skizzerboom
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by skizzerboom
-
-
Thanks, I have completed all the cleanup tasks. I am wondering about the 2 files in quarantine and your earlier post,
"Those detections by ESET are in quarantine already which we will be clearing up shortly," --- did we do sometning to accomplish that?
Thank you
-
chkdsk completed without errors, Java is updated.
-
2 dds logs:
Computer seems to be running just fine.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Dale at 19:03:33 on 2012-06-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2005.1134 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\880\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 10.0\acrobat\AdobeCollabSync.exe"
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [PP8 Reminder] "c:\program files\scansoft\paperport\webereg\navbrowser.exe" -r "c:\program files\scansoft\paperport\webereg\navLoad.ini"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 8\drag to disc\DrgToDsc.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\dale\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: anb.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: lowes.com\www
Trusted Zone: southwest.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 208.180.83.133 208.180.42.68
TCP: Interfaces\{809513B4-9808-48FD-A63E-65081E6E4C6B} : DhcpNameServer = 172.16.4.11 172.16.4.12
TCP: Interfaces\{9C383740-C6F1-4434-97E5-175D62866C99} : DhcpNameServer = 208.180.83.133 208.180.42.68
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-23 654408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-23 22344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-25 40776]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-12 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-12 116648]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-6-23 28488]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-6 1343400]
.
=============== Created Last 30 ================
.
2012-06-26 12:47:47 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{92355e35-251d-49e6-8815-6d04640e5425}\offreg.dll
2012-06-26 12:45:27 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-06-26 12:45:24 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{92355e35-251d-49e6-8815-6d04640e5425}\mpengine.dll
2012-06-26 02:42:27 -------- d-----w- C:\FRST
2012-06-26 01:35:32 -------- d-----w- c:\program files\ESET
2012-06-26 01:21:49 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-26 01:07:30 -------- d-----w- C:\$RECYCLE.BIN
2012-06-26 00:58:53 98816 ----a-w- c:\windows\sed.exe
2012-06-26 00:58:53 518144 ----a-w- c:\windows\SWREG.exe
2012-06-26 00:58:53 256000 ----a-w- c:\windows\PEV.exe
2012-06-26 00:58:53 208896 ----a-w- c:\windows\MBR.exe
2012-06-26 00:49:41 -------- d-----w- c:\windows\system32\appmgmt
2012-06-25 02:16:41 81984 ----a-w- c:\windows\system32\bdod.bin
2012-06-25 02:04:07 -------- d-----w- C:\found.000
2012-06-25 01:56:25 -------- d-----w- c:\users\dale\appdata\roaming\BitDefender
2012-06-25 01:56:01 -------- d-----w- c:\programdata\BitDefender
2012-06-25 01:56:01 -------- d-----w- c:\program files\BitDefender
2012-06-25 01:55:01 -------- d-----w- c:\program files\common files\BitDefender
2012-06-24 09:14:02 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-23 17:37:16 -------- d-----w- c:\users\dale\appdata\roaming\Malwarebytes
2012-06-23 17:37:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 17:37:13 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 17:37:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-23 17:37:03 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-23 17:05:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-19 12:48:35 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-06-19 12:48:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-06-19 12:46:02 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 12:45:40 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 12:45:27 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 12:45:27 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-13 22:41:37 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 22:41:37 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:41:36 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 22:41:35 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:41:30 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 22:41:30 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 22:41:30 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 22:41:23 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 22:41:22 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 22:41:22 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:41:22 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 14:29:17 -------- d-----w- c:\users\dale\appdata\local\Google
.
==================== Find3M ====================
.
2012-06-14 10:58:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 10:58:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 19:04:01.10 ===============
ATTACH.TXT
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2011 12:48:36 PM
System Uptime: 6/26/2012 12:41:05 PM (7 hours ago)
.
Motherboard: Dell Inc. | | 0PU052
Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 840.683 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&0&18
Service:
.
Class GUID:
Description: PCI Serial Port
Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Service:
.
==== System Restore Points ===================
.
RP101: 6/19/2012 7:45:13 AM - Windows Update
RP102: 6/20/2012 3:00:23 AM - Windows Update
RP103: 6/24/2012 7:46:13 AM - Windows Update
RP104: 6/24/2012 4:45:15 PM - Restore Operation
RP105: 6/24/2012 8:55:19 PM - Installed BitDefender Free Edition 2009
RP106: 6/25/2012 7:43:48 PM - Removed BitDefender Free Edition 2009
RP107: 6/25/2012 7:49:49 PM - Removed BitDefender Free Edition 2009
.
==== Installed Programs ======================
.
.
Adobe Acrobat X Standard
Adobe Flash Player 11 ActiveX
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
Carbonite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX
ESET Online Scanner v3
Garmin Lifetime Updater
Google Earth Plug-in
Google Update Helper
GoToMeeting 5.1.0.880
Intel® Graphics Media Accelerator Driver
iSEEK AnswerWorks English Runtime
iTunes
Java Auto Updater
Java 6 Update 29
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyMediaBookmarks
NetWaiting
NRP Instructor DVD-ROM
PaperPort 8.0 SE
Quicken 2012
QuickTime
Roxio Easy Media Creator 8 Suite
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Skype™ 5.8
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
.
==== Event Viewer Messages From Past Week ========
.
6/25/2012 8:06:20 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/25/2012 7:57:15 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.
6/25/2012 7:57:12 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy10.
6/25/2012 7:57:04 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy3.
6/25/2012 7:57:01 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.
6/25/2012 7:56:59 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy7.
6/25/2012 7:52:29 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/25/2012 7:52:29 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/25/2012 7:52:04 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/25/2012 7:52:03 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/25/2012 7:52:03 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/24/2012 9:19:52 PM, Error: Service Control Manager [7000] - The Profos service failed to start due to the following error: The request is not supported.
6/24/2012 9:17:03 PM, Error: Service Control Manager [7000] - The bdfm service failed to start due to the following error: Access is denied.
6/24/2012 9:06:11 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/24/2012 9:06:11 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536.
6/24/2012 8:53:42 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
6/24/2012 8:25:43 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
6/24/2012 8:25:43 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
6/24/2012 7:58:29 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/24/2012 7:57:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
6/24/2012 7:57:20 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/24/2012 7:54:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
6/24/2012 4:25:00 PM, Error: Microsoft Antimalware [1119] -
6/24/2012 4:24:19 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/24/2012 4:24:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/24/2012 4:24:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/24/2012 4:24:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/24/2012 4:24:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/24/2012 4:24:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/24/2012 4:24:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
6/24/2012 4:24:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/24/2012 4:24:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx Wanarpv6 WfpLwf
6/24/2012 4:24:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/24/2012 4:24:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2012 4:24:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2012 4:24:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/24/2012 4:24:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/24/2012 4:24:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2012 4:24:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/24/2012 4:24:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2012 4:24:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/24/2012 4:24:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/24/2012 10:06:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
6/23/2012 12:51:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/23/2012 12:51:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/20/2012 3:01:28 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
6/20/2012 3:00:28 AM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/20/2012 12:31:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UMVPFSrv service.
6/19/2012 12:57:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
-
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
Database version: v2012.06.25.10
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Dale :: CHAPMANPC [administrator]
Protection: Enabled
6/25/2012 8:23:12 PM
mbam-log-2012-06-25 (20-23-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209276
Time elapsed: 4 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
C:\Qoobox\Quarantine\C\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\800000cb.@.vir probably a variant of Win32/Agent.TEO trojan
-
combofix log:
ComboFix 12-06-25.04 - Dale 06/25/2012 20:00:53.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2005.1125 [GMT -5:00]
Running from: c:\users\Dale\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dale\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CEB564B2-B049-4586-98CF-9C4E69359D2A}.xps
c:\users\Dale\AppData\Local\Temp\{D140E787-DCE6-49D7-8D76-B99F23B6DE93}\fpb.tmp
c:\users\Dale\Documents\EPT3A3.tmp
c:\users\Dale\g2mdlhlpx.exe
c:\windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\@
c:\windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\80000000.@
c:\windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\800000cb.@
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 02:42 . 2012-06-26 02:43 -------- d-----w- C:\FRST
2012-06-25 02:16 . 2012-06-26 00:44 81984 ----a-w- c:\windows\system32\bdod.bin
2012-06-25 02:04 . 2012-06-25 02:04 -------- d-----w- C:\found.000
2012-06-25 01:56 . 2012-06-25 01:56 -------- d-----w- c:\users\Dale\AppData\Roaming\BitDefender
2012-06-25 01:56 . 2012-06-26 00:50 -------- d-----w- c:\program files\BitDefender
2012-06-25 01:56 . 2012-06-25 23:46 -------- d-----w- c:\programdata\BitDefender
2012-06-25 01:55 . 2012-06-26 00:50 -------- d-----w- c:\program files\Common Files\BitDefender
2012-06-24 09:14 . 2012-06-24 12:43 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-06-23 17:37 . 2012-06-23 17:37 -------- d-----w- c:\users\Dale\AppData\Roaming\Malwarebytes
2012-06-23 17:37 . 2012-06-23 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-23 17:37 . 2012-06-23 17:37 -------- d-----w- c:\programdata\Malwarebytes
2012-06-23 17:37 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 17:37 . 2012-06-23 17:52 28488 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-23 17:05 . 2012-06-23 17:05 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-19 12:48 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-06-19 12:48 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-06-19 12:46 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 12:46 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 12:46 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 12:46 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 12:45 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 12:45 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 12:45 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 12:45 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 12:45 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 22:41 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 22:41 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 22:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 22:41 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 22:41 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 22:41 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 22:41 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 22:41 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 22:41 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 22:41 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 22:41 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 14:29 . 2012-06-12 14:30 -------- d-----w- c:\program files\Google
2012-06-12 14:29 . 2012-06-12 14:29 -------- d-----w- c:\users\Dale\AppData\Local\Google
2012-05-27 21:16 . 2012-05-27 21:16 -------- d-----w- c:\users\Dale\AppData\Roaming\CatenaLogic
2012-05-27 21:16 . 2012-05-27 21:16 -------- d-----w- c:\program files\CatenaLogic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 10:58 . 2012-04-12 10:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 10:58 . 2011-11-08 19:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-31 04:39 . 2012-05-11 12:25 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 12:25 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-11 12:25 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-12-06 02:41 1005712 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\880\g2mstart.exe" [2011-11-23 39816]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-04-04 1261472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 36864]
"PP8 Reminder"="c:\program files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" [2002-09-26 57344]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-11-22 1687552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-11-22 163840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-12-15 1446248]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-12-06 1059472]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-06-12 116648]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-06-12 116648]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-06-23 28488]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-06 1343400]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 10:58]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-12 14:29]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-12 14:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: anb.com\www
Trusted Zone: intuit.com\ttlc
Trusted Zone: lowes.com\www
Trusted Zone: southwest.com\www
TCP: DhcpNameServer = 208.180.83.133 208.180.42.68
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4036)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-06-25 20:10:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-26 01:10
.
Pre-Run: 903,465,676,800 bytes free
Post-Run: 903,240,810,496 bytes free
.
- - End Of File - - E99F2A447DA52E5917820A37CB271BD7
-
here is the log , there were no problems in rebooting the system. Shall I proceed with the combofix portion of the instructions?
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-25 19:35:26 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
==== End of Fixlog ====
-
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 25-06-2012 18:42:55
Running from F:\
Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [indexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [36864 2002-09-23] ()
HKLM\...\Run: [PP8 Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini" [469 2011-11-05] ()
HKLM\...\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [1687552 2005-11-21] (Sonic Solutions)
HKLM\...\Run: [] [x]
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [163840 2005-11-22] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1446248 2011-12-15] (Garmin)
HKLM\...\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1059472 2011-12-05] (Carbonite, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [782336 2012-06-24] (BitDefender S.R.L.)
HKU\Dale\...\Run: [GoToMeeting] "C:\Program Files\Citrix\GoToMeeting\880\g2mstart.exe" "/Trigger RunAtLogon" [39816 2011-11-22] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Dale\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [1261472 2012-04-03] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.180.83.133 208.180.42.68
Startup: C:\Users\Dale\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
================================ Services (Whitelisted) ==================
2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [4426384 2011-12-05] (Carbonite, Inc. (www.carbonite.com))
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 IntuitUpdateService; "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 IntuitUpdateServiceV4; "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2011-08-25] (Intuit Inc.)
2 LIVESRV; "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service [419096 2012-06-24] (BitDefender SRL)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
2 RoxLiveShare; "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe" [233472 2005-11-22] (Sonic Solutions)
3 RoxMediaDB; "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe" [864256 2005-11-22] (Sonic Solutions)
3 RoxUPnPRenderer; "C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe" [45056 2005-11-21] (Sonic Solutions)
2 RoxUpnpServer; "C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" [409600 2005-11-21] (Sonic Solutions)
2 RoxWatch; "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe" [155648 2005-11-22] (Sonic Solutions)
3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [323584 2012-06-24] (S.C. BitDefender S.R.L)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-01-31] (Skype Technologies)
2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
2 VSSERV; "C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service [1626112 2009-04-06] (BitDefender S. R. L.)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1203200 2010-11-20] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
3 bdfm; C:\Windows\System32\drivers\bdfm.sys [146312 2012-06-24] (BitDefender S.R.L. Bucharest, ROMANIA)
3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [266376 2009-04-06] (BitDefender S.R.L. Bucharest, ROMANIA)
3 BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [8832 2009-01-12] (BitDefender S.R.L.)
1 cdudf_xp; C:\Windows\System32\Drivers\cdudf_xp.sys [311680 2005-10-22] (Sonic Solutions)
3 dvd_2K; C:\Windows\System32\Drivers\dvd_2K.sys [27264 2005-10-22] (Sonic Solutions)
3 LVRS; C:\Windows\System32\DRIVERS\lvrs.sys [315808 2011-08-19] (Logitech Inc.)
3 LVUVC; C:\Windows\System32\DRIVERS\lvuvc.sys [4332960 2012-01-18] (Logitech Inc.)
3 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [28488 2012-06-23] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 mmc_2K; C:\Windows\System32\Drivers\mmc_2K.sys [27136 2005-10-22] (Sonic Solutions)
3 Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [13056 2008-09-02] ()
1 pwd_2k; C:\Windows\System32\Drivers\pwd_2k.sys [119168 2005-10-22] (Sonic Solutions)
1 RxFilter; C:\Windows\System32\DRIVERS\RxFilter.sys [50176 2005-11-21] (Sonic Solutions)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [77184 2010-11-20] (Microsoft Corporation)
3 terminpt; C:\Windows\system32\drivers\terminpt.sys [25600 2010-11-20] (Microsoft Corporation)
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [112640 2010-11-20] (Microsoft Corporation)
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-06-25 18:42 - 2012-06-25 18:43 - 00000000 ____D C:\FRST
2012-06-24 18:16 - 2012-06-24 18:16 - 00081984 ____A C:\Windows\System32\bdod.bin
2012-06-24 18:16 - 2012-06-24 18:16 - 00065773 ____A C:\Windows\System32\BDUpdateV1.xml
2012-06-24 18:05 - 2012-06-24 18:05 - 00000850 ____A C:\Windows\System32\ProductTweaks.xml
2012-06-24 18:05 - 2012-06-24 18:05 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-06-24 18:04 - 2012-06-24 18:04 - 00000000 __SHD C:\found.000
2012-06-24 17:58 - 2012-06-24 17:59 - 16208824 ____A (Microsoft Corporation) C:\Users\Dale\Downloads\Windows-KB890830-V4.9.exe
2012-06-24 17:56 - 2012-06-24 18:01 - 00000000 ____D C:\Users\All Users\BitDefender
2012-06-24 17:56 - 2012-06-24 17:56 - 00002096 ____A C:\Users\Public\Desktop\BitDefender Free Edition 2009.lnk
2012-06-24 17:56 - 2012-06-24 17:56 - 00000000 ____D C:\Users\Dale\AppData\Roaming\BitDefender
2012-06-24 17:56 - 2012-06-24 17:56 - 00000000 ____D C:\Program Files\BitDefender
2012-06-24 17:55 - 2012-06-24 17:56 - 00000000 ____D C:\Program Files\Common Files\BitDefender
2012-06-24 05:59 - 2012-06-24 05:59 - 00000174 ____A C:\Users\Dale\Desktop\New shortcut.lnk
2012-06-24 05:56 - 2012-06-24 05:56 - 00001270 ____A C:\Users\Dale\Desktop\shutdown.lnk
2012-06-24 04:42 - 2012-06-24 04:43 - 10288512 ____A (Microsoft Corporation) C:\Users\Dale\Downloads\mseinstall (1).exe
2012-06-24 01:14 - 2012-06-24 04:43 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-06-23 09:37 - 2012-06-23 09:52 - 00028488 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2012-06-23 09:37 - 2012-06-23 09:37 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-23 09:37 - 2012-06-23 09:37 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Malwarebytes
2012-06-23 09:37 - 2012-06-23 09:37 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-23 09:37 - 2012-06-23 09:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-23 09:37 - 2012-04-04 12:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-23 09:36 - 2012-06-23 09:37 - 00000000 ___AD C:\Users\Dale\Desktop\Chameleon
2012-06-23 09:05 - 2012-06-23 09:05 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-19 04:48 - 2011-02-18 22:30 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-06-19 04:48 - 2011-02-18 22:30 - 00739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-06-19 04:46 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-19 04:46 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-19 04:46 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-19 04:46 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-19 04:45 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-19 04:45 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-19 04:45 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-19 04:45 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-19 04:45 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-14 00:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 00:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 00:01 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 00:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 00:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 00:01 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 00:01 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 00:01 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 00:01 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 00:01 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 00:01 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 00:01 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 00:01 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 00:01 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 14:41 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 14:41 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 14:41 - 2012-04-27 20:41 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-13 14:41 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 14:41 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 14:41 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 14:41 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 14:41 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 14:41 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 14:41 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 14:41 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 06:29 - 2012-06-25 15:20 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-12 06:29 - 2012-06-25 10:12 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-12 06:29 - 2012-06-12 06:30 - 00000000 ____D C:\Program Files\Google
2012-06-12 06:29 - 2012-06-12 06:29 - 00000000 ____D C:\Users\Dale\AppData\Local\Google
2012-05-27 13:16 - 2012-05-27 13:16 - 02306888 ____A (CatenaLogic ) C:\Users\Dale\Downloads\mymediabookmarks_exe_1.5.exe
2012-05-27 13:16 - 2012-05-27 13:16 - 00000000 ____D C:\Users\Dale\AppData\Roaming\CatenaLogic
2012-05-27 13:16 - 2012-05-27 13:16 - 00000000 ____D C:\Program Files\CatenaLogic
2012-05-26 08:22 - 2012-05-26 08:22 - 00001754 ____A C:\Users\Dale\Desktop\recipes - Shortcut.lnk
2012-05-26 08:20 - 2012-05-26 08:20 - 00001732 ____A C:\Users\Dale\Documents\recipes - Shortcut (2).lnk
2012-05-26 08:19 - 2012-05-26 08:19 - 00001732 ____A C:\Users\Dale\Documents\recipes - Shortcut.lnk
============ 3 Months Modified Files and Folders ===============
2012-06-25 15:26 - 2011-11-05 11:43 - 01458755 ____A C:\Windows\WindowsUpdate.log
2012-06-25 15:20 - 2012-06-12 06:29 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-25 15:20 - 2009-07-13 20:39 - 00125680 ____A C:\Windows\setupact.log
2012-06-25 15:19 - 2012-04-12 02:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-25 10:12 - 2012-06-12 06:29 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-25 09:58 - 2011-11-07 16:35 - 00000000 ___AD C:\Users\Dale\Documents\Outlook Files
2012-06-25 04:30 - 2009-07-13 20:34 - 00026048 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-25 04:30 - 2009-07-13 20:34 - 00026048 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-25 04:28 - 2010-11-20 13:01 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-25 04:22 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-24 18:16 - 2012-06-24 18:16 - 00081984 ____A C:\Windows\System32\bdod.bin
2012-06-24 18:16 - 2012-06-24 18:16 - 00065773 ____A C:\Windows\System32\BDUpdateV1.xml
2012-06-24 18:15 - 2009-04-15 12:13 - 00146312 ____A (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\System32\Drivers\bdfm.sys
2012-06-24 18:05 - 2012-06-24 18:05 - 00000850 ____A C:\Windows\System32\ProductTweaks.xml
2012-06-24 18:05 - 2012-06-24 18:05 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-06-24 18:04 - 2012-06-24 18:04 - 00000000 __SHD C:\found.000
2012-06-24 18:01 - 2012-06-24 17:56 - 00000000 ____D C:\Users\All Users\BitDefender
2012-06-24 17:59 - 2012-06-24 17:58 - 16208824 ____A (Microsoft Corporation) C:\Users\Dale\Downloads\Windows-KB890830-V4.9.exe
2012-06-24 17:56 - 2012-06-24 17:56 - 00002096 ____A C:\Users\Public\Desktop\BitDefender Free Edition 2009.lnk
2012-06-24 17:56 - 2012-06-24 17:56 - 00000000 ____D C:\Users\Dale\AppData\Roaming\BitDefender
2012-06-24 17:56 - 2012-06-24 17:56 - 00000000 ____D C:\Program Files\BitDefender
2012-06-24 17:56 - 2012-06-24 17:55 - 00000000 ____D C:\Program Files\Common Files\BitDefender
2012-06-24 16:43 - 2010-11-20 13:48 - 00035076 ____A C:\Windows\PFRO.log
2012-06-24 16:43 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\schemas
2012-06-24 13:54 - 2011-11-05 09:48 - 00000000 ____D C:\users\Dale
2012-06-24 13:53 - 2010-11-20 16:46 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-24 13:53 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-06-24 13:53 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\registration
2012-06-24 13:27 - 2011-11-05 10:11 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-24 05:59 - 2012-06-24 05:59 - 00000174 ____A C:\Users\Dale\Desktop\New shortcut.lnk
2012-06-24 05:56 - 2012-06-24 05:56 - 00001270 ____A C:\Users\Dale\Desktop\shutdown.lnk
2012-06-24 04:43 - 2012-06-24 04:42 - 10288512 ____A (Microsoft Corporation) C:\Users\Dale\Downloads\mseinstall (1).exe
2012-06-24 04:43 - 2012-06-24 01:14 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-06-24 04:03 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Speech
2012-06-24 04:02 - 2012-01-11 05:27 - 00000000 __SHD C:\Users\Dale\AppData\Local\{a33cce43-982e-15b3-0307-78280978ec8c}
2012-06-23 10:19 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\Offline Web Pages
2012-06-23 10:10 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\TAPI
2012-06-23 09:52 - 2012-06-23 09:37 - 00028488 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2012-06-23 09:37 - 2012-06-23 09:37 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-23 09:37 - 2012-06-23 09:37 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Malwarebytes
2012-06-23 09:37 - 2012-06-23 09:37 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-23 09:37 - 2012-06-23 09:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-23 09:37 - 2012-06-23 09:36 - 00000000 ___AD C:\Users\Dale\Desktop\Chameleon
2012-06-23 09:05 - 2012-06-23 09:05 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-20 04:21 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-06-20 00:18 - 2011-11-07 18:00 - 00000000 ___AD C:\Users\Dale\Documents\recipes
2012-06-14 16:07 - 2011-11-05 09:48 - 00000000 ____D C:\Users\Dale\AppData\Local\VirtualStore
2012-06-14 10:10 - 2011-12-09 20:52 - 00212992 __ASH C:\Users\Dale\Documents\Thumbs.db
2012-06-14 02:58 - 2012-04-12 02:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-14 02:58 - 2011-11-08 11:22 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-14 00:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-14 00:27 - 2009-07-13 20:33 - 00457128 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 00:10 - 2011-11-05 13:32 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-12 18:19 - 2011-11-05 14:00 - 00002002 ___AH C:\Users\Dale\Documents\Default.rdp
2012-06-12 18:09 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2012-06-12 15:04 - 2011-12-03 16:11 - 00002014 ____A C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
2012-06-12 15:02 - 2011-11-05 13:50 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-12 06:30 - 2012-06-12 06:29 - 00000000 ____D C:\Program Files\Google
2012-06-12 06:29 - 2012-06-12 06:29 - 00000000 ____D C:\Users\Dale\AppData\Local\Google
2012-06-03 20:35 - 2011-11-05 10:36 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-19 04:46 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 04:46 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 04:46 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 04:45 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 04:45 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-19 04:46 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-19 04:45 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-19 04:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:12 - 2012-06-19 04:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-27 13:16 - 2012-05-27 13:16 - 02306888 ____A (CatenaLogic ) C:\Users\Dale\Downloads\mymediabookmarks_exe_1.5.exe
2012-05-27 13:16 - 2012-05-27 13:16 - 00000000 ____D C:\Users\Dale\AppData\Roaming\CatenaLogic
2012-05-27 13:16 - 2012-05-27 13:16 - 00000000 ____D C:\Program Files\CatenaLogic
2012-05-26 08:22 - 2012-05-26 08:22 - 00001754 ____A C:\Users\Dale\Desktop\recipes - Shortcut.lnk
2012-05-26 08:20 - 2012-05-26 08:20 - 00001732 ____A C:\Users\Dale\Documents\recipes - Shortcut (2).lnk
2012-05-26 08:19 - 2012-05-26 08:19 - 00001732 ____A C:\Users\Dale\Documents\recipes - Shortcut.lnk
2012-05-23 19:26 - 2011-11-07 01:30 - 00000000 ____D C:\Users\Dale\AppData\Roaming\Roxio
2012-05-23 19:25 - 2012-05-23 14:41 - 1234847870 ____A C:\Users\Dale\Downloads\volume12.wmv
2012-05-19 11:13 - 2011-11-05 13:32 - 00000000 ____D C:\Users\Dale\AppData\Local\Microsoft Help
2012-05-17 15:11 - 2012-06-14 00:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-14 00:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-14 00:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-14 00:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-14 00:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 00:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-14 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-14 00:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 00:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-14 00:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 00:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-14 00:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 00:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 15:11 - 2012-05-15 15:11 - 25656265 ____A C:\Users\Dale\Downloads\what_if..._.mp3
2012-05-14 17:05 - 2012-06-13 14:41 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 12:31 - 2011-11-07 17:41 - 00000000 ___AD C:\Users\Dale\Documents\KC 401k
2012-05-12 00:27 - 2010-11-20 16:46 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-05 07:12 - 2012-05-05 07:12 - 85164032 ____A C:\Users\Dale\Accounts.QDF-backup
2012-04-30 20:44 - 2012-06-13 14:41 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 20:41 - 2012-06-13 14:41 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:17 - 2012-06-13 14:41 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-13 14:41 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-13 14:41 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-13 14:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-13 14:41 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-13 14:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 14:41 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-19 19:19 - 2012-04-19 19:19 - 00004328 ____A C:\Users\Dale\Downloads\149920312.vcs
2012-04-13 18:25 - 2011-12-31 08:27 - 00000000 ___AD C:\Users\Dale\Documents\TurboTax
2012-04-13 17:27 - 2011-11-07 18:01 - 00000000 ___AD C:\Users\Dale\Documents\tax returns
2012-04-12 02:54 - 2011-11-22 18:26 - 00001339 ____A C:\Users\Dale\Desktop\GoToMeeting.lnk
2012-04-12 00:08 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-04-11 10:26 - 2011-11-07 17:40 - 00000000 ___AD C:\Users\Dale\Documents\DC 401k
2012-04-10 08:39 - 2011-11-07 17:40 - 00000000 ___AD C:\Users\Dale\Documents\Karen Chapman
2012-04-10 04:36 - 2012-04-10 04:36 - 00092660 ____A C:\Users\Dale\Downloads\20120101.ofx
2012-04-07 03:26 - 2012-06-13 14:41 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-04 12:56 - 2012-06-23 09:37 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 20:39 - 2012-05-11 04:25 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-11 04:25 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 02:23 - 2012-05-11 04:25 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
ZeroAccess:
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\@
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\L
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\00000001.@
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\80000000.@
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\800000cb.@
ZeroAccess:
C:\Users\Dale\AppData\Local\{a33cce43-982e-15b3-0307-78280978ec8c}
C:\Users\Dale\AppData\Local\{a33cce43-982e-15b3-0307-78280978ec8c}\@
C:\Users\Dale\AppData\Local\{a33cce43-982e-15b3-0307-78280978ec8c}\L
C:\Users\Dale\AppData\Local\{a33cce43-982e-15b3-0307-78280978ec8c}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 26%
Total physical RAM: 2004.61 MB
Available physical RAM: 1472.32 MB
Total Pagefile: 2004.61 MB
Available Pagefile: 1473.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.68 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:931.41 GB) (Free:822.43 GB) NTFS
2 Drive e: (KRD10) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
3 Drive f: () (Removable) (Total:0.96 GB) (Free:0.37 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 982 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 981 MB 31 KB
======================================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 981 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-18 05:00
======================= End Of Log ==========================
-
Actually this is a more current log.
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
Database version: v2012.06.23.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Dale :: CHAPMANPC [administrator]
Protection: Enabled
6/24/2012 5:40:51 PM
mbam-log-2012-06-24 (17-40-51).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320949
Time elapsed: 29 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
-
Thank you , I believe this is what you requested.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
Database version: v2012.06.23.05
Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Dale :: CHAPMANPC [administrator]
Protection: Disabled
6/23/2012 12:52:30 PM
mbam-log-2012-06-23 (12-52-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212044
Time elapsed: 4 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|fopcynweq (Trojan.Lameshield) -> Data: C:\Users\Dale\AppData\Local\fopcynweq.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Dale\AppData\Local\{a33cce43-982e-15b3-0307-78280978ec8c}\n. -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
C:\Users\Dale\AppData\Local\fopcynweq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Dale\Local Settings\fopcynweq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Dale\Local Settings\Application Data\fopcynweq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Dale\Local Settings\Temporary Internet Files\Content.IE5\I3HUV9AN\soft5[1].exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Dale\Local Settings\Temporary Internet Files\Content.IE5\VWEPY4W9\soft4[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\n (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{a33cce43-982e-15b3-0307-78280978ec8c}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
-
Assistance is requested in removing three infections, trojan.small, trojan.sirefef and rootkit.0access detected and quarantined by mbam version 1.61.0.1400, which reappear after deletion and reboot.
Thank you.
trojan.small trojan.sirefef rootkit.0access removal
in Resolved Malware Removal Logs
Posted
thank you very much, youve been a big and gracious help.