acayce
-
Posts
1 -
Joined
-
Last visited
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Help Ridding Malware
in Resolved Malware Removal Logs
Posted
I have been trying to remove Malware for days, I got what another forum called false positives (ESET scan). I removed those, cleared out an account and made a new one. I ran another scan to be safe and it picked up a few issues:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.31.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marketing :: COMOX [administrator]
7/31/2012 1:22:00 PM
mbam-log-2012-07-31 (13-32-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251151
Time elapsed: 2 minute(s), 55 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Intern\AppData\Local\Temp\GiantSavings.exe (PUP.GamePlayLabs) -> No action taken.
(end)
Attached are the logs and for sake of spam the next reply will contain the dds and attach files/logs.
The DDS/Attach text:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Marketing at 10:17:43 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3032.1192 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Intern\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Marketing\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\JUNGLE~1.LNK - C:\Program Files (x86)\Jungle Disk Workgroup\JungleDiskWorkgroup.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 10.106.0.6 10.106.0.7
TCP: Interfaces\{A493481E-7F16-4989-8E90-7BF9D3745774} : DhcpNameServer = 10.106.0.7 10.106.0.6
TCP: Interfaces\{FED560D5-CDD7-45B8-8801-A17273FFF050} : DhcpNameServer = 10.106.0.6 10.106.0.7
TCP: Interfaces\{FED560D5-CDD7-45B8-8801-A17273FFF050}\D496373702D496368656C6C656 : DhcpNameServer = 71.9.127.107 68.190.192.35 24.205.224.36
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
BHO-X64: Virtual Storage Mount Notification - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marketing\AppData\Roaming\Mozilla\Firefox\Profiles\ywb26lhr.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\Marketing\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 JungleDiskWorkgroupService;JungleDiskWorkgroupService;C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe [2011-5-17 9769800]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-9 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-01 17:16:53 -------- dc----w- C:\Users\Marketing\AppData\Local\Macromedia
2012-08-01 02:11:57 -------- dc----w- C:\Users\Marketing\AppData\Local\Google
2012-08-01 02:11:17 136672 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-08-01 02:11:16 770384 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-01 02:11:16 421200 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-01 02:09:14 -------- dc----w- C:\Users\Marketing\AppData\Local\Mozilla
2012-07-31 20:16:10 -------- dc----w- C:\Users\Marketing\AppData\Roaming\Malwarebytes
2012-07-31 20:16:02 -------- dc----w- C:\Users\Marketing\AppData\Roaming\SUPERAntiSpyware.com
2012-07-31 20:14:37 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9B8AFE8-4287-47F1-A651-EED612548E81}\offreg.dll
2012-07-31 18:49:11 9133488 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9B8AFE8-4287-47F1-A651-EED612548E81}\mpengine.dll
2012-07-28 01:37:33 -------- dc----w- C:\MGtools
2012-07-28 01:12:08 -------- dc----w- C:\Program Files\HitmanPro
2012-07-28 01:05:41 -------- dc----w- C:\ProgramData\HitmanPro
2012-07-27 18:54:59 -------- dc----w- C:\$RECYCLE.BIN
2012-07-26 19:45:35 98816 -c--a-w- C:\Windows\sed.exe
2012-07-26 19:45:35 518144 -c--a-w- C:\Windows\SWREG.exe
2012-07-26 19:45:35 256000 -c--a-w- C:\Windows\PEV.exe
2012-07-26 19:45:35 208896 -c--a-w- C:\Windows\MBR.exe
2012-07-26 17:42:13 0 -c--a-w- C:\Windows\SysWow64\shoAF10.tmp
2012-07-26 16:23:49 -------- dc----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-26 16:23:49 -------- dc----w- C:\Program Files\SUPERAntiSpyware
2012-07-26 16:23:14 -------- dc----w- C:\ProgramData\Malwarebytes
2012-07-26 16:23:13 24904 -c--a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-26 16:23:13 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-26 00:13:10 -------- dc----w- C:\Program Files (x86)\ESET
2012-07-12 00:16:15 -------- dc----w- C:\Program Files (x86)\TatvicAdwordsExcelPlugin
2012-07-12 00:16:10 -------- dc----w- C:\ProgramData\Tarma Installer
2012-07-11 10:09:54 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 21:50:21 2004480 ----a-w- C:\Windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-07-27 20:49:42 70344 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 20:49:42 426184 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-11 10:05:23 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-07-11 10:05:23 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-07-11 10:05:23 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-07-11 10:05:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-11 10:05:22 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-07-11 10:05:22 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-07-11 10:05:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-07-11 10:05:22 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-07-11 10:05:22 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-07-11 10:05:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-07-11 10:03:35 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 10:03:35 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-20 16:56:36 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 14:23:21 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 14:23:21 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 14:23:17 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-15 10:09:55 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-15 10:09:55 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-15 10:09:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-15 10:04:17 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-15 10:04:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-15 10:04:03 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-15 10:04:03 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-15 10:03:36 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-15 10:03:24 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-15 10:03:24 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-15 10:03:11 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-15 10:03:11 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-15 10:03:11 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-15 10:03:11 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-15 10:03:11 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-15 10:03:11 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 00:35:50 0 -c--a-w- C:\Windows\SysWow64\sho7400.tmp
2012-05-31 19:25:12 279656 -c----w- C:\Windows\System32\MpSigStub.exe
2012-05-10 02:05:51 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 02:05:51 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 01:50:19 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 01:46:48 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 01:26:09 772552 -c--a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-10 01:26:09 687560 -c--a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 10:18:30.98 ===============
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/21/2009 4:09:33 PM
System Uptime: 7/31/2012 7:35:42 PM (15 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | Microprocessor | 1197/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 177.409 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\*ISATAP\0000
Manufacturer:
Name:
PNP Device ID: ROOT\*ISATAP\0000
Service:
.
==== System Restore Points ===================
.
RP247: 7/19/2012 1:38:52 AM - Scheduled Checkpoint
RP248: 7/26/2012 12:35:35 PM - Removed AVG 2012
RP249: 7/26/2012 12:37:30 PM - Removed AVG 2012
RP250: 7/26/2012 2:43:30 PM - Windows Update
RP251: 7/27/2012 12:10:28 PM - Removed Facebook Messenger 2.1.4587.0
RP252: 7/31/2012 11:48:47 AM - Windows Update
RP253: 7/31/2012 12:14:54 PM - Removed Dell Getting Started Guide.
RP254: 7/31/2012 12:18:34 PM - Removed Dell Support Center (Support Software).
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.3)
Advanced Audio FX Engine
AdwordsPlugin V 0.1
Apple Application Support
Apple Software Update
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google AdWords Editor
Google Chrome
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 33
Java™ 7 Update 4
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Home and Student 2010 - English
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Opera 11.61
Pidgin
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Spelling Dictionaries Support For Adobe Reader 9
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
7/27/2012 11:54:27 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
7/27/2012 11:53:41 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/26/2012 12:54:32 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================
mbam-log-2012-07-31 (13-32-28).txt
Attach.txt
DDS.txt