pjgibbons
-
Posts
32 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by pjgibbons
-
Tried to run dds in normal mode, but it crashed before program loaded. Ran both dds & tdsskiller in safe mode, logs below. DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.17.2 Run by Pam at 11:43:33 on 2013-03-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6078.5413 [GMT -5:00] . AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\System32\WerFault.exe C:\Windows\system32\ctfmon.exe \\.\globalroot\systemroot\svchost.exe -netsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://news.yahoo.com/?u uWindow Title = Internet Explorer provided by Dell uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.dell4me.com/myway uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uProxyServer = :0 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ipsbho.dll BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coieplg.dll EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} - uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe uRun: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" -"http://bcs.worthpublishers.com/hockenbury3e/content/cat_030/ch04/flash.htm?v=chapter&i=04030.01&s=04000&n=00030&o=|00040|00030|" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files\CrashPlan\CrashPlanTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html IE: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: turbotax.com DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://xtier.d211.org/InternalSite/WhlCompMgr.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{EEB78936-53BE-40A5-A60A-B6131EB9AF59}\2656C6B696E6E253637333 : DHCPNameServer = 192.168.2.1 Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = hxxp://www.dell4me.com/myway x64-mDefault_Page_URL = hxxp://www.dell4me.com/myway x64-mDefault_Search_URL = hxxp://www.google.com/ie x64-mSearchAssistant = hxxp://www.google.com/ie x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode x64-Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab x64-Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - LocalServer32 - <no file> x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0404000.00C\symds64.sys [2011-10-31 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0404000.00C\symefa64.sys [2011-10-31 221304] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [2013-3-5 1388120] S1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0404000.00C\cchpx64.sys [2011-10-31 593544] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130308.001\IDSviA64.sys [2013-3-8 513184] S1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-1-4 308296] S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\ironx64.sys [2011-10-31 150064] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0404000.00C\symtdiv.sys [2011-10-31 451704] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-4 203776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-3-16 222720] S2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [2009-1-4 191896] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-10 398184] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-10 682344] S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400] S2 QuickBooksDB18;QuickBooksDB18;C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 --> C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-9-21 150928] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824] S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\Downloaded Program Files\DM.1\DMService.exe [2011-12-1 487312] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912] S3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\System32\drivers\libusb0.sys [2010-11-12 43456] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-10 24176] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-1-4 102472] S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-1-4 40904] S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-1-4 49480] S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136] S3 psdrv3;PrimeSense Sensor Device Driver Service v3.x;C:\Windows\System32\drivers\psdrv3.sys [2011-4-15 23816] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\System32\drivers\tascusb2.sys [2012-2-19 419160] S3 TASCAM_US122L_MK2_MIDI;TASCAM US-122L mk2 WDM MIDI Device;C:\Windows\System32\drivers\tscusb2m.sys [2012-2-19 31576] S3 TASCAM_US122L_MK2_WDM;TASCAM US-122L mk2 WDM;C:\Windows\System32\drivers\tscusb2a.sys [2012-2-19 53080] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-27 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-4 1255736] S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2071-07-25 15:13:30 203576 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe 2013-03-12 16:43:26 20480 ----a-w- C:\Windows\svchost.exe 2013-03-12 16:39:51 -------- d-----w- C:\Users\Pam\AppData\Local\{1E871152-F811-4094-91B7-CC8C62F138FE} 2013-03-12 15:00:52 -------- d-----w- C:\Users\Pam\AppData\Local\{FB131BBE-3396-4D76-850A-C24733CA4E65} 2013-03-12 03:33:58 -------- d-----w- C:\FRST 2013-03-11 14:58:15 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-11 14:57:54 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-11 14:50:33 -------- d-----w- C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6} 2013-03-11 11:22:47 -------- d-----w- C:\Users\Pam\AppData\Roaming\Tific 2013-03-11 11:16:21 -------- d-----w- C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB} 2013-03-11 11:15:51 -------- d-----w- C:\Users\Pam\AppData\Local\Symantec 2013-03-11 03:44:07 -------- d-----w- C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA} 2013-03-11 03:25:22 -------- d-----w- C:\Users\Pam\AppData\Roaming\Malwarebytes 2013-03-11 03:25:05 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-11 03:25:04 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-11 03:25:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-11 03:24:51 -------- d-----w- C:\Users\Pam\AppData\Local\Programs 2013-03-11 02:45:09 -------- d-----w- C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B} 2013-03-11 01:06:39 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\A183.tmp 2013-03-11 01:06:39 7680 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\A172.tmp 2013-02-13 17:04:43 -------- d-----w- C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4} 2013-02-13 09:04:07 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 09:04:07 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:07:51 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 02:07:50 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 02:07:49 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 02:07:38 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 02:07:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 02:07:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 02:07:35 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-13 02:07:35 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 02:07:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 02:07:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 02:07:32 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-13 02:07:32 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2013-03-11 14:57:25 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-27 04:43:00 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 04:43:00 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-21 00:11:59 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll . ============= FINISH: 11:51:52.38 =============== will post tdsskiller log in another post - too long for this one
-
<p>Here's the fixlog.txt:</p> <p> </p> <p> </p> <div>Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-03-2013 01</div> <div>Ran by SYSTEM at 2013-03-12 09:55:36 Run:1</div> <div>Running from F:\</div> <div> </div> <div>==============================================</div> <div> </div> <div> </div> <div>The operation completed successfully.</div> <div>The operation completed successfully.</div> <div> </div> <div>==== End of Fixlog ====</div> <div> </div> <div> </div> <div>I restarted into normal mode. It seemed to load a bit faster than it has in the last couple of days. Mbam notification window popped up that said "mbam blocked & quarantined a threat: c:\windows\svchost.exe trojan.agent"</div> <div> </div> <div>When I displayed the quarantine, it showed 254 threats, most are copies of trojan.agent. Trojan.redirdll was also on there. Before I could get a copy of the list to send to you, the computer crashed.</div>
-
<p> </p> <div>Thanks for your help!</div> <div> </div> <div>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01</div> <div>Ran by SYSTEM at 11-03-2013 19:34:12</div> <div>Running from F:\</div> <div>Windows 7 Home Premium (X64) OS Language: English(US) </div> <div>The current controlset is ControlSet001</div> <div> </div> <div>==================== Registry (Whitelisted) ===================</div> <div> </div> <div>HKLM\...\Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode [x]</div> <div>HKLM\...\Run: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-04-15] (Intel Corporation)</div> <div>HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [443904 2008-05-22] (IDT, Inc.)</div> <div>HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)</div> <div>HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-11-04] (Advanced Micro Devices, Inc.)</div> <div>HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [307200 2009-06-14] (Advanced Micro Devices, Inc.)</div> <div>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)</div> <div>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)</div> <div>HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)</div> <div>HKLM-x32\...\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)</div> <div>HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)</div> <div>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)</div> <div>HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)</div> <div>HKU\Administrator\...\RunOnce: [WAB Migrate] C:\Program Files (x86)\Windows Mail\wab.exe /Upgrade [516096 2010-11-20] (Microsoft Corporation)</div> <div>HKU\Administrator\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [x]</div> <div>HKU\Pam\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]</div> <div>HKU\Pam\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [160328 2010-11-08] (Siber Systems)</div> <div>HKU\Pam\...\Run: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe [x]</div> <div>HKU\Pam\...\Run: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe [x]</div> <div>HKU\Pam\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)</div> <div>HKU\Pam\...\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background [1449824 2012-03-08] (Microsoft Corporation)</div> <div>HKU\Pam\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)</div> <div>HKU\Pam\...\RunOnce: [shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)" -"http://bcs.worthpublishers.com/hockenbury3e/content/cat_030/ch04/flash.htm?v=chapter&i=04030.01&s=04000&n=00030&o=|00040|00030|" [468408 2009-06-05] (Adobe Systems, Inc.)</div> <div>HKU\QBDataServiceUser18\...\RunOnce: [DPAPIKeyMig] %SystemRoot%\system32\dpapimig.exe -quiet [x]</div> <div>HKU\QBDataServiceUser18\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [x]</div> <div>Tcpip\Parameters: [DhcpNameServer] 192.168.2.1</div> <div>Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk</div> <div>ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</div> <div>Startup: C:\ProgramData\Start Menu\Programs\Startup\CrashPlan Tray.lnk</div> <div>ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)</div> <div>Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk</div> <div>ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)</div> <div>Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk</div> <div>ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</div> <div>Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk</div> <div>ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</div> <div>Startup: C:\Users\QBDataServiceUser18\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk</div> <div>ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)</div> <div> </div> <div>==================== Services (Whitelisted) ===================</div> <div> </div> <div>2 CrashPlanService; "C:\Program Files\CrashPlan\CrashPlanService.exe" [222720 2011-03-16] (CrashPlan)</div> <div>2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [107928 2006-12-07] (Dell Inc.)</div> <div>2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [191896 2006-12-06] (Dell Inc.)</div> <div>3 DMService; C:\Windows\Downloaded Program Files\DM.1\DMService.exe [487312 2010-11-25] (Microsoft Corporation)</div> <div>2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)</div> <div>2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)</div> <div>2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)</div> <div>2 QuickBooksDB18; C:\Program Files (x86)\intuit\QuickBooks 2008\QBDBMgrN.exe -hvQuickBooksDB18 [128536 2006-09-13] (iAnywhere Solutions, Inc.)</div> <div>2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [150928 2010-11-25] (Microsoft Corporation)</div> <div>3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x]</div> <div>3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [x]</div> <div> </div> <div>==================== Drivers (Whitelisted) =====================</div> <div> </div> <div>1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)</div> <div>1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)</div> <div>3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [286936 2009-06-05] (Intel Corporation)</div> <div>1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-13] (Symantec Corporation)</div> <div>3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-13] (Symantec Corporation)</div> <div>1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130308.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)</div> <div>3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [43456 2011-03-30] (http://libusb-win32.sourceforge.net)</div> <div>3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)</div> <div>3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [102472 2009-09-16] (McAfee, Inc.)</div> <div>1 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [308296 2009-09-16] (McAfee, Inc.)</div> <div>3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)</div> <div>3 mfesmfk; C:\Windows\System32\Drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)</div> <div>3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\ENG64.SYS [126192 2013-03-11] (Symantec Corporation)</div> <div>3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130311.004\EX64.SYS [2087664 2013-03-11] (Symantec Corporation)</div> <div>3 psdrv3; C:\Windows\System32\Drivers\psdrv3.sys [23816 2011-05-08] (Prime Sense Ltd.)</div> <div>1 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)</div> <div>1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)</div> <div>0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)</div> <div>0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)</div> <div>3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-04-21] (Symantec Corporation)</div> <div>1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [53808 2010-05-05] (Symantec Corporation)</div> <div>1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)</div> <div>1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)</div> <div>3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [419160 2011-04-28] (TASCAM)</div> <div>3 TASCAM_US122L_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31576 2011-04-28] (TASCAM)</div> <div>3 TASCAM_US122L_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [53080 2011-04-28] (TASCAM)</div> <div>3 27303051; C:\Windows\System32\drivers\33678759.sys [x]</div> <div>3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]</div> <div>3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]</div> <div>3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]</div> <div>3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]</div> <div>3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]</div> <div>3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]</div> <div>3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]</div> <div>3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [x]</div> <div> </div> <div>==================== NetSvcs (Whitelisted) ====================</div> <div> </div> <div> </div> <div>==================== One Month Created Files and Folders ========</div> <div> </div> <div>2013-03-11 16:29 - 2013-03-11 16:29 - 00262144 ____A C:\Windows\Minidump\031113-24382-01.dmp</div> <div>2013-03-11 11:36 - 2013-03-11 11:36 - 00275520 ____A C:\Windows\Minidump\031113-99559-01.dmp</div> <div>2013-03-11 11:29 - 2013-03-11 11:29 - 00279648 ____A C:\Windows\Minidump\031113-101307-01.dmp</div> <div>2013-03-11 11:13 - 2013-03-11 11:14 - 00279648 ____A C:\Windows\Minidump\031113-27331-01.dmp</div> <div>2013-03-11 11:06 - 2013-03-11 11:07 - 00283744 ____A C:\Windows\Minidump\031113-96985-01.dmp</div> <div>2013-03-11 10:56 - 2013-03-11 10:56 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Pam\Downloads\tdsskiller.exe</div> <div>2013-03-11 10:51 - 2013-03-11 10:52 - 00004069 ____A C:\Users\Pam\Desktop\RKreport[2]_D_03112013_02d1351.txt</div> <div>2013-03-11 10:48 - 2013-03-11 10:48 - 00004142 ____A C:\Users\Pam\Desktop\RKreport[1]_S_03112013_02d1348.txt</div> <div>2013-03-11 10:43 - 2013-03-11 10:50 - 00000000 ____D C:\Users\Pam\Desktop\RK_Quarantine</div> <div>2013-03-11 10:41 - 2013-03-11 10:42 - 00816640 ____A C:\Users\Pam\Downloads\RogueKiller.exe</div> <div>2013-03-11 10:40 - 2013-03-11 10:40 - 00007739 ____A C:\Users\Pam\Documents\AdwCleaner[s1].txt</div> <div>2013-03-11 10:35 - 2013-03-11 10:36 - 00007739 ____A C:\AdwCleaner[s1].txt</div> <div>2013-03-11 10:35 - 2013-03-11 10:35 - 00597667 ____A C:\Users\Pam\Downloads\adwcleaner.exe</div> <div>2013-03-11 07:54 - 2013-03-11 07:55 - 00890798 ____A C:\Users\Pam\Downloads\SecurityCheck.exe</div> <div>2013-03-11 07:46 - 2013-03-11 07:46 - 00275520 ____A C:\Windows\Minidump\031113-110776-01.dmp</div> <div>2013-03-11 07:23 - 2013-03-11 07:23 - 00275520 ____A C:\Windows\Minidump\031113-32807-01.dmp</div> <div>2013-03-11 07:17 - 2013-03-11 07:18 - 00275520 ____A C:\Windows\Minidump\031113-127078-01.dmp</div> <div>2013-03-11 06:58 - 2013-03-11 06:57 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll</div> <div>2013-03-11 06:58 - 2013-03-11 06:57 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe</div> <div>2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe</div> <div>2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe</div> <div>2013-03-11 06:57 - 2013-03-11 06:57 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll</div> <div>2013-03-11 06:50 - 2013-03-11 06:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6}</div> <div>2013-03-11 06:36 - 2013-03-11 06:49 - 201878776 ____A C:\Users\Pam\Downloads\20130311-004-v5i64.exe</div> <div>2013-03-11 03:22 - 2013-03-11 03:22 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Tific</div> <div>2013-03-11 03:19 - 2013-03-11 03:20 - 00275520 ____A C:\Windows\Minidump\031113-73538-01.dmp</div> <div>2013-03-11 03:16 - 2013-03-11 03:16 - 00000000 ____D C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB}</div> <div>2013-03-11 03:15 - 2013-03-11 03:15 - 00000000 ____D C:\Users\Pam\AppData\Local\Symantec</div> <div>2013-03-10 19:46 - 2013-03-10 19:47 - 00275520 ____A C:\Windows\Minidump\031013-23540-01.dmp</div> <div>2013-03-10 19:44 - 2013-03-10 19:44 - 00000000 ____D C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA}</div> <div>2013-03-10 19:40 - 2013-03-10 19:40 - 00275520 ____A C:\Windows\Minidump\031013-63866-01.dmp</div> <div>2013-03-10 19:25 - 2013-03-10 19:25 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div> <div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes</div> <div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes</div> <div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</div> <div>2013-03-10 19:25 - 2012-12-14 13:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</div> <div>2013-03-10 18:47 - 2013-03-10 18:48 - 00275520 ____A C:\Windows\Minidump\031013-25006-01.dmp</div> <div>2013-03-10 18:45 - 2013-03-10 18:45 - 00000000 ____D C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B}</div> <div>2013-02-22 13:56 - 2013-03-10 16:56 - 00000042 ____A C:\Users\Pam\jagex_cl_oldschool_LIVE.dat</div> <div>2013-02-13 19:23 - 2013-02-13 19:23 - 00941568 ____A (Amazon Services LLC) C:\Users\Pam\Downloads\QuickBooks_Pro_2013_Downloader.exe</div> <div>2013-02-13 09:04 - 2013-03-10 12:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4}</div> <div>2013-02-13 01:01 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl</div> <div>2013-02-13 01:01 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe</div> <div>2013-02-13 01:01 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</div> <div>2013-02-13 01:01 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll</div> <div>2013-02-13 01:01 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</div> <div>2013-02-13 01:01 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</div> <div>2013-02-13 01:01 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</div> <div>2013-02-13 01:01 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</div> <div>2013-02-13 01:01 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</div> <div>2013-02-13 01:01 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</div> <div>2013-02-13 01:01 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</div> <div>2013-02-13 01:01 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll</div> <div>2013-02-13 01:01 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</div> <div>2013-02-13 01:01 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</div> <div>2013-02-13 01:01 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</div> <div>2013-02-13 01:01 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</div> <div>2013-02-13 01:01 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</div> <div>2013-02-13 01:01 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</div> <div>2013-02-13 01:01 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</div> <div>2013-02-13 01:01 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</div> <div>2013-02-13 01:01 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</div> <div>2013-02-12 18:07 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</div> <div>2013-02-12 18:07 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</div> <div>2013-02-12 18:07 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</div> <div>2013-02-12 18:07 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</div> <div>2013-02-12 18:07 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</div> <div>2013-02-12 18:07 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys</div> <div>2013-02-12 18:07 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</div> <div>2013-02-12 18:07 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</div> <div>2013-02-12 18:07 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</div> <div>2013-02-12 18:07 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</div> <div>2013-02-12 18:07 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys</div> <div>2013-02-12 18:07 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS</div> <div> </div> <div> </div> <div>==================== One Month Modified Files and Folders =======</div> <div> </div> <div>2013-03-11 19:33 - 2013-03-11 19:33 - 00000000 ____D C:\FRST</div> <div>2013-03-11 16:29 - 2013-03-11 16:29 - 00262144 ____A C:\Windows\Minidump\031113-24382-01.dmp</div> <div>2013-03-11 16:29 - 2012-02-19 16:36 - 00000000 ____D C:\Windows\Minidump</div> <div>2013-03-11 16:29 - 2009-06-17 04:23 - 687996484 ____A C:\Windows\MEMORY.DMP</div> <div>2013-03-11 11:40 - 2012-06-30 20:55 - 00000000 ____D C:\Users\Pam\Tracing</div> <div>2013-03-11 11:37 - 2011-05-13 15:29 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>2013-03-11 11:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</div> <div>2013-03-11 11:37 - 2009-07-13 20:51 - 01488204 ____A C:\Windows\setupact.log</div> <div>2013-03-11 11:36 - 2013-03-11 11:36 - 00275520 ____A C:\Windows\Minidump\031113-99559-01.dmp</div> <div>2013-03-11 11:29 - 2013-03-11 11:29 - 00279648 ____A C:\Windows\Minidump\031113-101307-01.dmp</div> <div>2013-03-11 11:14 - 2013-03-11 11:13 - 00279648 ____A C:\Windows\Minidump\031113-27331-01.dmp</div> <div>2013-03-11 11:07 - 2013-03-11 11:06 - 00283744 ____A C:\Windows\Minidump\031113-96985-01.dmp</div> <div>2013-03-11 10:58 - 2009-12-05 15:01 - 01704193 ____A C:\Windows\WindowsUpdate.log</div> <div>2013-03-11 10:56 - 2013-03-11 10:56 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Pam\Downloads\tdsskiller.exe</div> <div>2013-03-11 10:52 - 2013-03-11 10:51 - 00004069 ____A C:\Users\Pam\Desktop\RKreport[2]_D_03112013_02d1351.txt</div> <div>2013-03-11 10:51 - 2009-12-05 14:20 - 00012656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</div> <div>2013-03-11 10:51 - 2009-12-05 14:20 - 00012656 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</div> <div>2013-03-11 10:50 - 2013-03-11 10:43 - 00000000 ____D C:\Users\Pam\Desktop\RK_Quarantine</div> <div>2013-03-11 10:48 - 2013-03-11 10:48 - 00004142 ____A C:\Users\Pam\Desktop\RKreport[1]_S_03112013_02d1348.txt</div> <div>2013-03-11 10:47 - 2009-07-13 21:13 - 00876842 ____A C:\Windows\System32\PerfStringBackup.INI</div> <div>2013-03-11 10:43 - 2013-01-24 08:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</div> <div>2013-03-11 10:42 - 2013-03-11 10:41 - 00816640 ____A C:\Users\Pam\Downloads\RogueKiller.exe</div> <div>2013-03-11 10:40 - 2013-03-11 10:40 - 00007739 ____A C:\Users\Pam\Documents\AdwCleaner[s1].txt</div> <div>2013-03-11 10:36 - 2013-03-11 10:35 - 00007739 ____A C:\AdwCleaner[s1].txt</div> <div>2013-03-11 10:35 - 2013-03-11 10:35 - 00597667 ____A C:\Users\Pam\Downloads\adwcleaner.exe</div> <div>2013-03-11 10:13 - 2011-05-13 15:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>2013-03-11 08:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF</div> <div>2013-03-11 08:01 - 2011-05-18 13:16 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Skype</div> <div>2013-03-11 07:55 - 2013-03-11 07:54 - 00890798 ____A C:\Users\Pam\Downloads\SecurityCheck.exe</div> <div>2013-03-11 07:52 - 2009-07-13 21:08 - 00032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT</div> <div>2013-03-11 07:46 - 2013-03-11 07:46 - 00275520 ____A C:\Windows\Minidump\031113-110776-01.dmp</div> <div>2013-03-11 07:23 - 2013-03-11 07:23 - 00275520 ____A C:\Windows\Minidump\031113-32807-01.dmp</div> <div>2013-03-11 07:18 - 2013-03-11 07:17 - 00275520 ____A C:\Windows\Minidump\031113-127078-01.dmp</div> <div>2013-03-11 07:07 - 2009-12-05 14:44 - 00532140 ____A C:\Windows\PFRO.log</div> <div>2013-03-11 06:59 - 2009-01-04 08:56 - 00000000 ____D C:\ProgramData\Adobe</div> <div>2013-03-11 06:57 - 2013-03-11 06:58 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll</div> <div>2013-03-11 06:57 - 2013-03-11 06:58 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe</div> <div>2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe</div> <div>2013-03-11 06:57 - 2013-03-11 06:57 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe</div> <div>2013-03-11 06:57 - 2013-03-11 06:57 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll</div> <div>2013-03-11 06:57 - 2011-03-27 07:22 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll</div> <div>2013-03-11 06:57 - 2009-01-04 08:51 - 00000000 ____D C:\Program Files (x86)\Java</div> <div>2013-03-11 06:52 - 2009-12-05 14:23 - 00000000 ____D C:\users\Administrator</div> <div>2013-03-11 06:50 - 2013-03-11 06:50 - 00000000 ____D C:\Users\Pam\AppData\Local\{2ED23994-FC57-4D17-AEB9-8C40088AE1C6}</div> <div>2013-03-11 06:49 - 2013-03-11 06:36 - 201878776 ____A C:\Users\Pam\Downloads\20130311-004-v5i64.exe</div> <div>2013-03-11 03:22 - 2013-03-11 03:22 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Tific</div> <div>2013-03-11 03:20 - 2013-03-11 03:19 - 00275520 ____A C:\Windows\Minidump\031113-73538-01.dmp</div> <div>2013-03-11 03:16 - 2013-03-11 03:16 - 00000000 ____D C:\Users\Pam\AppData\Local\{74962D17-DD93-475D-9EDC-5CA087598BDB}</div> <div>2013-03-11 03:15 - 2013-03-11 03:15 - 00000000 ____D C:\Users\Pam\AppData\Local\Symantec</div> <div>2013-03-10 21:37 - 2011-10-12 16:46 - 00000000 ____D C:\Program Files\Bonjour</div> <div>2013-03-10 21:37 - 2011-10-12 16:46 - 00000000 ____D C:\Program Files (x86)\Bonjour</div> <div>2013-03-10 21:37 - 2011-08-16 11:41 - 00000000 ____D C:\Program Files\CrashPlan</div> <div>2013-03-10 21:37 - 2011-07-10 17:49 - 00000000 ____D C:\Program Files (x86)\Ring Factory</div> <div>2013-03-10 21:37 - 2011-07-08 18:54 - 00000000 ____D C:\Program Files (x86)\Apple Software Update</div> <div>2013-03-10 21:37 - 2011-06-20 17:47 - 00000000 ____D C:\Program Files (x86)\Vuze</div> <div>2013-03-10 21:37 - 2010-11-10 18:43 - 00000000 ____D C:\Python26</div> <div>2013-03-10 21:37 - 2010-10-01 19:39 - 00000000 ____D C:\Program Files (x86)\Finale 2011</div> <div>2013-03-10 21:37 - 2010-04-21 05:06 - 00000000 ____D C:\ProgramData\Norton</div> <div>2013-03-10 21:37 - 2009-12-05 14:23 - 00000000 ____D C:\users\QBDataServiceUser18</div> <div>2013-03-10 21:37 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV</div> <div>2013-03-10 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep</div> <div>2013-03-10 21:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration</div> <div>2013-03-10 21:37 - 2009-06-03 16:40 - 00000000 ____D C:\Program Files (x86)\iTunes</div> <div>2013-03-10 21:37 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Kevin</div> <div>2013-03-10 19:47 - 2013-03-10 19:46 - 00275520 ____A C:\Windows\Minidump\031013-23540-01.dmp</div> <div>2013-03-10 19:44 - 2013-03-10 19:44 - 00000000 ____D C:\Users\Pam\AppData\Local\{E0642BC8-32B2-487D-AD47-B29F03C664DA}</div> <div>2013-03-10 19:40 - 2013-03-10 19:40 - 00275520 ____A C:\Windows\Minidump\031013-63866-01.dmp</div> <div>2013-03-10 19:25 - 2013-03-10 19:25 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</div> <div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes</div> <div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes</div> <div>2013-03-10 19:25 - 2013-03-10 19:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware</div> <div>2013-03-10 18:48 - 2013-03-10 18:47 - 00275520 ____A C:\Windows\Minidump\031013-25006-01.dmp</div> <div>2013-03-10 18:48 - 2009-12-05 14:23 - 00000000 ____D C:\users\Pam</div> <div>2013-03-10 18:45 - 2013-03-10 18:45 - 00000000 ____D C:\Users\Pam\AppData\Local\{1327988B-CBC4-44FF-9A7A-9ACEAB7AE04B}</div> <div>2013-03-10 17:06 - 2012-06-27 08:53 - 00000024 ____A C:\Users\Pam\random.dat</div> <div>2013-03-10 17:02 - 2010-10-01 18:07 - 00000000 ____D C:\Users\Pam\Documents\Sara 2</div> <div>2013-03-10 16:56 - 2013-02-22 13:56 - 00000042 ____A C:\Users\Pam\jagex_cl_oldschool_LIVE.dat</div> <div>2013-03-10 16:56 - 2011-10-25 18:14 - 00000032 ____A C:\Users\Pam\jagex_cl_runescape_LIVE.dat</div> <div>2013-03-10 12:50 - 2013-02-13 09:04 - 00000000 ____D C:\Users\Pam\AppData\Local\{33D4D6BC-B0AE-427A-9476-9CD1A6FFB6D4}</div> <div>2013-03-01 09:52 - 2011-02-12 07:53 - 00000000 ____D C:\Users\Pam\AppData\Local\{1339582B-495A-4F41-96DE-D29C21E8004D}</div> <div>2013-02-26 20:43 - 2013-01-24 08:25 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</div> <div>2013-02-26 20:43 - 2011-06-29 04:59 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</div> <div>2013-02-22 13:56 - 2012-06-27 08:53 - 00000000 ____D C:\Users\Pam\jagexcache</div> <div>2013-02-19 18:20 - 2010-10-02 11:53 - 00000509 ____A C:\Windows\demdata.txt</div> <div>2013-02-13 21:20 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Personal</div> <div>2013-02-13 19:23 - 2013-02-13 19:23 - 00941568 ____A (Amazon Services LLC) C:\Users\Pam\Downloads\QuickBooks_Pro_2013_Downloader.exe</div> <div>2013-02-13 19:11 - 2008-10-29 10:53 - 00000000 ____D C:\Users\Pam\Documents\QB 2008 data files</div> <div>2013-02-13 14:47 - 2006-07-17 14:08 - 00000000 ____D C:\Users\Pam\Documents\JDM</div> <div>2013-02-13 14:43 - 2004-01-15 15:04 - 00000000 ____D C:\Users\Pam\Documents\Insctr</div> <div>2013-02-13 07:21 - 2012-05-10 18:11 - 00000000 ____D C:\Users\Pam\Documents\Quicken</div> <div>2013-02-13 01:41 - 2009-07-13 20:45 - 00648776 ____A C:\Windows\System32\FNTCACHE.DAT</div> <div>2013-02-13 01:20 - 2009-01-08 17:53 - 00000000 ____D C:\ProgramData\Microsoft Help</div> <div>2013-02-13 01:09 - 2009-12-12 06:06 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</div> <div>2013-02-12 21:04 - 2013-01-24 16:58 - 00000000 ____D C:\Users\Pam\AppData\Local\{94636BCD-8EC9-4864-A7BC-33E9FFF0E645}</div> <div> </div> <div> </div> <div>==================== Known DLLs (Whitelisted) =================</div> <div> </div> <div> </div> <div>==================== Bamital & volsnap Check =================</div> <div> </div> <div>C:\Windows\System32\winlogon.exe => MD5 is legit</div> <div>C:\Windows\System32\wininit.exe => MD5 is legit</div> <div>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</div> <div>C:\Windows\explorer.exe => MD5 is legit</div> <div>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</div> <div>C:\Windows\System32\svchost.exe => MD5 is legit</div> <div>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</div> <div>C:\Windows\System32\services.exe => MD5 is legit</div> <div>C:\Windows\System32\User32.dll => MD5 is legit</div> <div>C:\Windows\SysWOW64\User32.dll => MD5 is legit</div> <div>C:\Windows\System32\userinit.exe => MD5 is legit</div> <div>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</div> <div>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</div> <div> </div> <div>TDL4: custom:26000022 <===== ATTENTION!</div> <div> </div> <div>==================== EXE ASSOCIATION =====================</div> <div> </div> <div>HKLM\...\.exe: exefile => OK</div> <div>HKLM\...\exefile\DefaultIcon: %1 => OK</div> <div>HKLM\...\exefile\open\command: "%1" %* => OK</div> <div> </div> <div>==================== Restore Points =========================</div> <div> </div> <div>Restore point made on: 2013-03-08 20:19:04</div> <div>Restore point made on: 2013-03-11 06:57:10</div> <div> </div> <div>==================== Memory info =========================== </div> <div> </div> <div>Percentage of memory in use: 12%</div> <div>Total physical RAM: 6077.91 MB</div> <div>Available physical RAM: 5337.75 MB</div> <div>Total Pagefile: 6076.06 MB</div> <div>Available Pagefile: 5343.98 MB</div> <div>Total Virtual: 8192 MB</div> <div>Available Virtual: 8191.88 MB</div> <div> </div> <div>==================== Partitions =============================</div> <div> </div> <div>1 Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:505.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]</div> <div>2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.3 GB) NTFS</div> <div>4 Drive f: () (Removable) (Total:1.92 GB) (Free:1.59 GB) FAT</div> <div>9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</div> <div> </div> <div> Disk ### Status Size Free Dyn Gpt</div> <div> -------- ------------- ------- ------- --- ---</div> <div> Disk 0 Online 698 GB 0 B </div> <div> Disk 1 Online 1967 MB 0 B </div> <div> Disk 2 No Media 0 B 0 B </div> <div> Disk 3 No Media 0 B 0 B </div> <div> Disk 4 No Media 0 B 0 B </div> <div> Disk 5 No Media 0 B 0 B </div> <div> </div> <div>Partitions of Disk 0:</div> <div>===============</div> <div> </div> <div>Disk ID: 88000000</div> <div> </div> <div> Partition ### Type Size Offset</div> <div> ------------- ---------------- ------- -------</div> <div> Partition 1 OEM 62 MB 31 KB</div> <div> Partition 2 Primary 15 GB 63 MB</div> <div> Partition 3 Primary 683 GB 15 GB</div> <div> </div> <div>==================================================================================</div> <div> </div> <div>Disk: 0</div> <div>Partition 1</div> <div>Type : DE</div> <div>Hidden: Yes</div> <div>Active: No</div> <div> </div> <div> Volume ### Ltr Label Fs Type Size Status Info</div> <div> ---------- --- ----------- ----- ---------- ------- --------- --------</div> <div>* Volume 8 FAT Partition 62 MB Healthy Hidden </div> <div> </div> <div>=========================================================</div> <div> </div> <div>Disk: 0</div> <div>Partition 2</div> <div>Type : 07</div> <div>Hidden: No</div> <div>Active: No</div> <div> </div> <div> Volume ### Ltr Label Fs Type Size Status Info</div> <div> ---------- --- ----------- ----- ---------- ------- --------- --------</div> <div>* Volume 1 D RECOVERY NTFS Partition 15 GB Healthy </div> <div> </div> <div>=========================================================</div> <div> </div> <div>Disk: 0</div> <div>Partition 3</div> <div>Type : 07</div> <div>Hidden: No</div> <div>Active: Yes</div> <div> </div> <div> Volume ### Ltr Label Fs Type Size Status Info</div> <div> ---------- --- ----------- ----- ---------- ------- --------- --------</div> <div>* Volume 2 C OS NTFS Partition 683 GB Healthy </div> <div> </div> <div>=========================================================</div> <div> </div> <div>Partitions of Disk 1:</div> <div>===============</div> <div> </div> <div>Disk ID: 00000000</div> <div> </div> <div> Partition ### Type Size Offset</div> <div> ------------- ---------------- ------- -------</div> <div> Partition 1 Primary 1966 MB 16 KB</div> <div> </div> <div>==================================================================================</div> <div> </div> <div>Disk: 1</div> <div>Partition 1</div> <div>Type : 0E</div> <div>Hidden: No</div> <div>Active: Yes</div> <div> </div> <div> Volume ### Ltr Label Fs Type Size Status Info</div> <div> ---------- --- ----------- ----- ---------- ------- --------- --------</div> <div>* Volume 3 F FAT Removable 1966 MB Healthy </div> <div> </div> <div>=========================================================</div> <div>============================== MBR Partition Table ==================</div> <div> </div> <div>==============================</div> <div>Partitions of Disk 0:</div> <div>===============</div> <div>Disk ID: 88000000</div> <div> </div> <div>Partition 1:</div> <div>=========</div> <div>Hex: 80001E00000000001D00000000000000</div> <div>Active: YES</div> <div>Type: 00</div> <div>Size: 0 byte</div> <div>ATTENTION ===> 0 byte partition bootkit on partition 1</div> <div> </div> <div>Partition 2:</div> <div>=========</div> <div>Hex: 00010100DEFE3F073F000000C9F50100</div> <div>Active: NO</div> <div>Type: DE</div> <div>Size: 63 MB</div> <div> </div> <div>Partition 3:</div> <div>=========</div> <div>Hex: 0008010807FEFFFF00F801000000E001</div> <div>Active: NO</div> <div>Type: 07 (NTFS)</div> <div>Size: 15 GB</div> <div> </div> <div>Partition 4:</div> <div>=========</div> <div>Hex: 80FEFFFF07FEFFFF00F8E10100607255</div> <div>Active: YES</div> <div>Type: 07 (NTFS)</div> <div>Size: 684 GB</div> <div> </div> <div>==============================</div> <div>Partitions of Disk 1:</div> <div>===============</div> <div>Disk ID: 00000000</div> <div> </div> <div>Partition 1:</div> <div>=========</div> <div>Hex: 800101000E0FA0BB20000000E0773D00</div> <div>Active: YES</div> <div>Type: 0E</div> <div>Size: 2 GB</div> <div> </div> <div> </div> <div>Last Boot: 2013-03-11 04:58</div> <div> </div> <div>==================== End Of Log =============================</div>
-
64 bit
-
My kids' computer crashed last night. It's a Dell XPS 430 running windows 7. It normally runs like a champ, rarely have any issues with it. When I took a look at it, it was very slow to reboot, and within a minute or two of it reloading everything, it would crash again. I get messages that files are missing (including the hard drive at one point), ie 9 won't run, and it is incredibly slow. It does not crash in safe mode. Managed to get mbam on and ran it. It identified several copies of trojan.agent and trojan.redirrdll. It got rid of the redirdll, but every time it reboots, trojan.agent is still there. Tried several things, including steps from another post in this forum. I was able to run security check, adwcleaner and roguekiller without it crashing. All found threats, but don't seem to be removing the bugger. I tried to run tdsskiller, but it crashes halfway through, and now it's back to crashing as soon as it's back up again (in regular mode) - it doesn't give me enough time to download or run anything before it crashes again. Tried running tdsskiller in safe mode once, with no success. It didn't come up automatically like it did in regular mode, after I checked 'loaded modules' and it rebooted, so perhaps there's another step? Any help will be greatly appreciated! I have 2 teenagers who aren't happy about being offline!