Pootarts

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02 Ran by SYSTEM at 17-07-2012 16:54:15 Running from I:\ Windows 7 Ultimate (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1840720 2007-09-13] (CANON INC.) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2012-04-02] (LogMeIn, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [2215768 2011-09-30] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [73728 2007-06-13] (Nuance Communications, Inc.) HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKU\Cammy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-01-21] (Google Inc.) HKU\Cammy\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKU\Cammy\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [22465104 2012-02-07] (ooVoo LLC) Tcpip\Parameters: [DhcpNameServer] 97.81.22.195 71.92.29.130 24.217.201.67 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.) ==================== Services (Whitelisted) ====== 2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () 2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375208 2012-07-11] (LogMeIn, Inc.) 2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147368 2012-07-11] (LogMeIn, Inc.) 2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2012-04-02] (LogMeIn, Inc.) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-03-01] (Intuit Inc.) ========================== Drivers (Whitelisted) ============= 2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2012-04-02] (LogMeIn, Inc.) 3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2012-04-02] (LogMeIn, Inc.) 2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2012-04-02] (LogMeIn, Inc.) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 4 LMIRfsClientNP; [x] 3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x] 3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x] 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-17 12:35 - 2012-07-17 12:35 - 00002228 ____A C:\Users\Cammy\Desktop\RKreport[1].txt 2012-07-17 12:34 - 2012-07-17 12:35 - 00000000 ____D C:\Users\Cammy\Desktop\RK_Quarantine 2012-07-17 12:34 - 2012-07-17 12:34 - 01552384 ____A C:\Users\Cammy\Downloads\RogueKiller (1).exe 2012-07-17 12:34 - 2012-07-17 12:34 - 01552384 ____A C:\Users\Cammy\Desktop\RogueKiller.exe 2012-07-17 12:28 - 2012-07-17 12:28 - 00017124 ____A C:\ComboFix.txt 2012-07-17 12:20 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-07-17 12:20 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-07-17 12:20 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-07-17 12:20 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-07-17 12:20 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-07-17 12:20 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-07-17 12:20 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-07-17 12:20 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-07-17 11:59 - 2012-07-17 12:28 - 00000000 ____D C:\Qoobox 2012-07-17 11:59 - 2012-07-17 12:27 - 00000000 ____D C:\Windows\erdnt 2012-07-17 11:58 - 2012-07-17 11:58 - 04579127 ____R (Swearware) C:\Users\Cammy\Desktop\ComboFix.exe 2012-07-17 11:52 - 2012-07-17 11:52 - 00007257 ____A C:\Users\Cammy\Desktop\Attach.txt 2012-07-17 11:50 - 2012-07-17 11:53 - 00027050 ____A C:\Users\Cammy\Desktop\DDS.txt 2012-07-17 11:48 - 2012-07-17 11:48 - 00607260 ____R (Swearware) C:\Users\Cammy\Desktop\dds.com 2012-07-17 11:48 - 2012-07-17 11:48 - 00607260 ____A (Swearware) C:\Users\Cammy\Downloads\dds.com 2012-07-17 11:24 - 2012-07-17 11:24 - 00000083 ____A C:\Users\Cammy\Desktop\Trojan.Dropper.bcminer help - Malwarebytes Forum.url 2012-07-17 11:17 - 2012-07-17 12:48 - 01437107 ____A (Farbar) C:\Users\Cammy\Downloads\FRST64.exe 2012-07-17 11:17 - 2012-07-17 11:17 - 01437107 ____A (Farbar) C:\Users\Cammy\Downloads\FRST64 (2).exe 2012-07-17 11:17 - 2012-07-17 11:17 - 01437107 ____A (Farbar) C:\Users\Cammy\Downloads\FRST64 (1).exe 2012-07-17 10:59 - 2012-07-17 10:59 - 00000000 ____D C:\Users\Cammy\Downloads\Malwarebytes Anti-Malware v1.60.0.1800 Final Incl. Keygen 2012-07-17 10:57 - 2012-07-17 10:57 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Cammy\Downloads\uTorrent (1).exe 2012-07-17 10:56 - 2012-07-17 10:56 - 00895376 ____A (BitTorrent, Inc.) C:\Users\Cammy\Downloads\uTorrent.exe 2012-07-17 06:04 - 2012-07-17 06:04 - 00000000 ____D C:\Users\Cammy\AppData\Local\{883C43A8-2648-4D03-BEF2-9F9256F7F882} 2012-07-17 06:04 - 2012-07-17 06:04 - 00000000 ____D C:\Users\Cammy\AppData\Local\{35C8EE1C-67FD-4D74-BC8A-EDF35513C30B} 2012-07-16 18:03 - 2012-07-17 06:04 - 00000000 ____D C:\Users\Cammy\AppData\Local\{24867200-730D-4C14-9A02-5AA652EF949D} 2012-07-16 18:03 - 2012-07-16 18:04 - 00000000 ____D C:\Users\Cammy\AppData\Local\{0CA5425A-A5D4-4A39-9C19-BF3752341A3D} 2012-07-16 06:03 - 2012-07-16 06:03 - 00000000 ____D C:\Users\Cammy\AppData\Local\{F37AEA81-84ED-4569-84FB-248BF04B7CEF} 2012-07-16 06:03 - 2012-07-16 06:03 - 00000000 ____D C:\Users\Cammy\AppData\Local\{5E7B763A-7BC8-42E7-B8A3-12ED15497791} 2012-07-15 05:17 - 2012-07-15 05:17 - 00000000 ____D C:\Users\Cammy\AppData\Local\{3AC6B34F-830C-48E8-BEE8-FD9F70B02F10} 2012-07-15 05:17 - 2012-07-15 05:17 - 00000000 ____D C:\Users\Cammy\AppData\Local\{1416A1D4-BB13-49AF-8846-9AD2A7BFD863} 2012-07-14 11:52 - 2012-07-14 11:53 - 00000000 ____D C:\Users\Cammy\AppData\Local\{42D8850D-D1A9-4B76-BEB1-5F66C9D345E0} 2012-07-14 11:52 - 2012-07-14 11:52 - 00000000 ____D C:\Users\Cammy\AppData\Local\{0FC7DB7C-7481-4B1D-804E-64994BF16F4A} 2012-07-14 11:31 - 2012-07-14 11:31 - 00000000 ____D C:\Users\Cammy\AppData\Local\{A3394166-7120-4DE2-BA91-542A4465D3F2} 2012-07-13 18:55 - 2012-07-13 18:55 - 00000000 ____D C:\Users\Cammy\AppData\Local\{70A5DC65-C63C-4166-A351-49B42A105D93} 2012-07-13 18:54 - 2012-07-13 18:55 - 00000000 ____D C:\Users\Cammy\AppData\Local\{1BBFFD52-4F56-4E8F-A7DC-183F11A1D489} 2012-07-13 18:54 - 2012-07-13 18:54 - 00000000 ____D C:\Users\Cammy\AppData\Local\{300DA977-A0CE-437F-B08B-878FCA962210} 2012-07-13 18:54 - 2012-07-13 18:54 - 00000000 ____D C:\Users\Cammy\AppData\Local\{2862E6DB-FF87-44B9-AB74-945D32BF91FD} 2012-07-13 14:12 - 2012-07-13 14:12 - 00018302 ____A C:\Users\Cammy\Desktop\BSA email list - July 13, 2012.xlsx 2012-07-13 13:51 - 2012-07-13 13:51 - 00025869 ____A C:\Users\Cammy\Desktop\scouts.csv 2012-07-13 11:46 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-13 11:37 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-13 11:37 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-13 11:37 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-13 11:37 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-13 11:37 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-13 11:37 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-13 11:37 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-13 11:37 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-13 11:37 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-13 11:37 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-13 11:37 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-13 11:37 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-13 11:37 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-13 11:37 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-13 11:37 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-13 11:37 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-13 11:37 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-13 11:37 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-13 11:37 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-13 11:37 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-13 11:37 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-13 11:37 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-13 11:37 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-13 11:37 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-13 11:37 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-13 11:37 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-13 11:37 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-13 11:37 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-13 11:37 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-13 11:37 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-13 11:37 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-13 11:37 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-13 11:37 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-13 11:37 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-13 11:37 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-07-13 11:37 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-13 11:37 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-13 11:36 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-07-13 11:36 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-07-13 11:36 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-07-13 11:36 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-07-13 11:36 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-07-13 11:36 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-07-13 11:27 - 2012-07-13 11:27 - 00033758 ____A C:\Users\Cammy\AppData\Local\dt.dat 2012-07-13 11:26 - 2012-07-13 11:26 - 00000000 ____D C:\Program Files (x86)\AVG 2012-07-13 11:24 - 2012-07-16 06:30 - 00000000 ____D C:\Users\All Users\MFAData 2012-07-13 06:30 - 2012-07-13 06:30 - 00000000 ____D C:\Users\Cammy\AppData\Local\{C0FE7317-5852-49D0-9227-919CFED713AA} 2012-07-13 06:30 - 2012-07-13 06:30 - 00000000 ____D C:\Users\Cammy\AppData\Local\{2B7EF2BB-D2EA-41E1-A22A-E3574DACC310} 2012-07-12 06:02 - 2012-07-12 06:02 - 00000000 ____D C:\Users\Cammy\AppData\Local\{3D011843-F41C-4C70-B9DF-1840486D1D33} 2012-07-12 06:01 - 2012-07-12 06:02 - 00000000 ____D C:\Users\Cammy\AppData\Local\{378C6DCF-C5F7-4F01-9F25-12CAB227969A} 2012-07-11 19:03 - 2012-07-11 19:03 - 00000000 ____D C:\Users\Cammy\AppData\Local\{D51E966C-718D-4FD8-8AC4-20DC7719B241} 2012-07-11 13:54 - 2012-07-11 13:54 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-11 06:29 - 2012-07-11 06:30 - 00000000 ____D C:\Users\Cammy\AppData\Local\{55F8E8F5-B9D6-4E6E-99B2-17E9BC650F5C} 2012-07-11 06:29 - 2012-07-11 06:29 - 00000000 ____D C:\Users\Cammy\AppData\Local\{FD039068-6854-463D-9773-E9BB9DA38647} 2012-07-11 06:29 - 2012-07-11 06:29 - 00000000 ____D C:\Users\Cammy\AppData\Local\{BEEC9E0A-204D-482B-BD28-6309561AB893} 2012-07-11 06:29 - 2012-07-11 06:29 - 00000000 ____D C:\Users\Cammy\AppData\Local\{2D47CE06-5FC7-4F5C-86D2-4666E4CEF297} 2012-07-10 06:34 - 2012-07-10 06:34 - 00000000 ____D C:\Users\Cammy\AppData\Local\{D8391558-D541-4CEC-8878-F3C30F3DC9CA} 2012-07-10 06:34 - 2012-07-10 06:34 - 00000000 ____D C:\Users\Cammy\AppData\Local\{C86B8B64-1A48-404F-9F95-084409D48251} 2012-07-09 06:49 - 2012-07-09 06:50 - 00000000 ____D C:\Users\Cammy\AppData\Local\{4378665A-E247-4D0E-B735-0DC3705349B6} 2012-07-09 06:49 - 2012-07-09 06:49 - 00000000 ____D C:\Users\Cammy\AppData\Local\{C8C70F45-E779-4687-91E9-B951882FD957} 2012-07-08 10:26 - 2012-07-08 10:27 - 00000000 ____D C:\Users\Cammy\AppData\Local\{E4F16EAE-5AD4-4CD0-9BB0-9A699AD83BDB} 2012-07-08 10:26 - 2012-07-08 10:26 - 00000000 ____D C:\Users\Cammy\AppData\Local\{D6FC080A-0FDC-4547-9935-C8F3EA15CE35} 2012-07-07 06:40 - 2012-07-07 06:40 - 00000000 ____D C:\Users\Cammy\AppData\Local\{B1159199-8FFB-4642-A201-354956F67BC4} 2012-07-07 06:40 - 2012-07-07 06:40 - 00000000 ____D C:\Users\Cammy\AppData\Local\{6BF86844-E87A-496A-A04E-CF17DB053914} 2012-07-06 16:31 - 2012-07-06 16:31 - 00000000 ____D C:\Users\Cammy\AppData\Local\{ADF9938F-1C5A-4352-BEA0-211E59CBCD11} 2012-07-06 16:31 - 2012-07-06 16:31 - 00000000 ____D C:\Users\Cammy\AppData\Local\{A3407C6F-C566-47FD-A00A-8F51C0FB0F67} 2012-07-06 04:30 - 2012-07-06 04:30 - 00000000 ____D C:\Users\Cammy\AppData\Local\{99AC4F7D-AEB6-41F1-8D5F-B7909F5D987C} 2012-07-06 04:30 - 2012-07-06 04:30 - 00000000 ____D C:\Users\Cammy\AppData\Local\{65F390F1-2889-4540-9303-5DDF4CA3033C} 2012-07-05 07:27 - 2012-07-05 07:27 - 00000000 ____D C:\Users\Cammy\AppData\Local\{BF29DF5C-045B-49C4-9A58-8C83B5EC6AE0} 2012-07-05 07:27 - 2012-07-05 07:27 - 00000000 ____D C:\Users\Cammy\AppData\Local\{066D2E79-2220-410E-8D20-469792B2D7CD} 2012-07-04 07:35 - 2012-07-04 07:35 - 00000000 ____D C:\Users\Cammy\AppData\Local\{474F91A9-7CBD-466A-AEE0-3C61962A707E} 2012-07-04 07:34 - 2012-07-04 07:35 - 00000000 ____D C:\Users\Cammy\AppData\Local\{868C21B1-8AFF-4FDE-97BA-1369433A3963} 2012-07-03 18:44 - 2012-07-03 18:44 - 00000000 ____D C:\Users\Cammy\AppData\Local\{DDC66618-C2F0-4EEE-A580-308A815D1E3A} 2012-07-03 18:44 - 2012-07-03 18:44 - 00000000 ____D C:\Users\Cammy\AppData\Local\{90F8AE11-9A18-4082-A65C-A38A58117D2F} 2012-07-03 05:51 - 2012-07-03 05:52 - 00000000 ____D C:\Users\Cammy\AppData\Local\{0EF66CEE-1FFC-4A68-8E5E-8587E0BE378F} 2012-07-03 05:51 - 2012-07-03 05:51 - 00000000 ____D C:\Users\Cammy\AppData\Local\{52407630-FB7F-4720-9D9D-003D4FFA5B2C} 2012-07-02 17:51 - 2012-07-02 17:51 - 00000000 ____D C:\Users\Cammy\AppData\Local\{D5F4CFE9-9396-45FA-82B1-4939B24CF7AA} 2012-07-02 17:51 - 2012-07-02 17:51 - 00000000 ____D C:\Users\Cammy\AppData\Local\{4E6084B0-0988-4D71-A96F-A1E84C4B2F49} 2012-07-02 05:20 - 2012-07-02 05:20 - 00000000 ____D C:\Users\Cammy\AppData\Local\{DAD39012-72E2-42D2-B1A1-FB694E39D2C5} 2012-07-02 05:20 - 2012-07-02 05:20 - 00000000 ____D C:\Users\Cammy\AppData\Local\{8A42F163-994D-4DDE-9C85-4F230B110696} 2012-06-30 18:34 - 2012-06-30 18:34 - 00000000 ____D C:\Users\Cammy\AppData\Local\{74766091-6D9E-4CCE-8F45-8A3CB709B074} 2012-06-30 18:33 - 2012-06-30 18:34 - 00000000 ____D C:\Users\Cammy\AppData\Local\{72E1933F-FD00-44AC-8C74-FCAE5EC7C8FA} 2012-06-30 05:38 - 2012-06-30 05:38 - 00000000 ____D C:\Users\Cammy\AppData\Local\{8A7F5824-7642-4EE6-B3CF-6D486F1ED543} 2012-06-30 05:37 - 2012-06-30 05:38 - 00000000 ____D C:\Users\Cammy\AppData\Local\{08492021-5681-46D9-B585-44532D647BB3} 2012-06-29 17:23 - 2012-06-29 17:24 - 00000000 ____D C:\Users\Cammy\AppData\Local\{3182804F-ED60-4EBB-8979-E396052B5C54} 2012-06-29 17:23 - 2012-06-29 17:23 - 00000000 ____D C:\Users\Cammy\AppData\Local\{45FA2147-131F-4764-AB82-01C3E850F27F} 2012-06-29 04:19 - 2012-06-29 04:19 - 00000000 ____D C:\Users\Cammy\AppData\Local\{ABB27482-9997-4FF1-A358-A3680B3DB2CF} 2012-06-29 04:19 - 2012-06-29 04:19 - 00000000 ____D C:\Users\Cammy\AppData\Local\{60C1BE8A-10BD-465F-8981-CE27524B79CA} 2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Cammy\AppData\Local\{26141004-A3C2-40A8-BD06-EC022DD1D94D} 2012-06-28 16:15 - 2012-06-28 16:15 - 00000000 ____D C:\Users\Cammy\AppData\Local\{1ADF89C3-F46F-4830-B696-184BA8385F12} 2012-06-28 04:14 - 2012-06-28 04:14 - 00000000 ____D C:\Users\Cammy\AppData\Local\{C8B24716-C7AD-4C6E-936C-F586FE271368} 2012-06-28 04:14 - 2012-06-28 04:14 - 00000000 ____D C:\Users\Cammy\AppData\Local\{111828C8-D203-4566-BE97-0E2AE0B62976} 2012-06-27 08:29 - 2012-06-27 08:29 - 00000000 ____D C:\Users\Cammy\AppData\Local\{C006924C-55C6-44E6-993B-DA367D1DF86B} 2012-06-27 08:29 - 2012-06-27 08:29 - 00000000 ____D C:\Users\Cammy\AppData\Local\{4BD7D981-A47A-4785-B89B-5FA32A39052C} 2012-06-26 19:08 - 2012-06-26 19:08 - 00000000 ____D C:\Users\Cammy\AppData\Local\{0D9F8A40-7E06-4691-95ED-C3A508418841} 2012-06-26 19:07 - 2012-06-26 19:08 - 00000000 ____D C:\Users\Cammy\AppData\Local\{61E32D82-60E9-4BCB-9E4D-5AC46DE697A2} 2012-06-26 05:49 - 2012-06-26 05:49 - 00000000 ____D C:\Users\Cammy\AppData\Local\{6ABA5783-AB0E-4A48-8FE9-0B57B451A89E} 2012-06-26 05:48 - 2012-06-26 05:49 - 00000000 ____D C:\Users\Cammy\AppData\Local\{5FD5526A-4608-4897-9A42-1ABA4BEB6EAA} 2012-06-25 05:48 - 2012-06-25 05:48 - 00000000 ____D C:\Users\Cammy\AppData\Local\{E945E0CB-2114-4A51-989D-5F28B9B98B06} 2012-06-25 05:48 - 2012-06-25 05:48 - 00000000 ____D C:\Users\Cammy\AppData\Local\{835C625C-E502-4B82-873D-F906570EADAC} 2012-06-25 05:45 - 2012-06-25 05:45 - 32624640 ____A C:\Users\Cammy\Desktop\GENESIS GRADING & HAULING, INC. (Backup Jun 25,2012 09 45 AM).QBB 2012-06-23 06:43 - 2012-06-23 06:43 - 00000000 ____D C:\Users\Cammy\AppData\Local\{FA594701-90CB-4E90-940C-5A5F256CCA29} 2012-06-23 06:42 - 2012-06-23 06:43 - 00000000 ____D C:\Users\Cammy\AppData\Local\{049BC600-F07D-43DC-B4CF-1D85D4BDAF3D} 2012-06-22 05:04 - 2012-06-22 05:04 - 00000000 ____D C:\Users\Cammy\AppData\Local\{B007AFDF-0400-42F4-A80D-ADAD98B0DCAF} 2012-06-22 05:04 - 2012-06-22 05:04 - 00000000 ____D C:\Users\Cammy\AppData\Local\{A31761AC-A6C0-4F94-8F95-F959F422C9F3} 2012-06-21 05:14 - 2012-06-21 05:14 - 00000000 ____D C:\Users\Cammy\AppData\Local\{14878871-44B8-48CF-BA85-1C6ACA668F93} 2012-06-21 05:14 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-21 05:14 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-21 05:14 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-21 05:14 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-21 05:14 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-21 05:14 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-21 05:14 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-21 05:14 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-21 05:14 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-21 05:13 - 2012-06-21 05:14 - 00000000 ____D C:\Users\Cammy\AppData\Local\{F09AFB02-DF2B-4D67-B84D-1C092BB073BF} 2012-06-20 15:57 - 2012-06-20 15:57 - 00000000 ____D C:\Users\Cammy\AppData\Local\{B476D128-2611-4DCF-962C-2621F9FAF010} 2012-06-20 15:57 - 2012-06-20 15:57 - 00000000 ____D C:\Users\Cammy\AppData\Local\{425D837A-86AC-48E7-9BC9-D4CC9A0E26BB} 2012-06-20 03:47 - 2012-06-20 03:47 - 00000000 ____D C:\Users\Cammy\AppData\Local\{6BB975C3-D053-4C84-85AF-C83549C65DCA} 2012-06-20 03:47 - 2012-06-20 03:47 - 00000000 ____D C:\Users\Cammy\AppData\Local\{148B03E9-7693-4637-A8D5-73B9AD208884} 2012-06-19 06:42 - 2012-06-19 06:42 - 00000000 ____D C:\Users\Cammy\AppData\Local\{EB113AEC-2CCE-480F-B73B-DAA8CDC791CC} 2012-06-19 06:42 - 2012-06-19 06:42 - 00000000 ____D C:\Users\Cammy\AppData\Local\{3DC94088-EF29-4DB8-BE6F-EA43155EACB5} 2012-06-18 18:32 - 2012-06-18 18:32 - 00000000 ____D C:\Users\Cammy\AppData\Local\{C9DF6379-044D-467B-BB4A-0F038457394C} 2012-06-18 18:32 - 2012-06-18 18:32 - 00000000 ____D C:\Users\Cammy\AppData\Local\{AD054946-7B8B-4E99-9A66-B5C6223F20B5} 2012-06-18 09:50 - 2012-06-21 14:13 - 00000000 ____D C:\Users\Cammy\Documents\Kupfer Kaper 2012-06-18 03:52 - 2012-06-18 03:52 - 00000000 ____D C:\Users\Cammy\AppData\Local\{7A2044EA-B28B-4507-AF93-725BAAFC8D4D} 2012-06-17 08:50 - 2012-06-17 08:50 - 00000000 ____D C:\Users\Cammy\AppData\Local\{EE7DE02F-4FFF-42E7-9F53-FE0C53D41AA3} ============ 3 Months Modified Files ======================== 2012-07-17 12:52 - 2011-11-09 23:20 - 01536046 ____A C:\Windows\WindowsUpdate.log 2012-07-17 12:51 - 2012-01-21 21:14 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-17 12:51 - 2009-07-13 21:13 - 00730512 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-17 12:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-17 12:51 - 2009-07-13 20:51 - 00036835 ____A C:\Windows\setupact.log 2012-07-17 12:48 - 2012-07-17 11:17 - 01437107 ____A (Farbar) C:\Users\Cammy\Downloads\FRST64.exe 2012-07-17 12:35 - 2012-07-17 12:35 - 00002228 ____A C:\Users\Cammy\Desktop\RKreport[1].txt 2012-07-17 12:34 - 2012-07-17 12:34 - 01552384 ____A C:\Users\Cammy\Downloads\RogueKiller (1).exe 2012-07-17 12:34 - 2012-07-17 12:34 - 01552384 ____A C:\Users\Cammy\Desktop\RogueKiller.exe 2012-07-17 12:34 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-17 12:34 - 2009-07-13 20:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-17 12:29 - 2012-01-21 21:14 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-17 12:28 - 2012-07-17 12:28 - 00017124 ____A C:\ComboFix.txt 2012-07-17 12:27 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-07-17 12:26 - 2012-01-22 11:44 - 00013778 ____A C:\Windows\PFRO.log 2012-07-17 12:24 - 2012-04-11 07:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-17 12:24 - 2012-01-31 19:20 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625070502-1764490310-2039015030-1000UA.job 2012-07-17 11:58 - 2012-07-17 11:58 - 04579127 ____R (Swearware) C:\Users\Cammy\Desktop\ComboFix.exe 2012-07-17 11:53 - 2012-07-17 11:50 - 00027050 ____A C:\Users\Cammy\Desktop\DDS.txt 2012-07-17 11:52 - 2012-07-17 11:52 - 00007257 ____A C:\Users\Cammy\Desktop\Attach.txt 2012-07-17 11:48 - 2012-07-17 11:48 - 00607260 ____R (Swearware) C:\Users\Cammy\Desktop\dds.com 2012-07-17 11:48 - 2012-07-17 11:48 - 00607260 ____A (Swearware) C:\Users\Cammy\Downloads\dds.com 2012-07-17 11:24 - 2012-07-17 11:24 - 00000083 ____A C:\Users\Cammy\Desktop\Trojan.Dropper.bcminer help - Malwarebytes Forum.url 2012-07-17 11:17 - 2012-07-17 11:17 - 01437107 ____A (Farbar) C:\Users\Cammy\Downloads\FRST64 (2).exe 2012-07-17 11:17 - 2012-07-17 11:17 - 01437107 ____A (Farbar) C:\Users\Cammy\Downloads\FRST64 (1).exe 2012-07-17 11:02 - 2012-01-22 13:06 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-17 10:35 - 2012-01-21 21:34 - 00001945 ____A C:\Windows\epplauncher.mif 2012-07-17 05:41 - 2012-01-31 19:20 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625070502-1764490310-2039015030-1000Core.job 2012-07-13 14:12 - 2012-07-13 14:12 - 00018302 ____A C:\Users\Cammy\Desktop\BSA email list - July 13, 2012.xlsx 2012-07-13 13:51 - 2012-07-13 13:51 - 00025869 ____A C:\Users\Cammy\Desktop\scouts.csv 2012-07-13 13:13 - 2009-07-13 20:45 - 00422952 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-13 11:27 - 2012-07-13 11:27 - 00033758 ____A C:\Users\Cammy\AppData\Local\dt.dat 2012-07-12 08:26 - 2012-04-11 07:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-12 08:26 - 2012-01-21 21:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-11 19:06 - 2012-01-31 19:20 - 00002363 ____A C:\Users\Cammy\Desktop\Google Chrome.lnk 2012-07-11 12:01 - 2012-05-24 19:54 - 00087488 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll 2012-07-11 12:01 - 2012-05-24 19:54 - 00080800 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll 2012-07-11 12:01 - 2012-05-24 19:54 - 00034720 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll 2012-07-03 09:46 - 2012-01-22 13:06 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-02 23:19 - 2011-11-12 13:48 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-06-25 05:45 - 2012-06-25 05:45 - 32624640 ____A C:\Users\Cammy\Desktop\GENESIS GRADING & HAULING, INC. (Backup Jun 25,2012 09 45 AM).QBB 2012-06-24 15:50 - 2012-01-23 14:04 - 00000046 ____A C:\Windows\TipOfDay.ini 2012-06-21 14:14 - 2012-05-30 06:35 - 00000519 ____A C:\Users\Cammy\Desktop\Google Calendar.website 2012-06-11 19:08 - 2012-07-13 11:46 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-07 18:06 - 2012-06-07 18:05 - 32595968 ____A C:\Users\Cammy\Desktop\GENESIS GRADING & HAULING, INC. (Backup Jun 07,2012 10 05 PM).QBB 2012-06-07 15:17 - 2012-06-07 15:17 - 00892912 ____A (Oracle Corporation) C:\Users\Cammy\Downloads\chromeinstall-7u4-fcs-bin-b73-windows-i586-31_may_2012.exe 2012-06-05 22:06 - 2012-07-13 11:37 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-13 11:37 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-13 11:37 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-13 11:37 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-13 11:37 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-13 11:37 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 17:34 - 2012-06-02 17:34 - 00001039 ____A C:\Users\Cammy\Documents - Shortcut.lnk 2012-06-02 14:19 - 2012-06-21 05:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 05:14 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 05:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 05:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 05:14 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-21 05:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-21 05:14 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-21 05:14 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-21 05:14 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 04:49 - 2012-07-13 11:37 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-13 11:37 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-13 11:37 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-13 11:37 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-13 11:37 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-13 11:37 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-13 11:37 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-13 11:37 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-13 11:37 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-13 11:37 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-13 11:37 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-13 11:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-13 11:37 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-13 11:37 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-13 11:37 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-13 11:37 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-13 11:37 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-13 11:37 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-13 11:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-13 11:37 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-13 11:37 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-13 11:37 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-13 11:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-13 11:37 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-13 11:37 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-13 11:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-13 11:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-13 11:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 11:27 - 2012-06-01 11:27 - 03611960 ____A (ScreenTime Media) C:\Users\Cammy\Downloads\ag_monitorwasher.exe 2012-06-01 05:50 - 2012-05-30 13:56 - 00046908 ____A C:\Users\Cammy\Desktop\Troop 46 bank acct 2006-2012.xlsx 2012-05-30 13:56 - 2012-05-30 10:15 - 00072275 ____A C:\Users\Cammy\Documents\Troop 46 bank acct 2006-2012.xlsx 2012-05-30 12:27 - 2012-05-30 12:27 - 00000068 ____A C:\Users\Cammy\Desktop\Genesis Verse by Verse.url 2012-05-30 08:54 - 2012-05-30 08:54 - 32567296 ____A C:\Users\Cammy\Desktop\GENESIS GRADING & HAULING, INC. (Backup May 30,2012 12 54 PM).QBB 2012-05-25 04:22 - 2012-05-25 04:21 - 32542720 ____A C:\Users\Cammy\Desktop\GENESIS GRADING & HAULING, INC. (Backup May 25,2012 08 21 AM).QBB 2012-05-24 19:55 - 2012-05-24 19:55 - 00000020 ___SH C:\Users\LogMeInRemoteUser\ntuser.ini 2012-05-24 19:54 - 2012-05-24 19:54 - 00001024 ____A C:\.rnd 2012-05-24 19:54 - 2012-05-24 19:53 - 16151040 ____A C:\Users\Cammy\Downloads\LogMeIn.msi 2012-05-11 06:41 - 2012-05-24 19:54 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll.000.bak 2012-05-09 14:36 - 2012-05-09 14:36 - 00001857 ____A C:\Users\Public\Desktop\ooVoo.lnk 2012-05-08 09:33 - 2012-05-08 09:33 - 32538624 ____A C:\Users\Cammy\Desktop\GENESIS GRADING & HAULING, INC. (Backup May 08,2012 01 33 PM).QBB 2012-05-06 10:59 - 2012-05-06 10:59 - 00000151 ____A C:\Users\Cammy\Desktop\Nana's Computer.url 2012-05-05 14:40 - 2012-01-21 21:34 - 00747070 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-05-03 19:07 - 2012-05-03 19:07 - 32518144 ____A C:\Users\Cammy\Desktop\GENESIS GRADING & HAULING, INC. (Backup May 03,2012 11 07 PM).QBB 2012-05-03 16:31 - 2012-01-23 14:28 - 00000090 ____A C:\Windows\QBChanUtil_Trigger.ini 2012-05-01 13:36 - 2012-05-01 13:15 - 00114324 ____A C:\Users\Cammy\Downloads\My_Three_Sons-7873.m4r 2012-05-01 13:31 - 2012-05-01 13:31 - 32120832 ____A C:\Users\Cammy\Desktop\GENESIS GRADING & HAULING, INC. (Backup May 01,2012 05 31 PM).QBB 2012-04-30 21:40 - 2012-07-13 11:37 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-30 08:08 - 2012-04-29 12:05 - 00034816 ____A C:\Users\Cammy\Desktop\Custodial Duty Checklist Revisited.xls 2012-04-26 19:01 - 2012-04-26 19:01 - 32116736 ____A C:\Users\Cammy\Desktop\GENESIS GRADING & HAULING, INC. (Backup Apr 26,2012 11 01 PM).QBB 2012-04-23 21:37 - 2012-07-13 11:36 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 21:37 - 2012-07-13 11:36 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 21:37 - 2012-07-13 11:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-23 20:36 - 2012-07-13 11:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-23 20:36 - 2012-07-13 11:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-23 20:36 - 2012-07-13 11:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-04-20 12:35 - 2012-04-20 12:35 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk ZeroAccess: C:\Windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50} C:\Windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\L C:\Windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\U ZeroAccess: C:\Users\Cammy\AppData\Local\{ff491e30-4301-f80e-5915-90a7ee45ca50} C:\Users\Cammy\AppData\Local\{ff491e30-4301-f80e-5915-90a7ee45ca50}\@ C:\Users\Cammy\AppData\Local\{ff491e30-4301-f80e-5915-90a7ee45ca50}\L C:\Users\Cammy\AppData\Local\{ff491e30-4301-f80e-5915-90a7ee45ca50}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 11% Total physical RAM: 6143.23 MB Available physical RAM: 5429.41 MB Total Pagefile: 6141.38 MB Available Pagefile: 5425.61 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:119.14 GB) (Free:8.99 GB) NTFS 2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive e: () (Fixed) (Total:698.54 GB) (Free:684.32 GB) NTFS 6 Drive i: (PATRIOT) (Removable) (Total:29.82 GB) (Free:18.7 GB) FAT32 11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 12 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 0 B Disk 1 Online 119 GB 0 B Disk 2 No Media 0 B 0 B Disk 3 Online 29 GB 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 No Media 0 B 0 B Disk 7 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 698 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E NTFS Partition 698 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 119 GB 101 MB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 1 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 C NTFS Partition 119 GB Healthy ================================================================================== Partitions of Disk 3: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 29 GB 1024 B ================================================================================== Disk: 3 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 6 I PATRIOT FAT32 Removable 29 GB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-08 10:45 ======================= End Of Log ==========================

ComboFix 12-07-16.01 - Cammy 07/17/2012 16:21:23.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6143.4674 [GMT -4:00] Running from: c:\users\Cammy\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\@ c:\windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\L\00000004.@ c:\windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\L\1afb2d56 c:\windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\L\201d3dde c:\windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\U\00000004.@ c:\windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\U\00000008.@ c:\windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\U\000000cb.@ c:\windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\U\80000000.@ c:\windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\U\80000032.@ c:\windows\Installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\U\80000064.@ . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 ))))))))))))))))))))))))))))))) . . 2012-07-17 20:25 . 2012-07-17 20:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-17 20:25 . 2012-07-17 20:25 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp 2012-07-17 20:25 . 2012-07-17 20:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-13 19:46 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-13 19:36 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-07-13 19:36 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-07-13 19:36 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-07-13 19:36 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-07-13 19:36 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-07-13 19:36 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-07-13 19:26 . 2012-07-13 19:26 -------- d-----w- c:\program files (x86)\AVG 2012-07-13 19:24 . 2012-07-16 14:30 -------- d-----w- c:\programdata\MFAData 2012-07-11 21:54 . 2012-07-11 21:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-06-21 13:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 13:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 13:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 13:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 13:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 13:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 13:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 13:14 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 13:14 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 16:26 . 2012-04-11 15:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 16:26 . 2012-01-22 05:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 20:01 . 2012-05-25 03:54 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2012-07-11 20:01 . 2012-05-25 03:54 34720 ----a-w- c:\windows\system32\LMIport.dll 2012-07-11 20:01 . 2012-05-25 03:54 80800 ----a-w- c:\windows\system32\LMIinit.dll 2012-07-03 17:46 . 2012-01-22 21:06 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-11 14:41 . 2012-05-25 03:54 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-22 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-02-07 22465104] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728] "IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752] QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-4-9 1156968] QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE [2012-4-9 1178984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-11 375208] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928] S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-03-01 1248256] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-15 1708800] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392] . . Contents of the 'Scheduled Tasks' folder . 2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:26] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 05:14] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 05:14] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625070502-1764490310-2039015030-1000Core.job - c:\users\Cammy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-01 05:19] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625070502-1764490310-2039015030-1000UA.job - c:\users\Cammy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-01 05:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1840720] "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2625070502-1764490310-2039015030-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2625070502-1764490310-2039015030-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe . ************************************************************************** . Completion time: 2012-07-17 16:28:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-17 20:28 . Pre-Run: 9,727,832,064 bytes free Post-Run: 9,966,252,032 bytes free . - - End Of File - - 095344AE8F8D93E46B789FEE4EF87FF0

i was looking up fixes and ran ComboFix just before this. Would you like to see that log as well?

RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Cammy [Admin rights] Mode: Scan -- Date: 07/17/2012 16:35:03 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : c:\windows\installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{ff491e30-4301-f80e-5915-90a7ee45ca50}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\cammy\appdata\local\{ff491e30-4301-f80e-5915-90a7ee45ca50}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\cammy\appdata\local\{ff491e30-4301-f80e-5915-90a7ee45ca50}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\cammy\appdata\local\{ff491e30-4301-f80e-5915-90a7ee45ca50}\L --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3750640AS +++++ --- User --- [MBR] 8ddca4e5b1d54e3e1a7fffcd96ad90b0 [bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: M4-CT128M4SSD2 +++++ --- User --- [MBR] 257d6c2f9d8dcb7231d65c76104dbf2e [bSP] 8aabb5b18b4aa2919ca0d3ce7b5fe0f1 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

Hey, for the last 2 weeks my computer has had the scour or redirect trojan and malware says it removes but it keeps coming back. I have already gone ahead and done a system scan in recovery mode using Farbar recovery tool x64. i just need to know what to do next. Here is what was in the .TXT file Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02 Ran by SYSTEM at 17-07-2012 15:31:29 Running from I:\ Windows 7 Ultimate (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [652624 2007-10-25] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1840720 2007-09-13] (CANON INC.) HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-25] (Microsoft Corporation) HKLM-x32\...\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup [1527128 2011-06-14] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.) HKLM-x32\...\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [73728 2007-06-13] (Nuance Communications, Inc.) HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124512 2007-05-21] (CANON INC.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Family Tree Builder Update] C:\Users\Cammy\Desktop\MyHeritage\Bin\FTBCheckUpdates.exe [x] HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2011-08-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-01-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.) HKU\Cammy\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation) HKU\Cammy\...\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup [53160 2012-02-07] (Raptr, Inc) Tcpip\Parameters: [DhcpNameServer] 97.81.22.195 71.92.29.130 24.217.201.67 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.) ==================== Services (Whitelisted) ====== 3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [288112 2011-08-07] (Adobe Systems Incorporated) 2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" [7390560 2011-08-17] (AVG Technologies CZ, s.r.o.) 2 avgwd; "C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe" [269520 2011-02-08] (AVG Technologies CZ, s.r.o.) 2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () 2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2011-12-18] (LogMeIn, Inc.) 2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2011-12-18] (LogMeIn, Inc.) 2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.) 2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-05-24] (Alcatel-Lucent) ========================== Drivers (Whitelisted) ============= 3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. ) 0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. ) 3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. ) 1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [304720 2011-01-07] (AVG Technologies CZ, s.r.o.) 1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.) 0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.) 1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.) 2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.) 3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.) 2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.) 4 LMIRfsClientNP; [x] 3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x] 3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x] 3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== ============ 3 Months Modified Files ======================== ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 11% Total physical RAM: 6143.23 MB Available physical RAM: 5406.81 MB Total Pagefile: 6141.38 MB Available Pagefile: 5406.22 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:698.54 GB) (Free:580.2 GB) NTFS 2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: () (Fixed) (Total:119.14 GB) (Free:9.56 GB) NTFS 6 Drive i: (PATRIOT) (Removable) (Total:29.82 GB) (Free:18.7 GB) FAT32 11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 12 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 0 B Disk 1 Online 119 GB 0 B Disk 2 No Media 0 B 0 B Disk 3 Online 29 GB 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 No Media 0 B 0 B Disk 7 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 698 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 698 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 119 GB 101 MB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 1 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F NTFS Partition 119 GB Healthy ================================================================================== Partitions of Disk 3: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 29 GB 1024 B ================================================================================== Disk: 3 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 6 I PATRIOT FAT32 Removable 29 GB Healthy ================================================================================== ========================================================== Last Boot: 2012-01-21 14:11 ======================= End Of Log ==========================