Jump to content

bradleyjond

Members
  • Posts

    20
  • Joined

  • Last visited

Everything posted by bradleyjond

  1. One of our customers noticed our website (https://financeinsights.net) was being flagged By Malwarebytes Browser Guard on their computer. We've checked and there appears to be no issues with the website. It's looking like this is a false positive based on the Malwarebytes literature. Can you help us with this? Website blocked due to reputation Website blocked: financeinsights.net Malwarebytes Browser Guard blocks pages that come from websites with relatively light traffic and have been reported to have malicious activity. If you trust this website, please click CONTINUE TO SITE. Otherwise, choose GO BACK. We strongly recommend you do not continue. Thank you for your help! Brad
  2. Amazingly helpful! I was completely lost without you!

  3. Results of screen317's Security Check version 0.99.50 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 Java 6 Update 25 Java version out of Date! Mozilla Thunderbird (3.1.10) Thunderbird out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. It didn't find anything that time. Are those two DNS entries normal?
  5. RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : John Nicholas [Admin rights] Mode : Scan -- Date : 09/09/2012 01:00:56 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602} : NameServer (65.32.1.65,65.32.1.70) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602} : NameServer (65.32.1.65,65.32.1.70) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160318AS ATA Device +++++ --- User --- [MBR] ea6acb3719542c5e4aa14d17adb2750b [bSP] 29d88a6bd94bb9282499f9c0d775a976 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 142007 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291037184 | Size: 10518 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SanDisk U3 Cruzer Micro USB Device +++++ --- User --- [MBR] 564565fe7246fa41a0d61cb0cd5946f2 [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2 | Size: 1952 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
  6. The malwarebytes quick scan didn't find anything, but RogueKiller said it found ZeroAccess Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.08.09 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 John Nicholas :: JOHNNICHOLAS [administrator] Protection: Enabled 9/8/2012 8:32:20 PM mbam-log-2012-09-08 (20-32-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 287980 Time elapsed: 3 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : John Nicholas [Admin rights] Mode : Scan -- Date : 09/08/2012 21:02:15 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602} : NameServer (65.32.1.65,65.32.1.70) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602} : NameServer (65.32.1.65,65.32.1.70) -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\L --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160318AS ATA Device +++++ --- User --- [MBR] ea6acb3719542c5e4aa14d17adb2750b [bSP] 29d88a6bd94bb9282499f9c0d775a976 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 142007 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291037184 | Size: 10518 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SanDisk U3 Cruzer Micro USB Device +++++ --- User --- [MBR] 564565fe7246fa41a0d61cb0cd5946f2 [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2 | Size: 1952 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt
  7. I ran it and it found one and cured it after a reboot. Then I ran it again and it didn't find it again, so it must have worked. I have included both logs as attachments. TDSSKiller.2.8.8.0_08.09.2012_20.17.37_log.txt TDSSKiller.2.8.8.0_08.09.2012_20.15.29_log.txt TDSSKiller.2.8.8.0_08.09.2012_20.20.29_log.txt
  8. Alright. I'm restored and ready to try some more. What's next?
  9. Using the restore won't restore the virus, right? haha. Probably a dumb question.
  10. I wasn't trying to be a smart alec. I just want to make sure I'm doing the right thing. I rescanned with FRST.exe and I also did the search for services.exe just in case you needed that again too. Here's the info: Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 08-09-2012 Ran by SYSTEM at 08-09-2012 18:59:52 Running from H:\ Windows 7 Professional (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [HP KEYBOARDx] "C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [710656 2010-02-11] (Hewlett-Packard) HKLM\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard) HKLM\...\Run: [bATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard) HKLM\...\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard) HKLM\...\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave [815704 2010-07-08] (GlavSoft LLC.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [] [x] HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253672 2011-01-07] (Sun Microsystems, Inc.) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\John Nicholas\...\Run: [Google Update] "C:\Users\John Nicholas\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-08] (Google Inc.) HKU\John Nicholas\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKLM\...\Runonce: [1AFCE5B9-5C1B-4C2C-AFB6-626681D81BD8] cmd.exe /C start /D "C:\Users\JOHNNI~1\AppData\Local\Temp" /B 1AFCE5B9-5C1B-4C2C-AFB6-626681D81BD8.exe -activeimages -postboot [x] Tcpip\..\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602}: [NameServer]65.32.1.65,65.32.1.70 ==================== Services ================================ 2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [126008 2010-09-17] (Hewlett-Packard Company) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [322 2012-09-03] () 2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 tvnserver; "C:\Program Files\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.) ==================== Drivers ================================= 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation) 3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [82048 2008-07-31] (OEM) ==================== NetSvcs (Whitelisted) ================= ============ One Month Created Files and Folders ============== 2012-09-08 14:31 - 2012-09-08 14:18 - 02211928 ____A (Kaspersky Lab ZAO) C:\tdsskiller.exe 2012-09-08 12:38 - 2012-09-08 12:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2012-09-06 03:49 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120906-074911.backup 2012-09-06 03:47 - 2012-09-06 03:49 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2012-09-06 03:47 - 2012-09-06 03:48 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-09-06 03:45 - 2012-09-06 03:46 - 16409960 ____A (Safer Networking Limited ) C:\Users\John Nicholas\Downloads\spybotsd162.exe 2012-09-06 03:44 - 2012-09-06 03:44 - 00897888 ____A C:\Users\John Nicholas\Downloads\spybot search amp destroy setup.exe 2012-09-06 03:03 - 2012-09-06 03:03 - 00607260 ____R (Swearware) C:\Users\John Nicholas\Downloads\dds.com 2012-09-06 02:46 - 2012-09-06 02:46 - 01378816 ____A C:\Users\John Nicholas\Downloads\RogueKiller.exe 2012-09-06 02:38 - 2012-09-06 02:42 - 04722680 ____A (Swearware) C:\Users\John Nicholas\Downloads\ComboFix.exe 2012-09-06 02:36 - 2012-09-06 02:36 - 00587640 ____A C:\Users\John Nicholas\Downloads\cbsidlm-tr1_6-Combofix-75221073.exe 2012-09-06 02:17 - 2012-09-06 02:24 - 00000000 ___SD C:\32788R22FWJFW 2012-09-06 02:17 - 2012-09-06 02:24 - 00000000 ____D C:\Qoobox 2012-09-06 02:17 - 2012-09-06 02:18 - 00000000 ____D C:\Windows\erdnt ============ 3 Months Modified Files ======================== 2012-09-08 14:58 - 2011-01-22 16:25 - 01540924 ____A C:\Windows\WindowsUpdate.log 2012-09-08 14:57 - 2012-08-08 06:45 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2196710471-1452651213-449474573-1001UA.job 2012-09-08 14:50 - 2012-04-03 09:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-08 14:47 - 2009-07-13 20:34 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-08 14:47 - 2009-07-13 20:34 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-08 14:46 - 2009-07-25 04:54 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-08 14:40 - 2012-03-16 10:12 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-08 14:40 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-08 14:39 - 2009-07-13 20:53 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-08 14:39 - 2009-07-13 20:39 - 00045043 ____A C:\Windows\setupact.log 2012-09-08 14:18 - 2012-09-08 14:31 - 02211928 ____A (Kaspersky Lab ZAO) C:\tdsskiller.exe 2012-09-08 12:38 - 2012-09-08 12:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2012-09-06 14:27 - 2012-03-16 10:12 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-06 06:57 - 2012-08-08 06:45 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2196710471-1452651213-449474573-1001Core.job 2012-09-06 04:19 - 2011-04-15 12:38 - 00063412 ____A C:\Windows\PFRO.log 2012-09-06 03:49 - 2009-07-13 18:04 - 00444231 ___RA C:\Windows\System32\Drivers\etc\hosts.20120906-075004.backup 2012-09-06 03:46 - 2012-09-06 03:45 - 16409960 ____A (Safer Networking Limited ) C:\Users\John Nicholas\Downloads\spybotsd162.exe 2012-09-06 03:44 - 2012-09-06 03:44 - 00897888 ____A C:\Users\John Nicholas\Downloads\spybot search amp destroy setup.exe 2012-09-06 03:03 - 2012-09-06 03:03 - 00607260 ____R (Swearware) C:\Users\John Nicholas\Downloads\dds.com 2012-09-06 02:46 - 2012-09-06 02:46 - 01378816 ____A C:\Users\John Nicholas\Downloads\RogueKiller.exe 2012-09-06 02:42 - 2012-09-06 02:38 - 04722680 ____A (Swearware) C:\Users\John Nicholas\Downloads\ComboFix.exe 2012-09-06 02:36 - 2012-09-06 02:36 - 00587640 ____A C:\Users\John Nicholas\Downloads\cbsidlm-tr1_6-Combofix-75221073.exe 2012-09-04 09:58 - 2012-08-08 06:46 - 00002497 ____A C:\Users\John Nicholas\Desktop\Google Chrome.lnk 2012-08-15 10:15 - 2011-07-15 10:15 - 00000338 ____A C:\Windows\Tasks\HPCeeScheduleForJOHNNICHOLAS$.job 2012-08-14 10:50 - 2012-04-03 09:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-08-14 10:50 - 2011-05-17 04:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-08-08 06:02 - 2012-08-08 06:02 - 00000996 ____A C:\Users\John Nicholas\Downloads\disable-balloon-tips.reg 2012-08-08 05:06 - 2012-01-31 09:21 - 00034816 __ASH C:\Users\John Nicholas\Thumbs.db 2012-07-27 07:18 - 2012-07-27 07:18 - 00001029 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-16 05:44 - 2011-04-15 11:57 - 00001945 ____A C:\Windows\epplauncher.mif 2012-07-12 10:16 - 2009-07-13 20:33 - 00412440 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 11:33 - 2011-05-02 07:50 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 09:46 - 2012-07-16 05:10 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-11 18:44 - 2012-07-11 11:33 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-08 12:30:52 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 4061.24 MB Available physical RAM: 3394.14 MB Total Pagefile: 4059.52 MB Available Pagefile: 3402.78 MB Total Virtual: 2047.88 MB Available Virtual: 1959.2 MB ==================== Partitions ============================ 1 Drive c: (OS) (Fixed) (Total:138.68 GB) (Free:85.72 GB) NTFS 2 Drive e: (HP_RECOVERY) (Fixed) (Total:10.27 GB) (Free:1.25 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (PRR #15327) (CDROM) (Total:0.29 GB) (Free:0 GB) UDF 4 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS 5 Drive h: (ANGELITO) (Removable) (Total:1.9 GB) (Free:1.9 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Disk 1 Online 1952 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 138 GB 101 MB Partition 3 Primary 10 GB 138 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 Y SYSTEM NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C OS NTFS Partition 138 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 E HP_RECOVERY NTFS Partition 10 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1952 MB 1024 B ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H ANGELITO FAT32 Removable 1952 MB Healthy ================================================================================== Last Boot: 2012-09-05 20:17 ==================== End Of Log ============================= Farbar Recovery Scan Tool (x86) Version: 08-09-2012 Ran by SYSTEM at 2012-09-08 19:00:47 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\FRST\Quarantine\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9 === End Of Search ===
  11. Luckily I am messaging back and forth with you via another computer that works perfectly well. =)
  12. I just wanted to add that after the step involving running frst.exe with the fixlist.txt everything has disappeared from the desktop and I am getting errors when windows starts up like "C:\Windows\system32\config\systemprofile\Desktop refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location." Also at the bottom right, there is a little lock with a notification that says: "Failed to connect to a windows service" "Windows could not connect to the System Event Notification Service service. This problem prevents standard users from logging on to the system. As an administrative user, you can review the System Event Log for details about why the service didn't respond"
  13. I have attached the log. There was 1 item found and there was no option to cure it. I skipped it. TDSSKiller.2.8.8.0_08.09.2012_18.35.11_log.txt.zip
  14. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-09-2012 Ran by SYSTEM at 2012-09-08 17:49:25 Run:1 Running from H:\ ============================================== C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18} moved successfully. C:\Users\John Nicholas\AppData\Local\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18} moved successfully. C:\Windows\assembly\GAC\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
  15. I have included the contents of the two files below. Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 08-09-2012 Ran by SYSTEM at 08-09-2012 16:41:54 Running from H:\ Windows 7 Professional (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [HP KEYBOARDx] "C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [710656 2010-02-11] (Hewlett-Packard) HKLM\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard) HKLM\...\Run: [bATINDICATOR] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard) HKLM\...\Run: [LaunchHPOSIAPP] C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard) HKLM\...\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave [815704 2010-07-08] (GlavSoft LLC.) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [] [x] HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-04-03] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-04-03] (Adobe Systems Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253672 2011-01-07] (Sun Microsystems, Inc.) HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\John Nicholas\...\Run: [Google Update] "C:\Users\John Nicholas\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-08] (Google Inc.) HKU\John Nicholas\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) Tcpip\..\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602}: [NameServer]65.32.1.65,65.32.1.70 ==================== Services ================================ 2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [126008 2010-09-17] (Hewlett-Packard Company) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [322 2012-09-03] () 2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 tvnserver; "C:\Program Files\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.) ==================== Drivers ================================= 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation) 3 OxPPort; C:\Windows\system32\DRIVERS\OxPPort.sys [82048 2008-07-31] (OEM) ==================== NetSvcs (Whitelisted) ================= ============ One Month Created Files and Folders ============== 2012-09-08 12:38 - 2012-09-08 12:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2012-09-06 03:49 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120906-074911.backup 2012-09-06 03:47 - 2012-09-06 03:49 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2012-09-06 03:47 - 2012-09-06 03:48 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-09-06 03:45 - 2012-09-06 03:46 - 16409960 ____A (Safer Networking Limited ) C:\Users\John Nicholas\Downloads\spybotsd162.exe 2012-09-06 03:44 - 2012-09-06 03:44 - 00897888 ____A C:\Users\John Nicholas\Downloads\spybot search amp destroy setup.exe 2012-09-06 03:03 - 2012-09-06 03:03 - 00607260 ____R (Swearware) C:\Users\John Nicholas\Downloads\dds.com 2012-09-06 02:46 - 2012-09-06 02:46 - 01378816 ____A C:\Users\John Nicholas\Downloads\RogueKiller.exe 2012-09-06 02:38 - 2012-09-06 02:42 - 04722680 ____A (Swearware) C:\Users\John Nicholas\Downloads\ComboFix.exe 2012-09-06 02:36 - 2012-09-06 02:36 - 00587640 ____A C:\Users\John Nicholas\Downloads\cbsidlm-tr1_6-Combofix-75221073.exe 2012-09-06 02:17 - 2012-09-06 02:24 - 00000000 ___SD C:\32788R22FWJFW 2012-09-06 02:17 - 2012-09-06 02:24 - 00000000 ____D C:\Qoobox 2012-09-06 02:17 - 2012-09-06 02:18 - 00000000 ____D C:\Windows\erdnt ============ 3 Months Modified Files ======================== 2012-09-08 12:38 - 2012-09-08 12:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2012-09-08 12:38 - 2011-01-22 16:25 - 01520612 ____A C:\Windows\WindowsUpdate.log 2012-09-08 12:38 - 2009-07-13 20:39 - 00044819 ____A C:\Windows\setupact.log 2012-09-08 12:37 - 2009-07-13 20:34 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-08 12:37 - 2009-07-13 20:34 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-08 12:31 - 2009-07-25 04:54 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-08 12:27 - 2012-03-16 10:12 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-08 12:27 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-08 12:26 - 2009-07-13 20:53 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-09-06 14:57 - 2012-08-08 06:45 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2196710471-1452651213-449474573-1001UA.job 2012-09-06 14:50 - 2012-04-03 09:02 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-06 14:27 - 2012-03-16 10:12 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-06 06:57 - 2012-08-08 06:45 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2196710471-1452651213-449474573-1001Core.job 2012-09-06 04:19 - 2011-04-15 12:38 - 00063412 ____A C:\Windows\PFRO.log 2012-09-06 03:49 - 2009-07-13 18:04 - 00444231 ___RA C:\Windows\System32\Drivers\etc\hosts.20120906-075004.backup 2012-09-06 03:46 - 2012-09-06 03:45 - 16409960 ____A (Safer Networking Limited ) C:\Users\John Nicholas\Downloads\spybotsd162.exe 2012-09-06 03:44 - 2012-09-06 03:44 - 00897888 ____A C:\Users\John Nicholas\Downloads\spybot search amp destroy setup.exe 2012-09-06 03:03 - 2012-09-06 03:03 - 00607260 ____R (Swearware) C:\Users\John Nicholas\Downloads\dds.com 2012-09-06 02:46 - 2012-09-06 02:46 - 01378816 ____A C:\Users\John Nicholas\Downloads\RogueKiller.exe 2012-09-06 02:42 - 2012-09-06 02:38 - 04722680 ____A (Swearware) C:\Users\John Nicholas\Downloads\ComboFix.exe 2012-09-06 02:36 - 2012-09-06 02:36 - 00587640 ____A C:\Users\John Nicholas\Downloads\cbsidlm-tr1_6-Combofix-75221073.exe 2012-09-04 09:58 - 2012-08-08 06:46 - 00002497 ____A C:\Users\John Nicholas\Desktop\Google Chrome.lnk 2012-08-15 10:15 - 2011-07-15 10:15 - 00000338 ____A C:\Windows\Tasks\HPCeeScheduleForJOHNNICHOLAS$.job 2012-08-14 10:50 - 2012-04-03 09:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-08-14 10:50 - 2011-05-17 04:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-08-08 06:02 - 2012-08-08 06:02 - 00000996 ____A C:\Users\John Nicholas\Downloads\disable-balloon-tips.reg 2012-08-08 05:06 - 2012-01-31 09:21 - 00034816 __ASH C:\Users\John Nicholas\Thumbs.db 2012-07-27 07:18 - 2012-07-27 07:18 - 00001029 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-16 05:44 - 2011-04-15 11:57 - 00001945 ____A C:\Windows\epplauncher.mif 2012-07-12 10:16 - 2009-07-13 20:33 - 00412440 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 11:33 - 2011-05-02 07:50 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 09:46 - 2012-07-16 05:10 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-11 18:44 - 2012-07-11 11:33 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ZeroAccess: C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18} C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\L C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\U C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\L\00000004.@ C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\L\201d3dde C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\U\80000032.@ ZeroAccess: C:\Users\John Nicholas\AppData\Local\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18} C:\Users\John Nicholas\AppData\Local\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\@ C:\Users\John Nicholas\AppData\Local\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\L C:\Users\John Nicholas\AppData\Local\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\U ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-08 12:30:52 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 4061.24 MB Available physical RAM: 3398.12 MB Total Pagefile: 4059.52 MB Available Pagefile: 3401.29 MB Total Virtual: 2047.88 MB Available Virtual: 1954.3 MB ==================== Partitions ============================ 1 Drive c: (OS) (Fixed) (Total:138.68 GB) (Free:85.72 GB) NTFS 2 Drive e: (HP_RECOVERY) (Fixed) (Total:10.27 GB) (Free:1.25 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (PRR #15327) (CDROM) (Total:0.29 GB) (Free:0 GB) UDF 4 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS 5 Drive h: (ANGELITO) (Removable) (Total:1.9 GB) (Free:1.9 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Disk 1 Online 1952 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 138 GB 101 MB Partition 3 Primary 10 GB 138 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 Y SYSTEM NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C OS NTFS Partition 138 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 E HP_RECOVERY NTFS Partition 10 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1952 MB 1024 B ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H ANGELITO FAT32 Removable 1952 MB Healthy ================================================================================== Last Boot: 2012-09-05 20:17 ==================== End Of Log ============================= Farbar Recovery Scan Tool (x86) Version: 08-09-2012 Ran by SYSTEM at 2012-09-08 16:43:26 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\services.exe [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9 === End Of Search ===
  16. Working on it. Sorry I didn't respond sooner. I never got an email that you had responded. I'll be sure to keep checking back from now on. I'll update soon after I complete the steps you've outlined. Thanks so much for the help!
  17. Below are my malwarebytes pro, dds, attach, and roguekiller logs Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.06.06 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 John Nicholas :: JOHNNICHOLAS [administrator] Protection: Enabled 9/6/2012 7:12:12 AM mbam-log-2012-09-06 (08-16-18).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 399135 Time elapsed: 1 hour(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\U\00000004.@ (Rootkit.Zaccess) -> No action taken. C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken. C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\U\000000cb.@ (Rootkit.0Access) -> No action taken. C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\U\80000000.@ (Trojan.Small) -> No action taken. (end) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by John Nicholas at 7:05:53 on 2012-09-06 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3037.1985 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\TightVNC\tvnserver.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe C:\Program Files\TightVNC\tvnserver.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe C:\Program Files\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe C:\Program Files\TightVNC\tvnserver.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [Google Update] "c:\users\john nicholas\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [hpsysdrv] c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [HP KEYBOARDx] "c:\program files\hewlett-packard\hp desktop keyboard\HPKEYBOARDx.EXE" mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [bATINDICATOR] c:\program files\hewlett-packard\hp mainstream keyboard\BATINDICATOR.exe mRun: [LaunchHPOSIAPP] c:\program files\hewlett-packard\hp mainstream keyboard\LaunchApp.exe mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll LSP: mswsock.dll Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602} : NameServer = 65.32.1.65,65.32.1.70 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-8-20 92216] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-27 655944] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-16 13880] R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-16 22344] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-1-22 279656] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-16 136176] S2 PEVSystemStart;PEVSystemStart;c:\32788r22fwjfw\pev.3XE [2011-6-26 256000] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-16 136176] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-1-22 132480] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 OxPPort;OxPPort;c:\windows\system32\drivers\OxPPort.sys [2011-1-22 82048] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-2 1343400] . =============== Created Last 30 ================ . 2012-09-06 11:05:22 54016 ----a-w- c:\windows\system32\drivers\ivani.sys 2012-08-08 14:45:22 -------- d-----w- c:\users\john nicholas\appdata\local\Deployment 2012-08-08 14:45:22 -------- d-----w- c:\users\john nicholas\appdata\local\Apps . ==================== Find3M ==================== . 2012-08-14 18:50:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-14 18:50:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-12 02:44:03 2344448 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 7:06:30.23 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/15/2011 3:31:29 PM System Uptime: 9/6/2012 6:00:17 AM (1 hours ago) . Motherboard: FOXCONN | | 2A8C Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz | CPU 1 | 3003/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 139 GiB total, 85.787 GiB free. D: is FIXED (NTFS) - 10 GiB total, 1.252 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . ActiveCheck component for HP Active Support Library Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Flash Player 11 ActiveX Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Google Apps Migration For Microsoft Outlook® 2.3.12.34 Google Apps Sync™ for Microsoft Outlook® 3.1.94.203 Google Chrome Google Cloud Connect for Microsoft Office Google Update Helper HP Auto HP Connect Solutions HP Customer Experience Enhancements HP Desktop Keyboard HP MAINSTREAM KEYBOARD HP Odometer HP Remote Solution HP Setup HP Support Assistant HP Support Information HP Vision Hardware Diagnostics HPAsset component for HP Active Support Library Intel® Graphics Media Accelerator Driver InterVideo WinDVD 8 Java Auto Updater Java 6 Update 25 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC90_CRT_x86 Mozilla Thunderbird (3.1.10) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PlayReady PC Runtime x86 Realtek High Definition Audio Driver Recovery Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Spotify TightVNC 2.0.2 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Windows Live ID Sign-in Assistant . ==== Event Viewer Messages From Past Week ======== . 9/6/2012 6:28:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. 9/6/2012 6:28:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 9/6/2012 6:23:56 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s). 9/6/2012 6:23:56 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 6:23:56 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 6:23:56 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/6/2012 6:23:56 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/6/2012 6:23:56 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 6:23:56 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 6:23:56 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 6:23:56 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 6:23:56 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 9/6/2012 6:23:56 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/6/2012 6:23:55 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 9/6/2012 6:18:27 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running. 9/6/2012 6:17:27 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 9/6/2012 6:17:27 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 6:17:27 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 6:17:27 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/6/2012 6:17:27 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/6/2012 6:17:27 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 6:17:27 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/6/2012 6:17:27 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/6/2012 6:17:27 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 6:17:27 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 6:17:27 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 9/6/2012 6:17:27 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/6/2012 6:03:15 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 9/6/2012 6:03:15 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 9/6/2012 6:00:35 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. . ==== End Of File =========================== RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : John Nicholas [Admin rights] Mode : Scan -- Date : 09/06/2012 06:52:04 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602} : NameServer (65.32.1.65,65.32.1.70) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{88E8002B-4C31-43A5-994C-BB87BA16B602} : NameServer (65.32.1.65,65.32.1.70) -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\L --> FOUND [ZeroAccess][FILE] @ : C:\Users\John Nicholas\AppData\Local\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\@ --> FOUND [ZeroAccess][FOLDER] U : C:\Users\John Nicholas\AppData\Local\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Users\John Nicholas\AppData\Local\{6d2a19bc-dc9f-c147-6976-dc0ba1959f18}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC\Desktop.ini --> FOUND [susp.ASLR|Sig - ZeroAccess][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160318AS ATA Device +++++ --- User --- [MBR] ea6acb3719542c5e4aa14d17adb2750b [bSP] 29d88a6bd94bb9282499f9c0d775a976 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 142007 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 291037184 | Size: 10518 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  18. This infection keeps showing up in my Malware Bytes. I have the pro version, but I think this infection started before I got it. I attached the dds log, the attach log, and the roguekiller log. Thank you for your help! I don't know what to do next. Attach.txt DDS.txt RKreport1.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.