PiPPiP

August 19, 2012

Hello MrC,

My attempts to follow the last instrunctions came to naught, and the disk became unresponsive - I've taken that a prompt to reformat.

Thanks for all the assistance.

regards

Jack

August 16, 2012

Thanks for persisting with this MrC - I realize the timezone difference makes the interaction somewhat disjointed. I'll attend the above instructions when I get home from work tonight.

Failing any explosive revelations that this latest test might reveal, I'll reformat over the weekend as I've got other work that needs action.

Regards

Jack

August 16, 2012

Here it is:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Safe mode

User: puppet [Admin rights]

Mode: Scan -- Date: 08/16/2012 12:50:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 50d9d9ddffdddc50ecc40a168dbff3d9

[bSP] 5f9f0c58b3376c2a04fdef57f5e4c646 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] e6077b7c3ef45d23f68af0a5f352b1c3

[bSP] b7e219eec111765c6c28afe87b639568 : MBR Code unknown

Partition table:

0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 999 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

August 15, 2012

Still same issue MrC, fails integrity check - I have run the same combofix file on another computer (xp) to verify it work, which it does...

August 15, 2012

Hello again MrC,

I could not get combofix working in safe mode - the reported error "Installer integrity check has failed..."

Re-downloaded and attempted a second time but to no avail, don't think there is an issue with the file (size reported as 4.50 MB (4,718,592 bytes)).

I am moving towards a reformat - will wait your response before going down that path.

Regards

Jack

August 13, 2012

thanks for the help tonight MrC - the only issues were the unsigned names, nothing else appears out of place. I should note that all the programs suggested have been run from safe mode if that makes any difference? I also note with a bit web searching a very similar issue is reported here;

http://forums.malwarebytes.org/index.php?showtopic=113624&st=20

which was also assisted by you. I failed to mention that McAfee originally detected the issue, and attempted to correct - my memory is a bit sketchy now as to what occurred first, but I am pretty sure that McAfee quarantined / deleted files (some of) and at that point, after a reboot, the system continued to report issues with services (the specified service does not exist as an installed service). I ran mwb in safe mode after that and it located 2 further instances (I have the log file for that if it helps).

All this to say that maybe these programs have done their jobs, but the issue remains to re-establish the services?

In any case I am turning in for the night, thanks again for your attention thus far. If you have any more thoughts on the matter let me know for action tomorrow p.m. my time.

Jack

August 13, 2012

I can get into system restor, there are no system restore points.

any other ideas?

August 13, 2012

sorry for the delay MrC - reports requested below. Note you could be right about the problem, the symptoms are being locked out of 'services' and no internet connection - I only drew the conclusion of ZA because that was what MWB initially reported.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012

Ran by SYSTEM at 13-08-2012 21:22:53

Running from F:\

Windows 7 Ultimate (X86) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] PR.EXE [x]

HKLM\...\Run: [Dell Webcam Central] TRAL\WEBCAMDELL2.EXE" /MODE2 [x]

HKLM\...\Run: [GrooveMonitor] ITOR.EXE" [x]

HKLM\...\Run: [Microsoft Default Manager] AGER\DEFMGR.EXE" -RESUME [x]

HKLM\...\Run: [RunDLLEntry] TRY [x]

HKLM\...\Run: [updReg] DOWS\UPDREG.EXE [x]

HKLM\...\Run: [WatcherHelper] AGER\WAHELPER.EXE" [x]

HKLM\...\Run: [PDVDDXSrv] K\POWERDVD DX\PDVDDXSRV.EXE" [x]

HKLM\...\Run: [dellsupportcenter] TER [x]

HKLM\...\Run: [synTPEnh] H.EXE [x]

HKLM\...\Run: [brStsWnd] D.EXE AUTORUN [x]

HKLM\...\Run: [brdefprn] .EXE -D [x]

HKLM\...\Run: [mcui_exe] KEY [x]

HKLM\...\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" [x]

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-20] (IDT, Inc.)

HKLM\...\Run: [startCCC] OLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE" MSRUN [x]

HKLM\...\Run: [sunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" [x]

HKU\puppet\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-28] (Skype Technologies S.A.)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-02] (Malwarebytes Corporation)

HKLM\...\RunOnce: [1] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p [217672 2012-07-02] ()

HKLM\...\Winlogon: [userinit] userinit.exe, [x]

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [X]

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\UltraMon.lnk

ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{20A36691-B09B-4EF2-A371-64A5BD265E20}\IcoUltraMon.ico ()

Startup: C:\Users\Elisha\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\puppet\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk

ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()

Startup: C:\Users\puppet\Start Menu\Programs\Startup\Mozilla Firefox.lnk

ShortcutTarget: Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

Startup: C:\Users\puppet\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\puppet\Start Menu\Programs\Startup\xplorer2.lnk

ShortcutTarget: xplorer2.lnk -> C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe (ZabKat)

================================ Services (Whitelisted) ==================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)

2 Ast Service; C:\Windows\system32\\AstSrv.exe [57344 2008-01-06] (Nalpeiron Ltd.)

2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [555560 2008-11-17] (Broadcom Corporation.)

3 Creative ALchemy AL6 Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe" [79360 2009-08-27] (Creative Labs)

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)

2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation)

2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [361976 2012-04-18] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166288 2012-03-19] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [161632 2012-03-19] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [151880 2012-03-19] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)

3 RasMan; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)

3 SensrSvc; C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [20992 2009-07-13] (Microsoft Corporation)

2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-02-28] (Skype Technologies)

3 Sound Blaster X-Fi MB Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe" [79360 2009-08-27] (Creative Labs)

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9334b3396d450a95\STacSV.exe [229458 2010-01-20] (IDT, Inc.)

2 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [79872 2011-08-21] (VMware, Inc.)

2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-08-21] (VMware, Inc.)

2 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [665200 2011-08-21] (VMware, Inc.)

2 VMware NAT Service; C:\Windows\system32\vmnat.exe [432752 2011-08-21] (VMware, Inc.)

3 WebClient; C:\Windows\System32\svchost.exe -k LocalService [20992 2009-07-13] (Microsoft Corporation)

3 WinDefend; C:\Windows\System32\svchost.exe -k secsvcs [20992 2009-07-13] (Microsoft Corporation)

3 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)

3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-21] (McAfee, Inc.)

3 FACAP; C:\Windows\System32\DRIVERS\facap.sys [232832 2008-09-24] (Sensible Vision )

2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-21] (VMware, Inc.)

3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [44288 2009-02-24] (Hauppauge Computer Works, Inc.)

3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [64032 2010-02-23] (ITE Tech. Inc. )

3 k57nd60x; C:\Windows\System32\DRIVERS\k57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-02] (Malwarebytes Corporation)

3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-21] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-21] (McAfee, Inc.)

3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-21] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-21] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-21] (McAfee, Inc.)

1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-21] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-21] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-21] (McAfee, Inc.)

3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7087616 2011-01-19] (Intel Corporation)

2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)

3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-05] (Creative Technology Ltd.)

3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-07] (Creative Technology Ltd.)

3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [25736 2007-11-05] ()

3 SWNC8U52; C:\Windows\System32\DRIVERS\swnc8u52.sys [164480 2007-09-20] (Sierra Wireless Inc.)

3 SWUMX52; C:\Windows\System32\DRIVERS\swumx52.sys [140672 2007-09-20] (Sierra Wireless Inc.)

2 UltraMonUtility; \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [17184 2008-11-13] (Realtime Soft Ltd)

3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [25584 2011-08-21] (VMware, Inc.)

3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-08-21] (VMware, Inc.)

2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-08-21] (VMware, Inc.)

2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-08-21] (VMware, Inc.)

3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2011-08-21] (VMware, Inc.)

2 vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [55280 2011-08-21] (VMware, Inc.)

2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files\CyberLink\PowerDVD DX\000.fcl [87536 2009-06-24] (CyberLink Corp.)

3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-13 21:22 - 2012-08-13 21:22 - 00000000 ____D C:\FRST

2012-08-13 03:12 - 2012-08-13 03:12 - 00001771 ____A C:\Users\puppet\Desktop\RKreport[3].txt

2012-08-13 03:10 - 2012-08-13 03:10 - 00001679 ____A C:\Users\puppet\Desktop\RKreport[2].txt

2012-08-13 02:31 - 2012-08-13 03:12 - 00000000 ____D C:\Users\puppet\Desktop\RK_Quarantine

2012-08-13 02:31 - 2012-08-13 02:31 - 00001941 ____A C:\Users\puppet\Desktop\RKreport[1].txt

2012-08-13 02:30 - 2012-08-13 02:25 - 01558528 ____A C:\Users\puppet\Desktop\RogueKiller.exe

2012-08-12 01:51 - 2012-08-12 03:27 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-12 01:51 - 2012-08-12 03:27 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-12 01:51 - 2012-08-12 01:51 - 00000552 ____A C:\Windows\System32\spsys.log

2012-08-12 00:42 - 2012-08-13 03:11 - 00001732 ____A C:\Users\puppet\Desktop\Rkill.txt

2012-08-11 21:17 - 2012-08-11 21:17 - 00000000 ____D C:\Users\puppet\AppData\Roaming\Malwarebytes

2012-08-11 21:16 - 2012-08-11 21:16 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-11 21:16 - 2012-08-11 21:16 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-08-11 21:16 - 2012-08-11 21:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-08-11 21:16 - 2012-07-02 19:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-11 20:18 - 2012-08-12 02:25 - 00000000 ____D C:\Users\puppet\Desktop\rkill-backup

2012-08-11 20:02 - 2009-10-28 22:51 - 01051552 ____A (Bleeping Computer, LLC) C:\Users\puppet\Desktop\rkill.com

2012-08-11 19:16 - 2012-08-11 19:16 - 228909392 ____A C:\Windows\MEMORY.DMP

2012-08-11 19:16 - 2012-08-11 19:16 - 00144680 ____A C:\Windows\Minidump\081212-17331-01.dmp

2012-08-11 19:16 - 2012-08-11 19:16 - 00000000 ____D C:\Windows\Minidump

2012-08-11 13:39 - 2012-08-11 13:39 - 00000000 ____D C:\Users\Elisha\AppData\Local\Macromedia

2012-08-11 02:52 - 2012-04-23 21:48 - 1323074659 ____A C:\Users\puppet\Desktop\Game.of.Thrones.S02E04.mkv

2012-07-23 02:28 - 2012-07-23 03:58 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

2012-07-16 01:26 - 2012-07-16 01:26 - 02105040 ____A (PeerBlock, LLC ) C:\Users\puppet\Desktop\PeerBlock-Setup_v1.1_r518.exe

2012-07-16 01:23 - 2012-07-16 01:28 - 00000000 ____D C:\Users\puppet\Downloads\Iron Sky 2012 720p H264 [Eng] johno70

2012-07-14 18:28 - 2012-07-14 18:28 - 02383427 ____A C:\Users\puppet\Desktop\371ab4184041133.mp4

============ 3 Months Modified Files ========================

2012-08-13 03:12 - 2012-08-13 03:12 - 00001771 ____A C:\Users\puppet\Desktop\RKreport[3].txt

2012-08-13 03:11 - 2012-08-12 00:42 - 00001732 ____A C:\Users\puppet\Desktop\Rkill.txt

2012-08-13 03:10 - 2012-08-13 03:10 - 00001679 ____A C:\Users\puppet\Desktop\RKreport[2].txt

2012-08-13 02:31 - 2012-08-13 02:31 - 00001941 ____A C:\Users\puppet\Desktop\RKreport[1].txt

2012-08-13 02:25 - 2012-08-13 02:30 - 01558528 ____A C:\Users\puppet\Desktop\RogueKiller.exe

2012-08-12 04:08 - 2009-12-25 22:05 - 00787070 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-12 03:27 - 2012-08-12 01:51 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-12 03:27 - 2012-08-12 01:51 - 00001184 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-12 03:21 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-12 01:51 - 2012-08-12 01:51 - 00000552 ____A C:\Windows\System32\spsys.log

2012-08-11 21:16 - 2012-08-11 21:16 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-11 19:16 - 2012-08-11 19:16 - 228909392 ____A C:\Windows\MEMORY.DMP

2012-08-11 19:16 - 2012-08-11 19:16 - 00144680 ____A C:\Windows\Minidump\081212-17331-01.dmp

2012-08-11 19:07 - 2012-04-19 01:45 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job

2012-08-11 19:07 - 2009-12-25 22:21 - 00000394 _RASH C:\Users\All Users\ntuser.pol

2012-08-11 19:06 - 2009-12-25 21:50 - 00230066 ____A C:\Windows\PFRO.log

2012-08-11 17:01 - 2012-04-10 04:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-11 16:54 - 2009-12-25 22:00 - 01768452 ____A C:\Windows\WindowsUpdate.log

2012-08-11 16:53 - 2009-07-13 20:39 - 20913342 ____A C:\Windows\setupact.log

2012-08-03 03:01 - 2012-04-10 04:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-08-03 03:01 - 2011-05-18 02:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-07-26 02:03 - 2012-04-19 01:45 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2012-07-23 03:58 - 2012-07-23 02:28 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

2012-07-16 01:26 - 2012-07-16 01:26 - 02105040 ____A (PeerBlock, LLC ) C:\Users\puppet\Desktop\PeerBlock-Setup_v1.1_r518.exe

2012-07-14 18:28 - 2012-07-14 18:28 - 02383427 ____A C:\Users\puppet\Desktop\371ab4184041133.mp4

2012-07-14 17:59 - 2009-07-13 20:33 - 00418560 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-11 04:44 - 2006-11-02 02:23 - 00000251 ____A C:\Windows\win.ini

2012-07-11 04:38 - 2010-01-15 06:01 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-09 04:15 - 2011-12-18 05:09 - 00000000 ____A C:\Users\puppet\Desktop\New Text Document.txt

2012-07-04 03:52 - 2012-07-04 03:50 - 47543312 ____A C:\Users\puppet\Desktop\calibre-0.8.58.msi

2012-07-02 19:46 - 2012-08-11 21:16 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-24 01:31 - 2012-06-24 01:31 - 00016937 ____A C:\Users\puppet\Documents\expenses.xlsx

2012-06-18 03:34 - 2012-06-18 03:34 - 00014924 ____A C:\Users\puppet\Desktop\o-Demonoid.me-o_Visual_Basic_2010_Unleashed_by_Alessandro_Del_Sole.torrent

2012-06-18 03:32 - 2012-06-18 03:32 - 00010740 ____A C:\Users\puppet\Desktop\+-Demonoid.me-+_Visual_Basic_tutorials.torrent

2012-06-18 03:31 - 2012-06-18 03:31 - 00018197 ____A C:\Users\puppet\Desktop\[[Demonoid.me]]-Trading_Stock_Books_Collection(Total_490_Books).torrent

2012-06-12 04:24 - 2012-06-12 04:24 - 00023504 ____A C:\Users\puppet\Desktop\DBXCopyBlocks.zip

2012-06-12 04:24 - 2012-06-12 04:24 - 00003030 ____A C:\Users\puppet\Desktop\ObjDbx.zip

2012-06-12 03:43 - 2012-06-12 03:43 - 00013830 ____A C:\Users\puppet\Desktop\acad.xlsm

2012-06-12 03:42 - 2012-06-12 03:42 - 00100352 ____A C:\Users\puppet\Desktop\Drawing_Info.xls

2012-06-11 18:40 - 2012-07-11 04:38 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 20:56 - 2012-06-08 20:56 - 15120320 ____A C:\Users\puppet\Downloads\Visual Basic .NET Bible.zip

2012-06-08 20:41 - 2012-07-11 03:08 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-05 21:05 - 2012-07-11 03:09 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 21:05 - 2012-07-11 03:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 21:03 - 2012-07-11 03:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-03 00:29 - 2012-06-02 22:59 - 01203200 ____A C:\Users\puppet\Desktop\Current Stock Deal Settings.xls

2012-06-02 14:19 - 2012-06-23 02:06 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-23 02:06 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-23 02:06 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-23 02:06 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-23 02:06 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:12 - 2012-06-23 02:06 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:12 - 2012-06-23 02:06 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 01:07 - 2012-07-11 04:44 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 00:43 - 2012-07-11 04:44 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 00:33 - 2012-07-11 04:44 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 00:26 - 2012-07-11 04:44 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 00:25 - 2012-07-11 04:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 00:25 - 2012-07-11 04:44 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 00:23 - 2012-07-11 04:44 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 00:21 - 2012-07-11 04:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 00:20 - 2012-07-11 04:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 00:19 - 2012-07-11 04:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 00:19 - 2012-07-11 04:44 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 00:17 - 2012-07-11 04:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 00:16 - 2012-07-11 04:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 00:14 - 2012-07-11 04:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-01 21:19 - 2012-06-23 02:06 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-01 21:12 - 2012-06-23 02:06 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-01 20:45 - 2012-07-11 03:09 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 20:45 - 2012-07-11 03:09 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 20:40 - 2012-07-11 03:09 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 20:40 - 2012-07-11 03:09 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 20:39 - 2012-07-11 03:09 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-05-27 04:23 - 2012-05-27 04:23 - 00220275 ____A C:\Users\puppet\Desktop\120525 AV.xps

2012-05-26 21:13 - 2012-05-26 20:39 - 02265088 ____A C:\Users\puppet\Desktop\Tiered Margin.xls

2012-05-24 03:27 - 2010-11-10 19:10 - 00000426 ____A C:\Windows\BRWMARK.INI

2012-05-21 03:31 - 2012-05-21 03:19 - 01030656 ____A C:\Users\puppet\Desktop\Breakout v08c.xls

2012-05-20 03:58 - 2012-05-20 03:58 - 00367806 ____A C:\Users\puppet\Desktop\120518 AV.xps

2012-05-19 00:56 - 2012-05-19 00:55 - 01892192 ____A (ZabKat) C:\Users\puppet\Desktop\xplorer2_setup.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%

Total physical RAM: 4060.86 MB

Available physical RAM: 3566.79 MB

Total Pagefile: 4059.13 MB

Available Pagefile: 3579.36 MB

Total Virtual: 2047.88 MB

Available Virtual: 1952.7 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:219.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.97 GB) NTFS

4 Drive f: (NEW VOLUME) (Removable) (Total:0.97 GB) (Free:0.75 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 1000 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 39 MB 31 KB

Partition 2 Primary 14 GB 39 MB

Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 999 MB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F NEW VOLUME FAT32 Removable 999 MB Healthy

==================================================================================

Last Boot: 2012-08-11 10:00

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 10-08-2012

Ran by SYSTEM at 2012-08-13 21:52:36

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Users\puppet\resource\applications\ubcd\BartPE\I386\SYSTEM32\SERVICES.EXE

[2010-05-30 06:58] - [2004-08-04 02:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4

=== End Of Search ===

August 13, 2012

hello mrcharlie, copy of rogue killer report as follows;

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Safe mode

User: puppet [Admin rights]

Mode: Scan -- Date: 08/13/2012 20:31:52

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 50d9d9ddffdddc50ecc40a168dbff3d9

[bSP] 5f9f0c58b3376c2a04fdef57f5e4c646 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 461899 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] e6077b7c3ef45d23f68af0a5f352b1c3

[bSP] b7e219eec111765c6c28afe87b639568 : MBR Code unknown

Partition table:

0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 999 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

August 13, 2012

Hello MrCharlie

Thanks for the response, will pick up again once I get home from work this p.m..

Regards

Jack

August 12, 2012

Hello,

Hoping for some help. As of a reboot this morning my win 7 (32bit ultimate) computer no longer connects to internet, and on attempting to run basic commands informs that:

The specified service does not exist as an installed service

I have been able to run in safe mode, and have done the following:

run rkill.com
run dds
run malwarebytes
quarantined and deleted found instance(s) of trojan.zeroaccess

rebooted in normal mode.

This did not 'fix' the obvious symptoms (ie still cannot connect to the internet etc.)

Sinse then I have re-run a number of these programs including getting latest malwarebytes signature file onto the infected pc, these later scans report no issues.

Some issues of note:

Did not run any processes in safe mode as administrator, as it was not available as an option via the usual right click (although I was logged in as a user with admin priveledges). They *seemed* to run without issue.
I attempted to turn mcaffee scanner off while mwb was running, i think i did so successfully, but I am not 100% sure this was the case.
Windows now does not think it is a genuine copy (a note in the lower rhs of the desktop informs "this copy of windows is not genuine". It is definately a genuine copy.

Any help would be greatly appreciated.

Rkill Log files below:

Rkill 2.0.3 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/12/2012 08:00:49 PM in x86 mode.

Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Advanced Explorer Setting Removed: HideIcons [HKCU]

Backup Registry file created at:

C:\Users\puppet\Desktop\rkill-backup\rkill-08-12-2012-08-00-50.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/12/2012 08:01:00 PM

Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

---------------------------------------------------------------------------------------

DDS Log files below:

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by puppet at 20:52:11 on 2012-08-12

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3037.2403 [GMT 10:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\mfevtps.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\ctfmon.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\explorer.exe

C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

mWinlogon: Userinit=userinit.exe,

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120620204617.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files\sensible vision\fast access\FAIESSO.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [Kernel and Hardware Abstraction Layer] PR.EXE

mRun: [Dell Webcam Central] TRAL\WEBCAMDELL2.EXE" /MODE2

mRun: [GrooveMonitor] ITOR.EXE"

mRun: [Microsoft Default Manager] AGER\DEFMGR.EXE" -RESUME

mRun: [RunDLLEntry] TRY

mRun: [updReg] DOWS\UPDREG.EXE

mRun: [WatcherHelper] AGER\WAHELPER.EXE"

mRun: [PDVDDXSrv] K\POWERDVD DX\PDVDDXSRV.EXE"

mRun: [dellsupportcenter] TER

mRun: [synTPEnh] H.EXE

mRun: [brStsWnd] D.EXE AUTORUN

mRun: [brdefprn] .EXE -D

mRun: [mcui_exe] KEY

mRun: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE"

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [startCCC] OLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE" MSRUN

mRun: [sunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [1] c:\program files\malwarebytes' anti-malware\chameleon\mbam-chameleon.exe /r /p

StartupFolder: c:\users\puppet\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{91120000-0030-0000-0000-0000000ff1ce}\outicon.exe

StartupFolder: c:\users\puppet\appdata\roaming\micros~1\windows\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla firefox\firefox.exe

StartupFolder: c:\users\puppet\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\puppet\appdata\roaming\micros~1\windows\startm~1\programs\startup\xplorer2.lnk - c:\program files\zabkat\xplorer2\xplorer2_UC.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{20a36691-b09b-4ef2-a371-64a5bd265e20}\IcoUltraMon.ico

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{35707E56-625B-4DE4-A099-684595E9F94D} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{35707E56-625B-4DE4-A099-684595E9F94D}\140707C65602E4564777F627B602564613033673 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{35707E56-625B-4DE4-A099-684595E9F94D}\84F4553554 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{5BA574E1-3C07-46C8-9818-87B3828D1272} : DhcpNameServer = 139.130.4.4 203.50.2.71

TCP: Interfaces\{A9E5A3EE-1364-4982-BF0D-E7A5B3ABFF96} : DhcpNameServer = 192.168.1.254

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll

STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences pro\FencesMenu.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\puppet\appdata\roaming\mozilla\firefox\profiles\taljdoh6.default\

FF - prefs.js: network.proxy.ftp - 172.16.240.12

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher - 172.16.240.12

FF - prefs.js: network.proxy.gopher_port - 80

FF - prefs.js: network.proxy.http - 172.16.240.12

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks - 172.16.240.12

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl - 172.16.240.12

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 464304]

R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-12-7 169608]

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-12-7 64912]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-8 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-7 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-7 151880]

R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-2-24 64032]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-7 340920]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-1-27 7087616]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/12/26 15:35:10];c:\program files\cyberlink\powerdvd dx\000.fcl [2009-12-26 87536]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9334b3396d450a95\AEstSrv.exe [2009-12-26 81920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-13 176128]

S2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [2010-4-23 57344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-12 655944]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-8 214904]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-8 214904]

S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-8-8 214904]

S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-7 166288]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-21 665200]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250056]

S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-13 4993536]

S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-8 244736]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-28 29736]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-7 57600]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2009-8-28 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-8-28 79360]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-28 143968]

S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-25 232832]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-1 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2009-8-28 44288]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-12 22344]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-7 180848]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-7 59456]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-7 87656]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]

S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]

S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-4-11 21744]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-20 15872]

S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\common files\creative labs shared\service\XMBLicensing.exe [2009-8-28 79360]

S3 SWNC8U52;Sierra Wireless MUX NDIS Driver (UMTS52);c:\windows\system32\drivers\swnc8u52.sys [2007-9-21 164480]

S3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\drivers\swumx52.sys [2007-9-21 140672]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-20 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-31 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-08-12 07:42:59 -------- d-----w- c:\users\puppet\appdata\local\ElevatedDiagnostics

2012-08-12 05:17:01 -------- d-----w- c:\users\puppet\appdata\roaming\Malwarebytes

2012-08-12 05:16:53 -------- d-----w- c:\programdata\Malwarebytes

2012-08-12 05:16:52 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-12 05:16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2012-08-03 11:01:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-03 11:01:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-12 02:40:48 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 05:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 05:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll

.

============= FINISH: 20:52:55.66 ===============

Attach file:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume3

Install Date: 26/12/2009 16:21:14

System Uptime: 12/08/2012 19:56:02 (1 hours ago)

.

Motherboard: Dell Inc. | | 0Y537R

Processor: Intel® Core2 Duo CPU T9550 @ 2.66GHz | U2E1 | 2660/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 219.156 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 8.966 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Advanced Audio FX Engine

ATI Catalyst Install Manager

µTorrent

Beyond Compare Version 3.3.1

Brother HL-2170W

Bulk Rename Utility 2.7.1.1

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CDDRV_Installer

Compatibility Pack for the 2007 Office system

D3DX10

DealBook 360

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Driver Download Manager

Dell Edoc Viewer

Dell Support Center

Dell Touchpad

Dell Video Chat

Dell Webcam Central

DH Mobility Modder.NET

DVD Decrypter (Remove Only)

eMule

erLT

Fences Pro

Google SketchUp 7

GoToAssist Corporate

HandBrake 0.9.6

IDT Audio

IncredibleCharts Pro

Integrated Webcam Driver (1.06.03.0309)

Intel A/V Codecs V2.0

ISO Recorder

ITECIR Driver

Java Auto Updater

Java 6 Update 31

JB Stock Market Price Data

Junk Mail filter update

K-Lite Mega Codec Pack 7.7.0

KhalInstallWrapper

Live! Cam Avatar Creator

Logitech SetPoint

Malwarebytes Anti-Malware version 1.62.0.1300

McAfee Security Scan Plus

McAfee SecurityCenter

Media Player Classic - Home Cinema v1.5.2.3456

Mesh Runtime

Messenger Companion

MetaStock 11.0

MetaStock Developer's Kit 9.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio 2010

Microsoft Office Visio MUI (English) 2010

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visio 2010 Service Pack 1 (SP1)

Microsoft Visio Premium 2010

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OGA Notifier 2.0.0048.0

Passware Kit - 5.0.0

PowerDVD DX

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition

Skype™ 5.8

Snagit 10.0.1

Sound Blaster X-Fi MB

System Requirements Lab for Intel

Telstra Turbo Connection Manager

Time Zone Data Update Tool for Microsoft Office Outlook

tools-freebsd

TrueCrypt

UltraMon

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VmciSockets

VMware Player

WIDCOMM Bluetooth Software 6.2.0.6600

Windows 7 USB/DVD Download Tool

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinPcap 4.1.1

WinRAR 4.11 (32-bit)

Wireshark 1.2.9

xplorer² professional 32 bit

.

==== Event Viewer Messages From Past Week ========

.

9/08/2012 20:47:08, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

12/08/2012 20:50:25, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.

12/08/2012 20:50:25, Error: Service Control Manager [7003] - The DNS Client service depends the following service: NSI. This service might not be installed.

12/08/2012 20:50:25, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/08/2012 20:02:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

12/08/2012 20:02:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

12/08/2012 20:01:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/08/2012 20:00:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

12/08/2012 19:56:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/08/2012 19:56:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/08/2012 19:56:39, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/08/2012 19:56:32, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr truecrypt Wanarpv6

12/08/2012 19:56:27, Error: Service Control Manager [7023] - The Power service terminated with the following error: The service has not been started.

12/08/2012 19:56:25, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.

12/08/2012 19:56:24, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The parameter is incorrect..

12/08/2012 19:56:24, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed.

12/08/2012 19:56:21, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.

12/08/2012 19:56:21, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.

12/08/2012 19:56:20, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.

12/08/2012 19:56:20, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

12/08/2012 19:56:20, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

12/08/2012 19:55:03, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

12/08/2012 19:55:02, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

12/08/2012 19:54:44, Error: Service Control Manager [7023] - The Windows Media Center Scheduler Service service terminated with the following error: %%-2147023834

12/08/2012 19:51:07, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070424'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

12/08/2012 19:51:07, Error: Microsoft-Windows-WMPNSS-Service [14333] - Service 'WMPNetworkSvc' did not start correctly due to error '0x80070424'. Restart your computer, and then try to restart the service.

12/08/2012 19:50:16, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.

12/08/2012 19:49:23, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started.

12/08/2012 19:49:01, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The system cannot find the file specified.

12/08/2012 19:49:01, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The system cannot find the file specified.

12/08/2012 19:48:42, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024882

12/08/2012 14:40:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

12/08/2012 14:13:54, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt vwififlt Wanarpv6 WfpLwf ws2ifsl

12/08/2012 14:13:54, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

12/08/2012 14:13:54, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

12/08/2012 14:13:54, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

12/08/2012 14:13:54, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

12/08/2012 14:13:53, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/08/2012 14:13:53, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/08/2012 14:13:53, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/08/2012 14:13:53, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/08/2012 14:13:53, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

12/08/2012 14:13:53, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

12/08/2012 14:13:53, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/08/2012 13:16:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000035, 0x00000002, 0x00000001, 0x834caa8f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081212-17331-01.

12/08/2012 10:34:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNaiAnn service.

12/08/2012 10:33:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.

12/08/2012 10:33:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McMPFSvc service.

12/08/2012 10:32:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McAfee SiteAdvisor Service service.

12/08/2012 09:46:56, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/2363119722/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

12/08/2012 09:46:56, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

12/08/2012 05:19:48, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The system cannot find the path specified.

12/08/2012 04:08:08, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.

.

==== End Of File ===========================

Sign In

PiPPiP

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by PiPPiP

Trojan.Zeroaccess - I think

Trojan.Zeroaccess - I think

Trojan.Zeroaccess - I think

Trojan.Zeroaccess - I think

Trojan.Zeroaccess - I think

Trojan.Zeroaccess - I think

Trojan.Zeroaccess - I think

Trojan.Zeroaccess - I think

Trojan.Zeroaccess - I think

Trojan.Zeroaccess - I think

Trojan.Zeroaccess - I think

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information