09-24 10:34:48 Restore point made on: 2012-09-24 10:36:21 Restore point made on: 2012-09-24 10:42:25 Restore point made on: 2012-09-24 11:09:59 Restore point made on: 2012-09-24 11:36:05 Restore point made on: 2012-09-24 17:55:18 Restore point made on: 2012-09-24 19:06:11 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3838.36 MB Available physical RAM: 3300.69 MB Total Pagefile: 3836.64 MB Available Pagefile: 3323.82 MB Total Virtual: 2047.88 MB Available Virtual: 1970.3 MB ==================== Partitions ============================= 1 Drive c: (Gateway) (Fixed) (Total:286.27 GB) (Free:192.61 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (PQSERVICE) (Fixed) (Total:11.72 GB) (Free:3.03 GB) NTFS 3 Drive f: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF 4 Drive g: (JUMP1) (Removable) (Total:7.31 GB) (Free:7.31 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection. Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Disk 1 Online 7500 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 11 GB 1024 KB Partition 2 Primary 100 MB 11 GB Partition 3 Primary 286 GB 11 GB ========================================================= Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E PQSERVICE NTFS Partition 11 GB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Gateway NTFS Partition 286 GB Healthy ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 7500 MB 0 B ========================================================= Disk: 1 There is no partition selected. There is no partition selected. Please select a partition and try again. ========================================================= Last Boot: 2012-09-20 22:14 ==================== End Of Log ============================ Services.exe search log: Farbar Recovery Scan Tool (x64) Version: 25-09-2012 Ran by SYSTEM at 2012-09-27 18:28:09 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ====== My other option is to delete the partition of the MBR as shown in your linked instruction set. I've done the dry run with GParted, and (due to being unable to get a screenshot with the system the way it is) have a picture of the partitions attached. I was a little unsure of whether I should be deleting the diag or boot (assume diag from your prior discussion - but too risky to assume anything here). My next question is if I am deleting any partitions, should I be cloning the hard drive first to ensure nothing gets lost in this process? This lady makes her living from graphic designing on her computer, and if I can save files, etc. now, I definitely want to do so! If this process just corrects the MBR issue and all else is safe, let's proceed!
  8. zia16sun
    Unfortunately, not. I've obtained her Windows Product Key (the OEM key used at Gateway to install the Windows clone on the laptop - the key on the bottom of the laptop was completely obliterated) and I am in the process of downloading a bootable Win7 that I can put on USB with an .iso download from her account so I can attempt to restore it on her system again when I do have that process completed. In the mean time, I removed her hard-drive and slaved it to a working (fully protected) system (initially to ensure it was still intact - which, thankfully, it was), and re-ran the MBAM scan again to see if any of the previously discovered malware may no longer be an issue now that her previous install/Windows registry is gone. I got 3 hits, but found them in the TDSS quarantine, so we were getting somewhere before everything poofed. Files Detected: 3 F:\TDSSKiller_Quarantine\25.09.2012_07.57.44\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken. F:\TDSSKiller_Quarantine\25.09.2012_08.59.00\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken. F:\TDSSKiller_Quarantine\25.09.2012_08.59.00\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken. Interestingly, I originally found Trojan.Agent.BRVGen when starting this process, and now it's finding Trojan.Agent.MRGGen.... I subsequently ran a MSE scan on the drive (since MSE found additional things that MBAM did not), and that scan turned up nothing, so it appears at least some benefit was obtained by the OS imploding....
  9. zia16sun
    Yes, sir. I rebooted before running TDSS again and deleting the previously skipped \Device\Harddisk0\DR0 ( TDSS File System ) files as instructed (I'm aware of the risks associated with modifying system/registry files, and meticulously print/follow instructions line by line to ensure nothing is overlooked or done outside the instructions). All signs point to the system being one blue screen away from sudden death. No luck with getting into the System Recovery Options. After loading the BIOS, it instantly goes to the black screen/blinking cursor and pressing F8 just makes it beep loudly (tried multiple times, both waiting for the bios to load before starting the F8 tapping, and tapping it while the BIOS was loading - same result after BIOS loaded - just loud beeping). It appears the only thing I can do is get into the BIOS. Not even a C:\ prompt to get into the flash drive via cd, etc.
  10. zia16sun
    Done. Note: sytem blue screened again after curing malicous file. TDSS log 1: 07:50:35.0797 4048 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 07:50:37.0870 4048 ============================================================ 07:50:37.0870 4048 Current date / time: 2012/09/25 07:50:37.0870 07:50:37.0870 4048 SystemInfo: 07:50:37.0870 4048 07:50:37.0870 4048 OS Version: 6.1.7600 ServicePack: 0.0 07:50:37.0870 4048 Product type: Workstation 07:50:37.0870 4048 ComputerName: SNURDLOCK 07:50:39.0055 4048 UserName: Jean 07:50:39.0055 4048 Windows directory: C:\Windows 07:50:39.0055 4048 System windows directory: C:\Windows 07:50:39.0056 4048 Running under WOW64 07:50:39.0056 4048 Processor architecture: Intel x64 07:50:39.0056 4048 Number of processors: 2 07:50:39.0056 4048 Page size: 0x1000 07:50:39.0056 4048 Boot type: Normal boot 07:50:39.0056 4048 ============================================================ 07:50:40.0969 4048 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 07:50:40.0975 4048 ============================================================ 07:50:40.0975 4048 \Device\Harddisk0\DR0: 07:50:40.0976 4048 MBR partitions: 07:50:40.0976 4048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000 07:50:40.0976 4048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0 07:50:40.0976 4048 ============================================================ 07:50:41.0015 4048 C: <-> \Device\Harddisk0\DR0\Partition2 07:50:41.0015 4048 ============================================================ 07:50:41.0015 4048 Initialize success 07:50:41.0015 4048 ============================================================ 07:50:50.0439 1900 Deinitialize success TDSS Log 2: 07:56:11.0284 3840 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 07:56:11.0705 3840 ============================================================ 07:56:11.0705 3840 Current date / time: 2012/09/25 07:56:11.0705 07:56:11.0705 3840 SystemInfo: 07:56:11.0705 3840 07:56:11.0705 3840 OS Version: 6.1.7600 ServicePack: 0.0 07:56:11.0705 3840 Product type: Workstation 07:56:11.0705 3840 ComputerName: SNURDLOCK 07:56:11.0705 3840 UserName: Jean 07:56:11.0705 3840 Windows directory: C:\Windows 07:56:11.0705 3840 System windows directory: C:\Windows 07:56:11.0705 3840 Running under WOW64 07:56:11.0705 3840 Processor architecture: Intel x64 07:56:11.0705 3840 Number of processors: 2 07:56:11.0705 3840 Page size: 0x1000 07:56:11.0705 3840 Boot type: Normal boot 07:56:11.0705 3840 ============================================================ 07:56:17.0411 3840 BG loaded 07:56:17.0832 3840 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 07:56:17.0832 3840 ============================================================ 07:56:17.0832 3840 \Device\Harddisk0\DR0: 07:56:17.0848 3840 MBR partitions: 07:56:17.0848 3840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000 07:56:17.0848 3840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0 07:56:17.0848 3840 ============================================================ 07:56:17.0894 3840 C: <-> \Device\Harddisk0\DR0\Partition2 07:56:17.0894 3840 ============================================================ 07:56:17.0894 3840 Initialize success 07:56:17.0894 3840 ============================================================ TDSS Log 3 was the long one - and is attached here. TDSSKiller.2.8.10.0_25.09.2012_07.57.43_log.txt
  11. zia16sun
    Good morning, Mr. Charlie. I look forward to working with you again. RK Log is as follows: RogueKiller V8.0.5 [09/23/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Jean [Admin rights] Mode : Scan -- Date : 09/25/2012 07:23:35 ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD32 00BEVT-22ZCT0 SATA Disk Device +++++ --- User --- [MBR] 08068581104347a69fe0aaca55abc31e [bSP] d338ea1457af39a95e38be6e79f5e04f : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt
  12. zia16sun
    Greetings experts! I've got a system now that was brought to me to cure an incessant rebooting/blue screen issue. Based on the owner's description of known activities prior to the time that this issue started, I suspected trojans and confirmed that preliminary diagnosis via MBAM. I see that the malware is preventing installation of SP3 (Error FFFFFFE), and MSE has discovered Trojan:Dos/Alureon.A (not found by MBAM). So, with no further ado, here we go! DDS Log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Jean at 14:26:36 on 2012-09-24 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.1959 [GMT -6:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\PLFSetI.exe C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6b6l0300z165a4861x268 mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6b6l0300z165a4861x268 mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv53&r=27361209i6b6l0300z165a4861x268 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - C:\Users\Jean\AppData\Roaming\Qwiklinx\Qwiklinx.dll BHO: SpecialSavings: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [eBook Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe mRun: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [speetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" StartupFolder: C:\Users\Jean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: intuit.com\ttlc Trusted Zone: soe.com Trusted Zone: sony.com DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 8.8.8.8 208.67.222.222 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C} : DhcpNameServer = 8.8.8.8 208.67.222.222 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C}\157756374775966496 : DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C}\353627160737 : DhcpNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C}\361627D696E656 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C}\46C696E6B6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E7511BEB-F2E6-46F2-8544-FDB0A48E973C}\E4544574541425 : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Jean\AppData\Roaming\Qwiklinx\Qwiklinx.dll BHO-X64: Qwiklinx - No File BHO-X64: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll BHO-X64: SpecialSavings - No File BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [eBook Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [Microsoft Works Update Detection] C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe mRun-x64: [EPSON_UD_START] "C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [speetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\bqy638yc.default\ FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Jean\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 EMP_UDSA;EMP_UDSA;C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2011-6-2 104424] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-11-3 844320] R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496] R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 676936] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-15 240160] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-21 250288] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-24 114144] S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-3 225280] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-24 20:15:16 -------- d-----w- C:\Users\Jean\AppData\Local\Mozilla 2012-09-24 17:13:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62B69180-6710-4CB7-B56E-B9CA8A91D06E}\offreg.dll 2012-09-24 17:10:40 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{62B69180-6710-4CB7-B56E-B9CA8A91D06E}\mpengine.dll 2012-09-24 01:31:51 20480 ----a-w- C:\Windows\svchost.exe 2012-09-24 00:43:53 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-09-23 22:01:43 -------- d-----w- C:\Users\Jean\AppData\Roaming\Malwarebytes 2012-09-23 22:01:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-23 21:57:31 503808 ----a-w- C:\Windows\System32\srcore.dll 2012-09-23 21:57:31 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2012-09-23 21:57:17 751104 ----a-w- C:\Windows\System32\win32spl.dll 2012-09-23 21:57:17 67584 ----a-w- C:\Windows\splwow64.exe 2012-09-23 21:57:17 559104 ----a-w- C:\Windows\System32\spoolsv.exe 2012-09-23 21:57:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-09-23 21:57:07 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-23 21:57:07 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-23 21:56:53 58880 ----a-w- C:\Windows\System32\browcli.dll 2012-09-23 21:56:53 41472 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-09-23 21:56:53 136704 ----a-w- C:\Windows\System32\browser.dll 2012-09-23 21:56:49 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-09-23 21:56:40 956416 ----a-w- C:\Windows\System32\localspl.dll 2012-09-23 18:28:13 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-23 18:28:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-23 18:27:29 -------- d-----w- C:\886402493004868d5e 2012-09-23 18:19:03 -------- d-----w- C:\Windows\pss 2012-09-22 21:12:55 -------- d-----w- C:\Windows\System32\drivers\N360x64 2012-09-22 21:12:54 -------- d-----w- C:\Program Files (x86)\Norton Security Suite 2012-09-22 19:16:06 754824 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2012-09-21 20:33:57 4096000 ----a-w- C:\Program Files (x86)\GUTC783.tmp 2012-09-14 20:46:22 -------- d--h--w- C:\Users\Jean\AppData\Roaming\578EEF29 . ==================== Find3M ==================== . 2012-09-21 21:33:17 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 21:33:17 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-07-22 04:07:30 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS . ============= FINISH: 14:27:55.75 =============== Attach Log (not attached per note in forum opening pinned topic). . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/25/2009 10:02:11 AM System Uptime: 9/24/2012 8:37:03 AM (6 hours ago) . Motherboard: Gateway | | SJV50TR Processor: AMD Athlon™ II Dual-Core M300 | Socket S1G3 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 194.027 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP336: 9/22/2012 1:13:38 PM - Windows Update RP337: 9/23/2012 12:26:01 PM - Windows Update RP338: 9/23/2012 6:44:55 PM - Revo Uninstaller's restore point - AVG Security Toolbar RP339: 9/23/2012 6:48:26 PM - Revo Uninstaller's restore point - Google Toolbar for Internet Explorer RP340: 9/23/2012 7:25:06 PM - Revo Uninstaller's restore point - Smart PC Cleaner v3.0 RP341: 9/23/2012 9:05:49 PM - Windows Update RP342: 9/24/2012 11:35:11 AM - Revo Uninstaller's restore point - DefaultTab Chrome RP343: 9/24/2012 11:57:08 AM - Revo Uninstaller's restore point - DefaultTab RP344: 9/24/2012 12:01:46 PM - Revo Uninstaller's restore point - Google Chrome RP345: 9/24/2012 12:09:58 PM - Revo Uninstaller's restore point - Qwiklinx RP346: 9/24/2012 12:16:08 PM - Revo Uninstaller's restore point - Shop To Win RP347: 9/24/2012 12:22:45 PM - Revo Uninstaller's restore point - Java™ 6 Update 31 RP348: 9/24/2012 12:23:17 PM - Removed Java™ 6 Update 31 RP349: 9/24/2012 12:28:11 PM - Revo Uninstaller's restore point - Yahoo! Toolbar RP350: 9/24/2012 12:34:43 PM - Revo Uninstaller's restore point - Skype Toolbars RP351: 9/24/2012 12:36:15 PM - Revo Uninstaller's restore point - McAfee Security Scan Plus RP352: 9/24/2012 12:42:19 PM - Windows Update RP353: 9/24/2012 1:09:48 PM - Windows Update RP354: 9/24/2012 1:35:54 PM - Windows Update . ==== Installed Programs ====================== . . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Photoshop Elements 8.0 Adobe Photoshop.com Inspiration Browser Adobe Reader 9.3 MUI Adobe Shockwave Player 11.6 Advertising Center AMD USB Filter Driver Any Video Converter 3.4.0 Apple Application Support Apple Software Update Audacity 1.3.12 Backup Manager Basic Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system CricutSync CyberLink Power2Go CyberLink PowerDVD 8 D3DX10 DC Universe Online Live DING! DolbyFiles eBay Worldwide EPSON USB Display Flixster Collections Gateway Games Gateway InfoCentre Gateway MyBackup Gateway Power Management Gateway Recovery Management Gateway Registration Gateway ScreenSaver Gateway Updater Google Earth Google Update Helper HP Photo Creations HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential Identity Card ImagXpress Junk Mail filter update Launch Manager LightScribe System Software Malwarebytes Anti-Malware version 1.65.0.1400 Menu Templates - Starter Kit Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Picture It! Photo 2002 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Move Media Player Movie Templates - Starter Kit Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero 9 Trial Nero BurnRights Nero BurnRights Help Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero Vision Help NeroExpress neroxml Norton Online Backup Punch! Home Design - Platinum QuickTime Reader Library by Sony Realtek USB 2.0 Card Reader Revo Uninstaller 1.94 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype™ 5.1 SmartFTP Client Setup Files 4.0 (x64) (remove only) SpecialSavings TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wnmiper TurboTax 2011 wrapper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Video Web Camera Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Install Manager Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 9/24/2012 8:38:47 AM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). 9/24/2012 1:36:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932). 9/23/2012 3:49:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect. 9/23/2012 3:49:04 PM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/23/2012 3:45:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800030a0117, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092312-27877-01. 9/23/2012 3:43:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 9/23/2012 3:43:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/23/2012 12:20:34 PM, Error: amdsata [11] - The driver detected a controller error on \Device\RaidPort0. 9/23/2012 12:18:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 9/23/2012 12:15:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 9/23/2012 12:15:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 9/23/2012 12:15:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 9/23/2012 12:15:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 9/23/2012 12:15:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6 9/23/2012 12:14:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003054117, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092312-23415-01. 9/22/2012 8:29:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_N360 discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON Wanarpv6 9/22/2012 8:29:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000047ab, 0x0000000000000002, 0x0000000000000001, 0xfffff80003064995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092212-22167-01. 9/22/2012 8:25:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Security Suite service to connect. 9/22/2012 8:25:50 PM, Error: Service Control Manager [7000] - The Norton Security Suite service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/22/2012 1:15:53 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Malicious Software Removal Tool x64 - September 2012 (KB890830). 9/22/2012 1:09:09 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff8000309d995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092212-30841-01. 9/21/2012 4:02:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000400000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff8000309b995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092112-40451-01. 9/21/2012 4:00:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. 9/21/2012 4:00:25 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/21/2012 3:33:09 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 9/21/2012 2:53:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 SRTSP 9/21/2012 2:52:46 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied.. 9/21/2012 2:51:53 PM, Error: SRTSP [5] - 9/21/2012 2:38:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 9/21/2012 2:37:06 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 9/21/2012 2:36:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 9/21/2012 2:36:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff800030d8136). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092112-35381-01. 9/21/2012 2:36:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 9/21/2012 2:36:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2012 2:36:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:20 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/21/2012 2:36:20 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2012 2:36:20 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2012 2:36:20 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2012 2:36:20 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/21/2012 2:14:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 9/21/2012 2:14:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 9/21/2012 2:12:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003056117, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092112-34179-01. 9/21/2012 2:09:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003063117, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092112-86923-01. 9/21/2012 12:24:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 9/20/2012 7:10:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect. 9/20/2012 7:10:13 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/20/2012 4:07:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 9/20/2012 4:02:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000088, 0x0000000000000002, 0x0000000000000001, 0xfffff8000309f8fe). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092012-25116-01. 9/20/2012 4:00:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect. 9/20/2012 4:00:30 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/20/2012 2:35:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80003069995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092012-33836-01. 9/20/2012 2:26:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff8000305f995). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092012-89279-01. 9/20/2012 2:17:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 9/20/2012 2:17:04 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/20/2012 2:16:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88006a6e3a8, 0xfffff88006a6dc10, 0xfffff88001495825). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092012-73102-01. . ==== End Of File ===========================
  13. zia16sun

    Excellent, clear, and prompt assistance with a very nasty issue. Thanks, Mr. Charlie!

  14. zia16sun
    One last thing I've had to resolve after removing these malware issues. I started the cleanup process, removing the out of date antivirus (which, interestingly enough showed in the above log that it was up to date - when I know it to have expired and not to have been renewed) using Avast's uninstaller since my prior attempt to uninstall using Revo Uninstaller had shown as successful, and I thought it had been until reviewing the log above. I then installed MSE, and proceeded to attempt to re-enable the firewall and Windows Defender, etc. I received an error saying that Windows Security Center could not be started as well as the error "Windows Firewall can't change some of your settings. Error code 0x80070424". I spent many hours researching this problem and finding unhelpful discussions, but finally found the answers needed to resolve this issue here. This enabled me to start Windows Security Center, but when attempting again to start the firewall, I received the error stating "Windows could not start Windows Firewall on local Computer. See event log, if non-windows services contact vendor. Error code 5." More reasearch finally took me to the the answer found here that allowed me to start the firewall and Windows Defender. I now have Windows Security Center, Windows Firewall and Windows Defender all running successfully on this system, as well as have re-run all scans again to ensure all remains clear. All is well, and I'm thrilled that I didn't have to reinstall the OS on this system since no backups have been made (yet), and does not have a Windows CD for reinstallations. Reinstalling the OS would've caused multiple complicated issues to resolve, and I'm beyond grateful to have been able to fully resolve the many issues on this system without wiping all of my friend's files, pictures of family, etc. Anyway, thanks again, Mr. C for your prompt and thorough assistance. I will also comment on your profile, I just wanted to help others find follow-ups to other issues that may arise following removal of the zeroaccess rootkit from their systems and potentially save them hours of research on unreliable or unhelpful sites. This combination of processes (starting with the excellent experts on Malwarebytes, and following up with a few other fixesz0 to fully restore the system's security, has fixed this system! Thanks!
  15. zia16sun
    Security check log is as follows: Results of screen317's Security Check version 0.99.51 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! avast! Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 CCleaner Java 6 Update 17 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  16. zia16sun
    It's running very well now. Night and day difference. Do I have your blessing to move forward with other cleanup - such as temp files, installing anti-virus, etc.?
  17. zia16sun
    I very much appreciate your prompt assistance this late - particularly considering the two hour time difference! Latest RK scan came up with no alerts (bravo!) RogueKiller V8.0.4 [09/19/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : Angela [Admin rights] Mode : Scan -- Date : 09/20/2012 21:04:57 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST380811 0AS SCSI Disk Device +++++ --- User --- [MBR] 96bf69c457b8bebcf403ca4bd2ba64c9 [bSP] cf42810ed9eb59b389d280cc8e4491c9 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 73171 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 149934645 | Size: 3074 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt I'm out for the night as well, but will check back around 4am to see if you're masochistic enough to have responded by then. Otherwise, will continue this tomorrow evening when I'm back from work. Thanks!
  18. zia16sun
    Excellent. MBAM log is clear: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.20.11 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Angela :: ANGELA-PC [administrator] 9/20/2012 8:32:42 PM mbam-log-2012-09-20 (20-32-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 282290 Time elapsed: 11 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) RK log not so happy: RogueKiller V8.0.4 [09/19/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : Angela [Admin rights] Mode : Scan -- Date : 09/20/2012 20:48:24 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\L --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST380811 0AS SCSI Disk Device +++++ --- User --- [MBR] 96bf69c457b8bebcf403ca4bd2ba64c9 [bSP] cf42810ed9eb59b389d280cc8e4491c9 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 73171 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 149934645 | Size: 3074 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt Getting warmer...
  19. zia16sun
    We'd like to attempt the fix before completely installing the OS. TDSSKiller produced two logs. One was reasonable in length, the other very long, so is attached.TDSSKiller.2.8.10.0_20.09.2012_19.52.02_log.txt 19:56:47.0720 1396 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 19:56:47.0752 1396 ============================================================ 19:56:47.0752 1396 Current date / time: 2012/09/20 19:56:47.0752 19:56:47.0752 1396 SystemInfo: 19:56:47.0752 1396 19:56:47.0752 1396 OS Version: 6.1.7600 ServicePack: 0.0 19:56:47.0752 1396 Product type: Workstation 19:56:47.0752 1396 ComputerName: ANGELA-PC 19:56:47.0752 1396 UserName: Angela 19:56:47.0752 1396 Windows directory: C:\Windows 19:56:47.0752 1396 System windows directory: C:\Windows 19:56:47.0752 1396 Processor architecture: Intel x86 19:56:47.0752 1396 Number of processors: 2 19:56:47.0752 1396 Page size: 0x1000 19:56:47.0752 1396 Boot type: Normal boot 19:56:47.0752 1396 ============================================================ 19:56:48.0859 1396 BG loaded 19:56:49.0546 1396 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 19:56:49.0546 1396 ============================================================ 19:56:49.0546 1396 \Device\Harddisk0\DR0: 19:56:49.0546 1396 MBR partitions: 19:56:49.0546 1396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8EE9870 19:56:49.0546 1396 ============================================================ 19:56:49.0608 1396 C: <-> \Device\Harddisk0\DR0\Partition1 19:56:49.0608 1396 ============================================================ 19:56:49.0608 1396 Initialize success 19:56:49.0608 1396 ============================================================
  20. zia16sun
    Thank you, Mr. C. I look forward to working with you to resolve this issue. The DDS log is as follows: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Angela at 19:01:35 on 2012-09-20 . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Windows\Explorer.EXE C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Angela\Desktop\dds.com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070610 uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us uStart Page = hxxp://www.google.com/ mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 LSP: mswsock.dll DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204839935328 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{1724B18E-A399-44F0-8417-A30F03569178} : DhcpNameServer = 192.168.1.1 Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll . ============= SERVICES / DRIVERS =============== . R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? cpuz132;cpuz132 R? MBAMSwissArmy;MBAMSwissArmy R? mv2;mv2 R? StorSvc;Storage Service R? WatAdminSvc;Windows Activation Technologies Service R? WDC_SAM;WD SCSI Pass Thru driver S? WDDMService;WD SmartWare Drive Manager S? WDSmartWareBackgroundService;WD SmartWare Background Service . =============== Created Last 30 ================ . 2012-09-21 00:37:52 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-09-21 00:09:54 -------- d--h--w- c:\windows\PIF 2012-09-21 00:01:54 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-20 23:59:09 -------- d-----w- c:\windows\pss 2012-09-20 13:02:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-19 02:17:59 -------- d-----w- c:\users\angela\appdata\roaming\Malwarebytes 2012-09-19 02:17:41 -------- d-----w- c:\programdata\Malwarebytes 2012-09-19 02:17:40 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-19 02:17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-19 01:44:42 -------- d-----w- c:\program files\VS Revo Group 2012-09-11 04:14:05 -------- d-----w- c:\program files\GUM1900.tmp 2012-09-11 04:12:56 -------- d-----w- c:\users\angela\appdata\local\Google 2012-09-11 02:16:18 -------- d-----w- c:\program files\CCleaner . ==================== Find3M ==================== . 2012-09-21 00:01:54 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: ST380811 rev.3.AD -> Harddisk0\DR0 -> . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x857254B1]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8572c93c]; MOV EAX, [0x8572cab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x82A46458] -> \Device\Harddisk0\DR0[0x854DF3E0] 3 CLASSPNP[0x8718E59E] -> ntkrnlpa!IofCallDriver[0x82A46458] -> [0x84530740] 5 ACPI[0x831AB3B2] -> ntkrnlpa!IofCallDriver[0x82A46458] -> \00000057[0x852F99D8] \Driver\nvstor[0x8566F938] -> IRP_MJ_CREATE -> 0x857254B1 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } detected disk devices: \Device\00000057 -> \??\SCSI#Disk&Ven_ST380811&Prod_0AS#4&377153bc&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 19:07:05.35 =============== Attach log (posted here per the information in the above link, and per your request) . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 5/19/2010 3:37:08 PM System Uptime: 9/20/2012 6:00:32 PM (1 hours ago) . Motherboard: Dell Inc | | Processor: AMD Athlon 64 X2 Dual Core Processor 3600+ | Socket M2 | 1786/1000mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 71 GiB total, 36.366 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP270: 9/18/2012 7:13:49 PM - Scheduled Checkpoint RP272: 9/18/2012 7:48:30 PM - Revo Uninstaller's restore point - avast! Internet Security RP273: 9/18/2012 7:50:24 PM - avast! Internet Security Setup RP275: 9/18/2012 8:06:06 PM - Revo Uninstaller's restore point - Google Toolbar for Internet Explorer RP277: 9/18/2012 8:11:01 PM - Revo Uninstaller's restore point - MSN Toolbar RP278: 9/18/2012 8:11:11 PM - Removed MSN Toolbar RP279: 9/18/2012 8:12:12 PM - Removed Microsoft Search Enhancement Pack RP280: 9/18/2012 8:13:01 PM - Removed Microsoft Default Manager . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.2 Adobe® Photoshop® Album Starter Edition 3.2 Broadcom Management Programs CCleaner Compatibility Pack for the 2007 Office system Dell CinePlayer Dell Support 3.2.1 Dell System Restore High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers Infragisticsv62Install Infragisticsv62Install 2009 J2SE Runtime Environment 5.0 Update 6 Java 6 Update 17 Java 6 Update 2 Java 6 Update 3 Java SE Runtime Environment 6 Update 1 LivingPlay Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Access 2000 SR-1 Runtime Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Primary Interop Assemblies Microsoft Office Basic Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Works MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Nike+ Connect Nikon Message Center Nikon Transfer NVIDIA Drivers Picture Control Utility PPC Library Administrator PVSonyDll QuickBooks QuickBooks Premier: Accountant Edition 2009 Revo Uninstaller 1.94 SearchAssist Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) Sonic Activation Module SupportSoft Assisted Service TweakUAC UltraTax Font Installer Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Windows Internet Explorer 8 (KB973874) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) URL Assistant ViewNX Visual Studio 2005 Tools for Office Second Edition Runtime Walmart Photo Manager WD SmartWare WebFldrs XP WebIQ Technology Engine Windows Easy Transfer for Windows 7 Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 3 . ==== Event Viewer Messages From Past Week ======== . 9/20/2012 7:02:45 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 6 time(s). 9/20/2012 6:59:50 PM, Error: Service Control Manager [7034] - The Certificate Propagation service terminated unexpectedly. It has done this 3 time(s). 9/20/2012 6:48:17 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s). 9/20/2012 6:44:56 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s). 9/20/2012 6:44:56 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 4 time(s). 9/20/2012 6:44:56 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/20/2012 6:32:20 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s). 9/20/2012 6:32:20 PM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s). 9/20/2012 6:32:20 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s). 9/20/2012 6:32:20 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s). 9/20/2012 6:32:20 PM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s). 9/20/2012 6:32:20 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s). 9/20/2012 6:32:20 PM, Error: Service Control Manager [7034] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 3 time(s). 9/20/2012 6:32:20 PM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s). 9/20/2012 6:32:20 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s). 9/20/2012 6:32:20 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/20/2012 6:12:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 9/20/2012 6:07:15 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/20/2012 6:07:15 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/20/2012 6:07:15 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/20/2012 6:07:15 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time (s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/20/2012 6:07:15 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/20/2012 6:06:32 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 6:06:32 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 6:06:32 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time (s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 6:06:32 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/20/2012 6:06:32 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 6:06:32 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 6:05:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Help and Support service to connect. 9/20/2012 6:05:25 PM, Error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time (s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time (s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/20/2012 6:04:55 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/20/2012 6:00:58 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 9/20/2012 6:00:58 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 9/20/2012 5:59:52 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32. 9/20/2012 3:10:17 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time (s). 9/20/2012 12:51:54 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s). 9/20/2012 11:43:36 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s). 9/19/2012 7:41:04 PM, Error: Service Control Manager [7034] - The Help and Support service terminated unexpectedly. It has done this 3 time(s). 9/19/2012 7:27:00 PM, Error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 9/18/2012 7:40:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 9/13/2012 2:55:37 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 18 time(s). 9/13/2012 2:48:20 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 17 time(s). . ==== End Of File =========================== I cannot get the RogueKiller scan to complete. It makes it approximately 3/4 of the way through and errors saying Windows can't complete it, trying to allow Windows to fix the problem and continue is also non-productive. I have removed all external drives, am running the RogueKiller solo, and as administrator.
  21. zia16sun
    Greetings experts. I've gone through the removal of nearly the same Trojans and Rootkits as I'm finding on the latest system that I'm fixing, and I was very, very tempted to just go through my previous logs to fix this latest issue, but I also know that the fixes are done in a specific order with specific codes written for the machines being worked on, so I decided to go about this the safe way and not turn my friend's computer into a paper weight. So, I have run several Malwarebytes scans on this system (Dell Dimension C521 running Win 7 Pro - 32-bit), and I have been able to successfully remove all issues except for the Trojan.0access, Trojan.Dropper, Trojan.Small, Rootkit.0access and Rootkit.Zaccess. The deletion/quarantine shows as being successful in each log, but they're still there on the next run of Malwarebytes, so it looks like we need to go through the process again. I appreciate the guidance, as well as the reminder to not go about this on my own and assume I know what I'm doing since I've done this once before. Most recent Malwarebytes log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.20.01 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Angela :: ANGELA-PC [administrator] 9/20/2012 7:02:37 AM mbam-log-2012-09-20 (07-02-37).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 468662 Time elapsed: 1 hour(s), 58 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{832737a7-f82f-6403-c43c-27792c0a6aaa}\U\80000000.@ (Trojan.Small) -> Quarantined and deleted successfully. (end)
  22. zia16sun
    Thank you again, Gringo. Yes, I did read the last post and have uninstalled all "dangerous" tools as outlined above. We haven't encountered any further issues, and the laptop is running like new. I also further appreciate the information on your personal tools/program preferences, and will be keeping those in my arsenal for the next problem child that comes my way.
  23. zia16sun
    Hallelujah! I agree that it's best to optimize the system as much as possible, so I "fixed" the above identified items via HiJack this, and ran the ESET online scanner. FYI, they may have changed permissions with that as I am unable to copy and paste in that window, but the report is short, so can easily be relayed. The ESET onloine scanner report is clear: No threats found. Scanned Files: 166732 Infected Files: 0 Cleaned Files: 0 Total scan time: 01:47:22 Scan status: Finished.
  24. zia16sun
    Greetings again, Gringo. I hope you had a good weekend. Apologies for the delayed response, but I sent the laptop home with mommy for the weekend (under strict instructions to simply test for issues, not run rampant and reinfect it!). The only report of issues observed involved inability to connect to a specific wireless connection but it is connecting successfully to several other wireless connections, so I suspect the issue in that regard had to do with the specific wireless connection and not so much the system itself. Anyway, in continuation of tools/logs, I have completed your instruction set from Friday, and the corresponding logs are as follows: Malwarebytes (no suspicious files found - yay!) 2012/06/18 07:31:28 -0600 ALEX-LAPTOP-PC (null) MESSAGE Executing scheduled update: Daily 2012/06/18 07:31:50 -0600 ALEX-LAPTOP-PC Crys MESSAGE Scheduled update executed successfully: database updated from version v2012.06.13.07 to version v2012.06.18.05 2012/06/18 07:32:28 -0600 ALEX-LAPTOP-PC Crys MESSAGE Executing scheduled scan: Full Scan | Daily | -remove | -log 2012/06/18 07:32:28 -0600 ALEX-LAPTOP-PC Crys MESSAGE Scheduled scan executed successfully 2012/06/18 11:34:13 -0600 ALEX-LAPTOP-PC Crys MESSAGE Starting protection 2012/06/18 11:34:15 -0600 ALEX-LAPTOP-PC Crys MESSAGE Protection started successfully 2012/06/18 11:34:18 -0600 ALEX-LAPTOP-PC Crys MESSAGE Starting IP protection 2012/06/18 11:34:20 -0600 ALEX-LAPTOP-PC Crys MESSAGE IP Protection started successfully 2012/06/18 11:34:20 -0600 ALEX-LAPTOP-PC Crys MESSAGE Starting database refresh 2012/06/18 11:34:20 -0600 ALEX-LAPTOP-PC Crys MESSAGE Stopping IP protection 2012/06/18 11:34:21 -0600 ALEX-LAPTOP-PC Crys MESSAGE IP Protection stopped 2012/06/18 11:34:24 -0600 ALEX-LAPTOP-PC Crys MESSAGE Database refreshed successfully 2012/06/18 11:34:24 -0600 ALEX-LAPTOP-PC Crys MESSAGE Starting IP protection 2012/06/18 11:34:25 -0600 ALEX-LAPTOP-PC Crys MESSAGE IP Protection started successfully HiJack This Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:10:26 PM, on 6/18/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19272) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Windows\system32\igfxext.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.EXE C:\Windows\System32\notepad.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\sdclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Ambient Light Sensor (alssvc) - Dell Inc. - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - c:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\STacSV.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- End of file - 13712 bytes I am awaiting further instruction, and as always, am also very appreciative of your ongoing guidance.
  25. zia16sun
    Done. The report is as follows: Update for Microsoft Office 2007 (KB2508958) Adobe Acrobat 9 Pro Adobe Acrobat 9.5.1 - CPSID_83708 Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Linguistics CS4 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Amazon MP3 Downloader 1.0.12 Ambient Light Sensor Apple Application Support Apple Mobile Device Support Apple Software Update Artemis Artemis AuthenTec Fingerprint Software Bing Bar BioAPI Framework Bonjour Broadcom NetXtreme-I Netlink Driver and Management Installer CCleaner Coby Media Manager Connect Coupon Printer for Windows D3DX10 DCP32MMWrapper Dell Backup and Recovery Manager Dell Control Point Dell ControlPoint Security Manager Dell ControlPoint System Manager Dell Edoc Viewer Dell Embassy Trust Suite by Wave Systems Dell Security Device Driver Pack Dell Touchpad Document Manager Lite EMBASSY Security Center EMBASSY Security Setup EndNote X3 ESC Home Page Plugin Foxit Reader Gemalto Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2565057) Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233) HP Deskjet 2050 J510 series Basic Device Software HP Deskjet 2050 J510 series Help HP Deskjet 2050 J510 series Product Improvement Study HP Photo Creations HP Update Intel PROSet Wireless Intel® PROSet/Wireless WiFi Software API Intel® PROSet/Wireless WiFi Software Driver Intel® TV Wizard Intel® Matrix Storage Manager iTunes Java Auto Updater Java 6 Update 24 JScreenFix Junk Mail filter update kuler Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Messenger Companion Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Help Viewer 1.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server VSS Writer Microsoft Visual C++ Compilers 2010 Standard - enu - x86 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Visual C++ 2010 Express - ENU Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Mozilla Firefox 13.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NTRU TCG Software Stack OGA Notifier 2.0.0048.0 PDF Settings CS4 Photoshop Camera Raw PowerDVD DX Preboot Manager Private Information Manager QuickTime Qwest Installer Qwest QuickAssist Desktop Tools ResearchSoft Direct Export Helper Secunia PSI (2.0.0.3003) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Wizards Segoe UI Service Pack 2 for SQL Server 2008 (KB2285068) Skype Click to Call Skype™ 5.9 Snagit 10.0.1 SO32MMWrapper SpywareBlaster 4.2 Sql Server Customer Experience Improvement Program Stata 11 Suite Shared Configuration CS4 Trusted Drive Manager Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) UPEK TouchChip Fingerprint Reader VLC media player 2.0.1 Wave Infrastructure Installer Wave Support Software WD SmartWare Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0) Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.