fakilby

Here are the results Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 Java 6 Update 24 Java version out of Date! Adobe Reader X 10.1.3 Adobe Reader out of Date! Mozilla Firefox 10.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

Please find attached the two logs. The computer appears to be running fine. RKreport3.txt mbam-log-2012-09-05 (09-08-03).txt Thanks, Fred

Please find attached the log. There were no malicious objects found. Thanks, Fred TDSSKiller.2.8.8.0_04.09.2012_14.22.44_log.txt

Please find attached the fix log. Thanks, Fred Fixlog.txt

************************************************ Search.txt ************************************************ Farbar Recovery Scan Tool (x86) Version: 04-09-2012 01 Ran by SYSTEM at 2012-09-04 13:04:32 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9 === End Of Search === ****************************************************************** FRST.txt ****************************************************************** Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 04-09-2012 01 Ran by SYSTEM at 04-09-2012 13:02:06 Running from H:\ Windows 7 Professional (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation) HKLM\...\Run: [NUSB3MON] "c:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation) HKLM\...\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden [1690680 2009-11-19] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated) HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2009-11-19] (Hewlett-Packard) HKLM\...\Run: [nwiz] nwiz.exe /installquiet [x] HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup [13830760 2010-02-26] (NVIDIA Corporation) HKLM\...\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [111640 2009-11-04] () HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2010-01-28] (IDT, Inc.) HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [304568 2010-10-12] (Citrix Systems, Inc.) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-09-17] (LogMeIn, Inc.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [] [x] HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\admin\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [x] HKU\CV PM\...\RunOnce: [Application Restart #0] C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-20] (Microsoft Corporation) HKU\fredk\...\Run: [GoToMeeting] "C:\Program Files\Citrix\GoToMeeting\880\g2mstart.exe" "/Trigger RunAtLogon" [39816 2012-01-19] (Citrix Online, a division of Citrix Systems, Inc.) HKU\fredk\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6276408 2011-08-22] (Yahoo! Inc.) HKU\fredk\...\Policies\system: [NoDispScrSavPage] 1 HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, [x] Winlogon\Notify\ScCertProp: wlnotify.dll [X] Tcpip\Parameters: [DhcpNameServer] 68.6.16.30 Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\Online plug-in.lnk ShortcutTarget: Online plug-in.lnk -> C:\windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe () Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snagit 10.lnk ShortcutTarget: Snagit 10.lnk -> C:\Program Files\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation) Startup: C:\Users\fredk\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) Startup: C:\Users\fredk\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ========================== Services (Whitelisted) ======================== 2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation) 2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-08-03] (LSI Corporation) 2 AMSIntegrationRequestQueue; "C:\CV\RequestQWinService\SI-AMSIntegrationRequestQueue\RequestQWinService.exe" -sAMSIntegrationRequestQueue [24576 2011-04-11] (Commerce Velocity) 2 AMSSecurityService; "C:\CV\Security Service Host\SI-AMSSecurityService\SecurityServiceHost.exe" -sAMSSecurityService [20480 2011-05-11] (Commerce Velocity) 3 CQSchedulerService; "C:\CV\SchedulerService\SI-CQSchedulerService\CQScheduler.exe" -sCQSchedulerService [49152 2011-04-11] (Commerce Velocity) 2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [309760 2011-01-25] (Microsoft Corporation) 2 HP Power Assistant Service; "C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe" [102968 2009-11-19] (Hewlett-Packard) 2 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [102968 2009-11-19] (Hewlett-Packard) 2 Hp.Skyroom.Windows.Service; "C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe" -startService [124984 2009-11-20] (Hewlett-Packard) 2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374184 2012-07-11] (LogMeIn, Inc.) 2 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136616 2012-07-11] (LogMeIn, Inc.) 2 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2010-11-08] (LogMeIn, Inc.) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [218136 2008-07-10] (Microsoft Corporation) 2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [42727784 2011-02-05] (Microsoft Corporation) 4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2008-07-09] (Microsoft Corporation) 4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 [3201024 2008-07-29] (Microsoft Corporation) 3 Multi-Loan Windows Service; "C:\Program Files\Commerce Velocity\Decision Windows Service\SI-Multi-Loan Windows Service\DecisionWinService.exe" -sMulti-Loan Windows Service [24576 2011-06-23] (Commerce Velocity) 4 ReportServer; "C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [1113448 2009-03-30] (Microsoft Corporation) 3 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [366936 2009-03-30] (Microsoft Corporation) 2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe [229458 2010-01-28] (IDT, Inc.) 2 vcsFPService; C:\windows\system32\vcsFPService.exe [1639728 2009-10-21] (Validity Sensors, Inc.) 2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [x] 2 HP ProtectTools Service; "c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe" [x] 2 HPDayStarterService; "c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe" [x] 2 HpFkCryptService; "c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" [x] 2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x] 3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.MSSQLSERVER [x] 4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x] 2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Config" [x] 2 rgsender; "c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe" -l logSetup [x] 2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x] 2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x] ==================== Drivers (Whitelisted) =================== 3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows ® Codename Longhorn DDK provider) 2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-09-17] (LogMeIn, Inc.) 3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2010-09-17] (LogMeIn, Inc.) 2 LMIRfsDriver; \??\C:\windows\system32\drivers\LMIRfsDriver.sys [47640 2010-09-17] (LogMeIn, Inc.) 3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation) 3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [20480 2010-12-29] (Windows ® Win 7 DDK provider) 2 risdpcie; C:\Windows\system32\DRIVERS\risdpe86.sys [47616 2009-10-28] (REDC) 3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.) 2 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2009-09-28] (REDC) 4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation) 1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.) 0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.) 0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.) 0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.) 3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1758464 2009-12-18] () 4 LMIRfsClientNP; [x] ==================== NetSvcs (Whitelisted) ================= ============ One Month Created Files and Folders ============== 2012-09-04 13:01 - 2012-09-04 13:02 - 00000000 ____D C:\FRST 2012-09-04 11:24 - 2012-09-04 11:24 - 00002209 ____A C:\Users\fredk\Desktop\RKreport[2].txt 2012-09-04 11:19 - 2012-09-04 11:19 - 00002191 ____A C:\Users\fredk\Desktop\RKreport[1].txt 2012-09-04 11:17 - 2012-09-04 11:19 - 00000000 ____D C:\Users\fredk\Desktop\RK_Quarantine 2012-09-04 11:16 - 2012-09-04 11:16 - 01378816 ____A C:\Users\fredk\Desktop\RogueKiller.exe 2012-09-04 10:38 - 2012-09-04 10:38 - 00017186 ____A C:\Users\fredk\Desktop\Attach.txt 2012-09-04 10:37 - 2012-09-04 10:37 - 00029164 ____A C:\Users\fredk\Desktop\DDS.txt 2012-09-04 10:22 - 2012-09-04 10:22 - 00607260 ____R (Swearware) C:\Users\fredk\Desktop\dds.com 2012-08-31 16:26 - 2012-08-31 16:26 - 00000051 ____A C:\Users\fredk\AppData\Roaming\mbam.context.scan 2012-08-31 16:02 - 2012-08-31 16:02 - 00000000 ____D C:\Users\fredk\AppData\Roaming\Malwarebytes 2012-08-31 16:01 - 2012-08-31 16:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-08-31 16:01 - 2012-08-31 16:01 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-31 16:01 - 2012-08-31 16:01 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-08-31 16:01 - 2012-07-03 12:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-31 15:59 - 2012-08-31 15:59 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\fredk\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-29 11:27 - 2012-08-29 11:27 - 00265093 ____A C:\Users\fredk\Downloads\AWC_FORUM_EXTENSION.tar.gz 2012-08-24 16:13 - 2012-08-24 16:13 - 00001326 ____A C:\Users\fredk\Desktop\MediaWiki.lnk 2012-08-24 13:35 - 2012-08-24 13:35 - 08268544 ____A C:\Users\fredk\Downloads\PROD_wiki_db.sql 2012-08-24 10:29 - 2012-08-24 10:29 - 00000000 ____D C:\Users\fredk\VirtualBox VMs 2012-08-23 15:06 - 2012-08-24 10:25 - 00000000 ____D C:\VMAppliance 2012-08-23 14:31 - 2012-08-30 11:56 - 00000000 ____D C:\Users\fredk\.VirtualBox 2012-08-23 14:30 - 2012-08-23 14:30 - 00001076 ____A C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2012-08-23 14:30 - 2012-08-23 14:30 - 00000000 ____D C:\Program Files\Oracle 2012-08-23 14:30 - 2012-08-20 16:32 - 00158552 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys 2012-08-23 14:30 - 2012-08-20 16:32 - 00091992 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys 2012-08-23 14:27 - 2012-08-23 14:27 - 95187288 ____A (Oracle Corporation) C:\Users\fredk\Downloads\VirtualBox-4.1.20-80170-Win.exe 2012-08-21 11:30 - 2012-08-21 11:30 - 00033199 ____A C:\Users\fredk\Downloads\MediaWiki-20120821192828.xml 2012-08-20 16:32 - 2012-08-20 16:32 - 00135512 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll 2012-08-20 16:32 - 2012-08-20 16:32 - 00116056 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys 2012-08-20 16:32 - 2012-08-20 16:32 - 00104792 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys 2012-08-15 12:57 - 2012-08-15 12:57 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-08-15 09:59 - 2012-08-28 13:27 - 00000600 ____A C:\Users\fredk\AppData\Local\PUTTY.RND 2012-08-15 09:47 - 2012-08-15 09:47 - 00000000 ____D C:\Program Files\Putty 2012-08-15 02:01 - 2012-07-06 11:23 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys 2012-08-14 23:05 - 2012-07-18 09:47 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-08-14 23:05 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-08-14 23:05 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-08-14 23:05 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-08-14 23:05 - 2012-06-26 21:53 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-14 23:05 - 2012-06-26 21:53 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-14 23:05 - 2012-06-26 21:53 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-14 23:05 - 2012-06-26 21:51 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-14 23:05 - 2012-06-26 21:51 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-14 23:05 - 2012-06-26 21:51 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-14 23:05 - 2012-06-26 21:50 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-14 23:05 - 2012-06-26 21:50 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-14 23:05 - 2012-06-26 21:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-14 23:05 - 2012-06-26 21:50 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-14 23:05 - 2012-06-26 20:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-14 23:05 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-08-14 23:05 - 2012-05-04 23:46 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll 2012-08-14 23:05 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2012-08-14 23:05 - 2012-02-10 21:37 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe 2012-08-14 13:34 - 2012-08-14 13:37 - 00000000 ____D C:\Users\fredk\Downloads\UserMerge-MW1.15-48763.tar 2012-08-14 13:33 - 2012-08-14 13:33 - 01110476 ____A C:\Users\fredk\Downloads\7z920.exe 2012-08-14 13:33 - 2012-08-14 13:33 - 00000000 ____D C:\Program Files\7-Zip 2012-08-14 13:28 - 2012-08-14 13:28 - 00029609 ____A C:\Users\fredk\Downloads\UserMerge-MW1.15-48763.tar.tar 2012-08-14 08:09 - 2012-08-14 08:09 - 00000220 ____A C:\Users\fredk\Downloads\index.php 2012-08-09 16:10 - 2012-08-29 11:28 - 00000000 ____D C:\Users\fredk\Documents\Wiki 2012-08-08 11:20 - 2012-08-08 15:45 - 00000000 ____D C:\Users\fredk\Documents\Spectrum Workbench Actions 2012-08-06 15:30 - 2012-08-06 15:29 - 00049152 ___AT C:\Users\fredk\Documents\ProficioQryRslt.txt ============ 3 Months Modified Files ======================== 2012-09-04 11:54 - 2010-09-21 17:10 - 01032650 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-04 11:49 - 2011-05-25 08:11 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-04 11:33 - 2012-04-05 09:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-04 11:24 - 2012-09-04 11:24 - 00002209 ____A C:\Users\fredk\Desktop\RKreport[2].txt 2012-09-04 11:19 - 2012-09-04 11:19 - 00002191 ____A C:\Users\fredk\Desktop\RKreport[1].txt 2012-09-04 11:16 - 2012-09-04 11:16 - 01378816 ____A C:\Users\fredk\Desktop\RogueKiller.exe 2012-09-04 10:55 - 2009-07-13 20:34 - 00020944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-04 10:55 - 2009-07-13 20:34 - 00020944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-04 10:52 - 2011-05-25 08:11 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-04 10:52 - 2010-11-11 13:57 - 00001556 _RASH C:\Users\fredk\ntuser.pol 2012-09-04 10:50 - 2010-11-11 13:54 - 00000120 ____A C:\Windows\System32\config\netlogon.ftl 2012-09-04 10:49 - 2010-11-05 03:12 - 01097793 ____A C:\Windows\WindowsUpdate.log 2012-09-04 10:49 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-04 10:49 - 2009-07-13 20:39 - 00062909 ____A C:\Windows\setupact.log 2012-09-04 10:38 - 2012-09-04 10:38 - 00017186 ____A C:\Users\fredk\Desktop\Attach.txt 2012-09-04 10:37 - 2012-09-04 10:37 - 00029164 ____A C:\Users\fredk\Desktop\DDS.txt 2012-09-04 10:22 - 2012-09-04 10:22 - 00607260 ____R (Swearware) C:\Users\fredk\Desktop\dds.com 2012-09-04 09:54 - 2010-11-05 03:09 - 00038524 ____A C:\Windows\PFRO.log 2012-08-31 16:26 - 2012-08-31 16:26 - 00000051 ____A C:\Users\fredk\AppData\Roaming\mbam.context.scan 2012-08-31 16:01 - 2012-08-31 16:01 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-31 15:59 - 2012-08-31 15:59 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\fredk\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-31 14:30 - 2010-11-11 13:56 - 00002588 _RASH C:\Users\All Users\ntuser.pol 2012-08-31 08:59 - 2012-01-31 14:23 - 00000320 ____A C:\Windows\Tasks\HPCeeScheduleForfredk.job 2012-08-29 16:04 - 2010-12-22 09:25 - 00000600 ____A C:\Users\fredk\AppData\Roaming\winscp.rnd 2012-08-29 11:27 - 2012-08-29 11:27 - 00265093 ____A C:\Users\fredk\Downloads\AWC_FORUM_EXTENSION.tar.gz 2012-08-28 13:47 - 2011-01-05 15:07 - 00000052 ____A C:\Windows\System32\DOErrors.log 2012-08-28 13:27 - 2012-08-15 09:59 - 00000600 ____A C:\Users\fredk\AppData\Local\PUTTY.RND 2012-08-27 08:07 - 2012-04-05 09:10 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-08-27 08:07 - 2011-05-31 07:44 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-08-24 16:13 - 2012-08-24 16:13 - 00001326 ____A C:\Users\fredk\Desktop\MediaWiki.lnk 2012-08-24 13:35 - 2012-08-24 13:35 - 08268544 ____A C:\Users\fredk\Downloads\PROD_wiki_db.sql 2012-08-23 14:30 - 2012-08-23 14:30 - 00001076 ____A C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2012-08-23 14:27 - 2012-08-23 14:27 - 95187288 ____A (Oracle Corporation) C:\Users\fredk\Downloads\VirtualBox-4.1.20-80170-Win.exe 2012-08-21 11:30 - 2012-08-21 11:30 - 00033199 ____A C:\Users\fredk\Downloads\MediaWiki-20120821192828.xml 2012-08-20 16:32 - 2012-08-23 14:30 - 00158552 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys 2012-08-20 16:32 - 2012-08-23 14:30 - 00091992 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys 2012-08-20 16:32 - 2012-08-20 16:32 - 00135512 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll 2012-08-20 16:32 - 2012-08-20 16:32 - 00116056 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys 2012-08-20 16:32 - 2012-08-20 16:32 - 00104792 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys 2012-08-20 11:31 - 2011-06-10 16:20 - 00487634 ____A C:\Users\fredk\Documents\Fred Time Analsys by Emails.xlsx 2012-08-15 12:54 - 2011-08-18 16:26 - 00000435 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2012-08-15 02:23 - 2009-07-13 20:33 - 00411200 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-15 02:04 - 2011-12-21 08:39 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-08-14 13:33 - 2012-08-14 13:33 - 01110476 ____A C:\Users\fredk\Downloads\7z920.exe 2012-08-14 13:28 - 2012-08-14 13:28 - 00029609 ____A C:\Users\fredk\Downloads\UserMerge-MW1.15-48763.tar.tar 2012-08-14 08:09 - 2012-08-14 08:09 - 00000220 ____A C:\Users\fredk\Downloads\index.php 2012-08-06 15:29 - 2012-08-06 15:30 - 00049152 ___AT C:\Users\fredk\Documents\ProficioQryRslt.txt 2012-08-06 14:49 - 2011-01-10 09:39 - 00002010 ___AH C:\Users\fredk\Documents\Default.rdp 2012-08-01 13:27 - 2012-08-01 13:27 - 00596598 ____A C:\Users\fredk\Downloads\Word2MediaWikiPlus-1.0.0.zip 2012-07-18 09:47 - 2012-08-14 23:05 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 07:42 - 2010-12-03 16:46 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll 2012-07-11 07:42 - 2010-12-03 16:46 - 00083392 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll 2012-07-11 07:42 - 2010-12-03 16:46 - 00030624 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll 2012-07-06 11:23 - 2012-08-15 02:01 - 00393728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys 2012-07-04 13:16 - 2012-08-14 23:05 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 13:14 - 2012-08-14 23:05 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 13:14 - 2012-08-14 23:05 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-03 12:46 - 2012-08-31 16:01 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-26 21:53 - 2012-08-14 23:05 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-26 21:53 - 2012-08-14 23:05 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-26 21:53 - 2012-08-14 23:05 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-26 21:51 - 2012-08-14 23:05 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-26 21:51 - 2012-08-14 23:05 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-06-26 21:51 - 2012-08-14 23:05 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-26 21:50 - 2012-08-14 23:05 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-26 21:50 - 2012-08-14 23:05 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-26 21:50 - 2012-08-14 23:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-26 21:50 - 2012-08-14 23:05 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-26 20:10 - 2012-08-14 23:05 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-08 20:41 - 2012-07-10 23:51 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll ZeroAccess: C:\Windows\Installer\{49e6e453-5a06-05af-cc9f-99c9c89bf300} C:\Windows\Installer\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\@ C:\Windows\Installer\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\L C:\Windows\Installer\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\U C:\Windows\Installer\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\U\00000001.@ C:\Windows\Installer\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\U\80000000.@ C:\Windows\Installer\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\U\800000cb.@ ZeroAccess: C:\Users\fredk\AppData\Local\{49e6e453-5a06-05af-cc9f-99c9c89bf300} C:\Users\fredk\AppData\Local\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\@ C:\Users\fredk\AppData\Local\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\L C:\Users\fredk\AppData\Local\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\U ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-07-20 05:57:08 Restore point made on: 2012-07-24 08:20:35 Restore point made on: 2012-07-26 12:01:57 Restore point made on: 2012-07-31 01:31:46 Restore point made on: 2012-08-03 04:31:16 Restore point made on: 2012-08-07 04:12:50 Restore point made on: 2012-08-07 22:20:43 Restore point made on: 2012-08-14 02:21:03 Restore point made on: 2012-08-15 02:00:32 Restore point made on: 2012-08-22 23:00:29 Restore point made on: 2012-08-23 14:29:33 Restore point made on: 2012-08-29 07:32:56 ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 1967.38 MB Available physical RAM: 1491.85 MB Total Pagefile: 1967.38 MB Available Pagefile: 1494.64 MB Total Virtual: 2047.88 MB Available Virtual: 1952.7 MB ==================== Partitions ============================ 1 Drive c: () (Fixed) (Total:215.59 GB) (Free:96.91 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:4.42 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.49 GB) FAT32 5 Drive h: (PNY BLUE) (Removable) (Total:3.68 GB) (Free:2.7 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 0 B Disk 1 Online 3768 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 300 MB 1024 KB Partition 2 Primary 215 GB 301 MB Partition 3 Primary 15 GB 215 GB Partition 4 Primary 2043 MB 230 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 300 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 215 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E HP_RECOVERY NTFS Partition 15 GB Healthy ================================================================================== Disk: 0 Partition 4 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F HP_TOOLS FAT32 Partition 2043 MB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 3768 MB 0 B ================================================================================== Disk: 1 There is no partition selected. There is no partition selected. Please select a partition and try again. ================================================================================== Last Boot: 2012-08-27 16:57 ==================== End Of Log =============================

RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : fredk [Admin rights] Mode : Scan -- Date : 09/04/2012 12:19:50 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\windows\Installer\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\windows\Installer\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\U --> FOUND [ZeroAccess][FOLDER] L : C:\windows\Installer\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\L --> FOUND [ZeroAccess][FILE] @ : C:\Users\fredk\AppData\Local\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Users\fredk\AppData\Local\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Users\fredk\AppData\Local\{49e6e453-5a06-05af-cc9f-99c9c89bf300}\L --> FOUND [susp.ASLR|Sig - ZeroAccess][FILE] services.exe : C:\windows\system32\services.exe --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250410AS +++++ --- User --- [MBR] 70b35d3a634fda3993d857406c01a50e [bSP] 6606ccbb325a4a9d27ff1bb85d67f098 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 220763 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 452739072 | Size: 15360 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 484196352 | Size: 2043 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

I read the pinned article and attached are the results of the DDS. Please advise on next steps. Thanks, Fred Attach.txtDDS.txt